AboutWhat's NewBlogContactPrivacyTerms
© 2026 GetCurrentOffer
GetCurrentOffer
AboutWhat's NewBlogAPI Connect
Extension — Coming Soon
Sign in
  1. Home
  2. /Privacy Policy

Privacy Policy

How we collect, use, and protect your information.

Last updated: March 29, 2026

Introduction

GetCurrentOffer (“we,” “us,” or “our”) operates the website getcurrentoffer.com and the GetCurrentOffer browser extension. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using our website, browser extension, or API, you consent to the data practices described in this policy.

Information We Collect

We collect the following types of information:

  • Account Information: When you sign in via Google OAuth, we receive your name, email address, and profile picture from Google. We do not store your Google password.
  • Usage Data: Search queries, saved offers, page views, and interaction data collected through cookies and analytics tools.
  • Device Information: Browser type, operating system, IP address (hashed for analytics), and device identifiers.
  • Extension Data & Synced Offers: If you use our browser extension and enable offer syncing, we collect and store your credit card merchant offer data, including: merchant names, offer titles and descriptions, offer amounts and expiration dates, card account names (e.g. “Freedom Unlimited”), and the last four digits of associated card numbers. This data is synced from your card issuer portals (Chase, Amex, Citi, Capital One, PayPal, Rakuten) to your GetCurrentOffer account. We do not collect full credit card numbers, CVVs, banking credentials, account balances, or transaction history.
  • Saved & Bookmarked Offers: When you save or bookmark offers, we store these preferences linked to your account. For non-authenticated users, saved offers are stored locally in your browser.
  • API Usage Data: If you use our API, we track your API key usage including request counts, endpoints accessed, and timestamps.
  • Community Sharing (Opt-In): If you explicitly choose to share specific offers with the community, we store those offer details (merchant name, offer description, and expiration only — never card numbers or account names) and associate them with your account. Sharing is entirely voluntary and per-offer; your synced offers are never automatically shared or pooled.

How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Sync, store, and display your personal credit card offers across devices
  • Personalize your experience and display relevant offers
  • Send service-related communications (account verification, security alerts)
  • Analyze usage patterns and aggregate anonymized data to improve our platform
  • Detect and prevent fraud or abuse
  • Enforce our Terms of Service and API rate limits
  • Comply with legal obligations

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: By using the Service, creating an account, or enabling offer syncing, you consent to the collection and processing of your data as described in this policy. You may withdraw consent at any time by disabling syncing in your settings or deleting your account.
  • Contract Performance: Processing necessary to provide the Service you requested, including syncing and displaying your offers.
  • Legitimate Interest: Analytics, fraud prevention, and service improvement, balanced against your privacy rights.
  • Legal Obligation: When we are required to process data to comply with applicable laws.

User Offer Data & Extension Syncing

Our browser extension allows you to sync your personal credit card merchant offers to your GetCurrentOffer account. This section specifically addresses how we handle this data:

  • What We Sync: Merchant offer details (merchant name, offer description, discount amount, expiration date), the card product name (e.g. “Sapphire Preferred”), and the last four digits of the associated card number for identification purposes only.
  • What We Never Sync: Full card numbers, CVV/security codes, PINs, account balances, transaction history, login credentials for your issuer accounts, or any other sensitive financial data.
  • Opt-In Only: Offer syncing is opt-in. You must explicitly enable it in your account settings. You can disable syncing or delete all synced offer data at any time from your settings page.
  • Data Isolation: Your synced offer data is private to your account and protected by row-level security. No other user can access your personal offers unless you explicitly choose to share them.
  • No Data Pooling: Your personal offer data is never automatically pooled, aggregated, or combined with other users' data. The publicly browsable offer directory on our website is maintained separately by our editorial team and is not sourced from user accounts. Your synced offers exist solely for your personal use.
  • Data Storage: Synced offer data is stored in our secure PostgreSQL database hosted by Supabase with encryption at rest and in transit.

Information Sharing

We do not sell, rent, or trade your personal information. We may share information only in the following limited circumstances:

  • Service Providers: With third-party vendors who help us operate the Service (hosting via Vercel, database via Supabase, analytics via Google Analytics), bound by confidentiality agreements and data processing agreements.
  • Legal Requirements: When required by law, subpoena, or government request.
  • Safety: To protect the rights, safety, or property of GetCurrentOffer, our users, or the public.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.
  • Aggregated Data: We may share anonymized, aggregated statistics (e.g. “2,000+ offers across 6 issuers”) that cannot be used to identify individual users.

Cookies and Tracking

We use cookies and similar technologies for authentication, preferences, and analytics. By continuing to use our website, you consent to our use of cookies as described below. You can control cookies through your browser settings. Disabling cookies may limit certain features of the Service.

We use the following types of cookies and third-party services:

  • Essential Cookies: Required for authentication and core functionality (session tokens, CSRF protection)
  • Preference Cookies: Store your settings and saved offers for non-authenticated users (localStorage)
  • Google Analytics: For website traffic analysis and usage patterns
  • Vercel Analytics: For performance monitoring and page load metrics

Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption in transit (TLS/SSL) for all data transmissions
  • Encryption at rest for stored data
  • Row-level security (RLS) ensuring users can only access their own data
  • API key hashing (only key prefixes are stored in plaintext)
  • OAuth-based authentication (no passwords stored)
  • Regular security reviews and access controls

However, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your data according to the following schedule:

  • Account Data: Retained for as long as your account is active. Deleted upon account deletion request.
  • Synced Offer Data: Retained until you delete it, disable syncing, or delete your account.
  • Saved/Bookmarked Offers: Retained until you remove them or delete your account.
  • Usage & Analytics Data: Retained for up to 24 months, then automatically purged.
  • API Usage Logs: Daily counts reset daily; lifetime totals retained with the API key.

You may delete all your synced offer data at any time from your account settings. You can also request complete account deletion by contacting us at privacy@getcurrentoffer.com. Upon deletion, all personal offer data, saved preferences, and API keys are permanently removed within 30 days.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your account and all associated data (including synced offers)
  • Export your data in a portable format
  • Opt out of analytics tracking
  • Disable offer syncing at any time through your settings
  • Object to or restrict certain data processing
  • Withdraw consent for data collection

To exercise these rights, contact us at privacy@getcurrentoffer.com. We will respond to your request within 30 days.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information (we do not sell your data)
  • The right to non-discrimination for exercising your privacy rights

Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users via email within 72 hours of becoming aware of the breach, as required by GDPR and applicable state laws.
  • Notify relevant authorities (such as the relevant EU supervisory authority or state attorney general) as required by applicable law.
  • Describe the nature of the breach, the categories of data affected, the approximate number of users affected, and the measures taken or proposed to address the breach.
  • Provide guidance on steps you can take to protect yourself, including recommended actions such as changing passwords on related services.

We maintain an incident response plan and conduct regular security reviews to minimize the risk of breaches. If you believe your data has been compromised, contact us immediately at security@getcurrentoffer.com.

International Data Transfers

Your personal data is stored and processed on servers located in the United States, operated by our service providers Supabase (database hosting) and Vercel (web hosting). If you are accessing the Service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the following mechanisms for lawful data transfers:

  • Standard Contractual Clauses (SCCs): Our service providers maintain data processing agreements that incorporate EU-approved Standard Contractual Clauses to ensure adequate protection of personal data transferred outside the EEA.
  • Consent: By creating an account and using the Service, you explicitly consent to the transfer of your data to the United States for the purposes described in this Privacy Policy.

We ensure that any international transfer of personal data is subject to appropriate safeguards as required by applicable data protection laws.

Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised “Last updated” date. For material changes that affect how we handle your synced offer data, we will provide notice via email or a prominent notice on the Service. We encourage you to review this page periodically.

Contact Us

If you have questions or concerns about this Privacy Policy, contact us at:

  • Email: privacy@getcurrentoffer.com
  • Web: getcurrentoffer.com/contact