MilesVault

Privacy Policy

Last updated: June 21, 2026

MilesVault (“we”, “us”) is a rewards-tracking app that turns your credit-card statements into a ledger of the points and miles you earn, helping you track and optimise your card rewards and airline miles across your loyalty programmes. It is operated by Ameya Karve as an individual. This policy explains what we collect, why, and what we do with it. Questions or requests: support@milesvault.com.

Information we collect

  • Account & identity. When you sign in with Google, we receive your name, email address, and profile picture.
  • YouTube channel data. With your permission (the youtube.readonly scope), we read your YouTube channel ID and your membership status for our channel — solely to determine whether you are eligible to access MilesVault. We do not access your videos, playlists, subscriptions, watch history, or any other YouTube content.
  • Financial information you provide. The statements and transaction emails you upload or forward — including merchant names, amounts, dates, account and card identifiers, and reward balances — which we extract into your ledger.
  • Feedback. Messages and optional screenshots you submit through the in-app feedback button.
  • Operational logs. Standard technical logs (e.g. request metadata) used to run and secure the service.

How we use your information

  • Authenticate you and decide whether you may access the service.
  • Read your statements and use AI to draft ledger entries for you to review and approve — nothing is recorded without your approval.
  • Maintain your ledger and show your balances, spending, and rewards.
  • Respond to your feedback and improve the product.

Where your data is processed and stored

Your data is processed and stored on Cloudflare’s global network (Durable Objects, R2, and D1). Statement processing uses Cloudflare Workers AI — your statements are not sent to any third-party AI provider. Sign-in is handled by Google.

Google user data — Limited Use

MilesVault’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically, the YouTube data we access is used only to provide and improve the access-eligibility feature described above; it is not transferred to others except as needed to provide the service, to comply with law, or as part of a merger; it is not used for advertising; and no humans read it except where you explicitly consent, for security, or where required by law.

Sharing

We do not sell your data. We share it only with the infrastructure providers needed to run MilesVault — Google (authentication) and Cloudflare (hosting, AI processing, storage) — and where required by law.

Retention and deletion

We keep your data until you delete it or ask us to. You can remove captured statements and ledger entries within the app, or request deletion of your account and all associated data by emailing support@milesvault.com.

Security

We use reasonable technical measures to protect your data. No system is perfectly secure, and MilesVault is currently in beta — please keep that in mind.

Your rights

You may access, correct, or delete your information at any time, in-app or by contacting us.

Children

MilesVault is not intended for anyone under 18.

Changes

We may update this policy; we’ll revise the “Last updated” date above when we do.

Contact

support@milesvault.com