Privacy Policy

Last Updated: October 5, 2025

1. Introduction

StatusPath.io ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our credit card spending planning and loyalty status tracking service.

2. Information We Collect

2.1 Information You Provide

Account Information

• Name, email address, and password
• Profile information (optional): photo, location, travel preferences

Loyalty Program Information

• Airline and hotel loyalty program memberships
• Loyalty program account numbers (stored encrypted)
• Current status tier levels
• Qualifying activity (flights, nights, spending)
• Status expiration dates
• Travel history and future bookings you choose to track

Credit Card Spending Data

• Planned monthly spending amounts
• Credit card types and loyalty program affiliations
• MQD (Medallion Qualifying Dollar) calculations
• Spending goals and targets

Communications

• Messages you send to our support team
• Survey responses and feedback
• Community forum posts and comments (if applicable)

2.2 Automatically Collected Information

Usage Data

• Pages visited, features used, and time spent on the Service
• Calculator inputs and spending plan interactions
• Search queries and filters used

Device Information

• IP address, browser type, and operating system
• Device identifiers and mobile network information

Cookies and Tracking

We use cookies and similar technologies to enhance functionality, remember preferences, and analyze usage patterns.

Log Data

Server logs including access times, error messages, and system activity.

2.3 Information from Third Parties

Optional Integrations

• With your explicit permission, we may retrieve loyalty program data from airline and hotel APIs
• Email parsing services (if you choose to forward confirmation emails)
• Calendar integrations for travel tracking

3. How We Use Your Information

We use collected information to:

• Calculate monthly spending plans to reach status goals
• Track your loyalty program status and qualification progress
• Provide personalized recommendations for achieving status tiers
• Calculate MQDs from credit card spending
• Send notifications about status milestones and program changes
• Generate reports and analytics about your loyalty program portfolio
• Improve and personalize your experience with the Service
• Communicate updates, tips, and relevant information
• Respond to your support requests
• Monitor and analyze service usage and trends
• Detect and prevent security threats and fraudulent activity
• Comply with legal obligations

4. How We Share Your Information

4.1 We DO NOT Sell Your Data

We never sell your personal information, spending data, or loyalty program information to third parties.

4.2 Service Providers

We share information with trusted third-party vendors who help us operate the Service:

• Cloud hosting and storage providers
• Payment processors
• Email and notification services
• Analytics and performance monitoring
• Customer support tools

All service providers are bound by confidentiality agreements and may only use your information to provide services to us.

4.3 With Your Consent

We may share your information with third parties when you explicitly authorize us to do so, such as:

• Connecting to airline or hotel loyalty program APIs
• Sharing your status achievements on social media
• Participating in community features

4.4 Legal Requirements

We may disclose information if required by law, court order, or government regulation, or to protect our rights, property, or safety.

4.5 Business Transfers

If StatusPath.io is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.6 Aggregated Data

We may share anonymized, aggregated data that does not identify you personally for research, marketing, or analytics purposes.

5. Data Security

We implement comprehensive security measures to protect your information:

• Encryption: All loyalty program account numbers and sensitive data are encrypted at rest and in transit using industry-standard encryption (AES-256, TLS 1.3)
• Access Controls: Strict internal access controls and authentication requirements
• Security Monitoring: Continuous monitoring for suspicious activity and security threats
• Regular Audits: Periodic security assessments and penetration testing
• Secure Infrastructure: Data stored in secure, SOC 2 compliant data centers

However, no online service is 100% secure. We cannot guarantee absolute security of your information.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specific retention periods:

• Account data: Retained until account deletion
• Spending plans and travel history: Retained to provide historical tracking (can be deleted upon request)
• Communications: Retained for customer service and legal purposes
• Usage logs: Typically retained for 90 days

After account deletion, we may retain certain information as required by law or for legitimate business purposes such as fraud prevention.

7. Your Rights and Choices

7.1 Access and Updates

Access and update your account information, loyalty program data, spending plans, and travel history through your account settings.

7.2 Data Export

Download a complete copy of your data in machine-readable format (JSON or CSV).

7.3 Account Deletion

Request deletion of your account and associated data at any time. Some information may be retained as legally required.

7.4 Loyalty Program Connections

Disconnect any linked loyalty program accounts or integrations at any time.

7.5 Email Preferences

Manage notification preferences and opt out of marketing emails. You'll still receive essential account and security notifications.

7.6 Cookie Management

Control cookie preferences through your browser settings. Note that disabling certain cookies may limit Service functionality.

7.7 Correction

Request correction of inaccurate information in your account.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place through:

• Standard contractual clauses
• Data processing agreements with service providers
• Compliance with applicable data protection frameworks

9. Children's Privacy

StatusPath.io is not intended for individuals under the age of 13. We do not knowingly collect information from children. If we discover we have collected data from a child, we will promptly delete it.

10. Third-Party Services and Links

10.1 Loyalty Programs

We may link to airline and hotel loyalty program websites. These sites have their own privacy policies, and we are not responsible for their practices.

10.2 Integrations

If you choose to connect third-party services (email providers, calendar apps), those services' privacy policies will also apply to data they collect.

11. California Privacy Rights (CCPA)

If you are a California resident, you have these rights:

• Right to Know: Request details about personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at privacy@statuspath.io.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA) or UK, you have these rights:

• Right of Access: Obtain confirmation of data processing and access to your data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for data processing at any time

Our legal basis for processing your data includes:

• Contract performance (providing the Service)
• Consent (for optional features)
• Legitimate interests (improving the Service, security)
• Legal obligations (compliance requirements)

To exercise these rights, contact privacy@statuspath.io or our Data Protection Officer at dpo@statuspath.io.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via:

• Email notification
• Prominent notice on the Service
• In-app notification

Your continued use of the Service after changes indicates acceptance of the updated policy.

14. Contact Us

For questions about this Privacy Policy or our data practices:

• General Privacy Inquiries: privacy@statuspath.io
• Data Protection Officer: dpo@statuspath.io
• Support: support@statuspath.io
• Mailing Address: [Your Business Address]
• Website: https://statuspath.io/contact

15. Data Protection Authority

If you are in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.