CARDONFILEBack to home

CARDONFILE Privacy Policy

Last Updated: February 9, 2026

This Privacy Policy explains Basis Theory ("we," "us," or "our") collects, uses, and protects your information when you sign up for and use our Services. We are committed to safeguarding the personal data you share with us and ensuring you have clear information about how that data is handled.

Any capitalized terms not defined herein shall have the meanings ascribed to such terms in the CARDONFILE Terms of Use.

1. At a Glance: Our Commitment to You

We designed the Services to make your online payments faster and more secure. We believe you should always know what happens to your data.

  • We replace your card numbers with secure "tokens." This means stores never see or store your real credit card details.
  • You control your information. You can view, update, or remove your cards at any time through your account dashboard.
  • We do not sell your data. We use your information as described in this Privacy Policy.

2. The Information We Collect

To provide a secure payment experience, we collect the following types of information:

A. Information You Provide Directly

  • Account Identity: Your name, email address, and mobile phone number. We use these to create your account and for security, such as sending you a code via SMS to verify your identity when you log in from a new device.
  • Payment Credentials: Your 16-digit card number (PAN), expiration date, and billing address. We securely "vault" this information so you can use it for future checkouts.
  • Verification Information: Occasionally, we may need to verify your identity using a government-issued ID to comply with financial laws or to prevent identity theft.

B. Information Collected Automatically

  • Transaction Details: When you use the Services to make a purchase, we receive details about the transaction, including the merchant's name, the date, and the total amount.
  • Technical Data: We automatically collect your IP address, browser type (like Chrome or Safari), and device type. This helps us recognize you and detect if someone else is trying to access your account.

3. How We Use Your Information

We use your data to manage your account, facilitate your payments and in the following manners:

  • Providing the Services: We provide your saved payment details to the Merchants you choose to shop with.
  • Fraud Prevention: We analyze your transaction patterns and device information to spot and block suspicious activity before it results in a loss.
  • Compliance: We are required by law to maintain records of financial activity and to verify the identities of our users to prevent money laundering.
  • Communications: We use your contact information to send you important security alerts, transaction receipts, and updates about the Services.
  • Measure Performance of and Improve the Services: We use your data for analytics and measurement to understand how the Services are used, including to optimize product design. We may also generate anonymized or aggregated data to use for our lawful business purposes, including sharing such data with our third-party partners.

4. How We Share Your Information

We only share your data when it is necessary to process your payments or as required by law:

  • With Merchants: When you authorize a payment, we share the necessary details (such as a secure token or your billing address) with that store to complete your order.
  • With Card Networks: We share data with Card Networks like Visa and Mastercard and our banking partners to authorize and settle your transactions. The Services utilize Visa Intelligent Commerce and Mastercard Agent Pay to help provide secure and seamless transactions.
  • With Third-Party Services: We use trusted partners for technical tasks like cloud storage or identity verification. These partners are subject to contractual obligations to protect your data.

5. Security: How the "Vault" Works

Our security is based on a technology called Tokens.

  • What is a Token? When you save a card, we replace your 16-digit card number with a "stand-in" number (a token). This token is useless to anyone outside of our secure system. Even if a merchant's database is hacked, your original card number remains safe in our vault.
  • Enterprise-Grade Protection: We use AES-256 encryption for data at rest and TLS 1.2 or higher for data in transit.
  • Independent Audits: Our systems are regularly audited by independent experts to ensure we meet industry standards.

6. Your Rights and Data Subject Requests

We believe in empowering you to manage your own privacy. You have certain rights over the personal data we hold about you, often referred to as Data Subject Requests. These include:

  • Access Your Data: You can request a copy of the personal information we have about you in an easy-to-read electronic format.
  • Update Your Information: You can update or correct your account details and payment cards through your account.
  • Delete Your Account: You can ask us to delete your account. We will remove your data unless we are legally required to keep it for a specific period (for example, for tax or audit purposes).
  • Limit "Sensitive" Information: You can ask us to limit our use of your sensitive financial information to only what is necessary to process your payments.

To exercise any of these rights or to submit a Data Subject Request, please contact us at support@basistheory.com. As a safety measure, we will exercise commercially reasonable efforts to verify your identity before fulfilling your request.

7. Data Retention

We keep your information only as long as your account is active or as needed to provide you with the Services. If you close your account, we securely delete your data, except for transaction records that we must keep for up to 7 years to comply with financial and tax laws.

8. Stored Credential Agreement

By saving your card with us, you agree that we may store your credentials and use them for future payments you authorize.

  • Consent: We will ask for your explicit permission before saving any new card.
  • One-Click Checkout: You can use your saved cards for quick checkouts at any participating merchant.
  • Subscriptions: If you sign up for a recurring service, you authorize us to charge your card on file at the intervals you agreed to with the merchant.
  • Notification: We will notify you if there are major changes to how we store or use your cards.

9. Contact Us

If you have questions about this policy or our privacy practices, please reach out to our Data Protection Officer:

Basis Theory, Inc. 2261 Market Street Suite #46012 San Francisco, CA 94114, USA

Email: support@basistheory.com Website: basistheory.com