Legal

Privacy Policy

How we collect, use, and protect your information when you use cashew.

Last updatedJune 2026

Information we collect

We collect information you provide when you sign up and use cashew, including:

  • Account information (email, name)
  • Card information (card name, issuer, and last four digits) used to identify your cards and compute recommendations
  • Transaction data from linked accounts (premium), which we normalize and use only to compute spending patterns and recommendations

We do not collect bank login credentials. Premium features use a third-party provider (Plaid) for account linking; that provider has its own privacy policy.

Your encrypted card vault (zero-knowledge)

Autofill is opt-in. If you choose to store full card details (card number, expiration, security code, and cardholder name) for checkout autofill, those details are encrypted on your device before they are sent to us, using a key derived from your passkey or passphrase that we never receive.

This is a zero-knowledge design: we store only ciphertext we cannot decrypt. cashew — and anyone who compromised our servers — cannot read your card number or security code. Decryption happens only on your devices, in your browser or extension, after you unlock the vault.

If you never enable autofill, we never receive your full card number — only the card name, issuer, and last four digits used for recommendations.

Because only you hold the keys, if you lose your passkeys, passphrase, and your one-time recovery code, your stored card details cannot be recovered by anyone, including us.

How we use it

We use your information to:

  • Provide recommendations, capture analysis, and gap analysis
  • Operate the product (e.g. merchant lookup, extension context)
  • Send transactional and product-related communications
  • Improve our services and comply with legal obligations

We do not sell your personal information. We never use your encrypted vault contents for any purpose — we cannot read them. We may share data with service providers that help us operate the product (e.g. hosting, analytics), under strict confidentiality.

Contact

For privacy questions or requests (access, correction, deletion), contact us at privacy@meetcashew.com.