Privacy Policy
Last updated: March 2026
First Officer ("we," "us," "our") is a product of UpNonStop LLC. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.
First Officer is an educational tool that helps you understand and optimize your credit card rewards and loyalty programs. We are not a financial advisor, investment advisor, or fiduciary. We do not manage your money, access your bank accounts, or make financial decisions on your behalf.
1. Information We Collect
Information you provide directly
- Name, email address, and phone number (for account setup and WhatsApp communication)
- Credit cards you hold (card name and type only, never full card numbers)
- Loyalty program memberships and balances (program names, point balances, tier status)
- Monthly spending estimates by category (self-reported during onboarding)
- Travel goals and preferences
Information collected via integrations (with your explicit consent)
- AwardWallet (Classic tier and above): Loyalty program balances, expiry dates, and tier status via OAuth. We never see or store your program login credentials.
- Plaid (Select tier and above): Transaction categorization and spend patterns from linked bank accounts. We receive categorized transaction data only. We never see or store your bank login credentials.
- Email forwarding: If you choose to forward loyalty program emails, they are processed by AI to extract structured data (program name, balance, expiry date, credit status). Raw email content is deleted within 24 hours. Only structured data is retained.
Information we do NOT collect
We make this explicit: We never collect, store, or request:
- Full credit card numbers, CVVs, or expiration dates
- Bank account numbers or routing numbers
- Social Security numbers
- Login credentials for any program, bank, or service
- Passwords of any kind
2. How We Use Your Information
We use your information to:
- Generate educational suggestions about your rewards portfolio
- Send proactive alerts about expiring points, credits, and opportunities
- Provide personalized educational content via WhatsApp
- Improve the accuracy and relevance of our suggestions
- Communicate with you about your account and our services
We do not use your information for advertising, do not sell it to third parties, and do not share it with advertisers.
3. AI Processing
First Officer uses artificial intelligence (powered by Anthropic's Claude API) to analyze publicly available program information and your self-reported portfolio data. AI-generated suggestions are educational in nature and should be verified before acting on them.
Your data is processed through Anthropic's Claude API under their standard data processing terms. Anthropic does not use your data to train their models.
4. Data Storage and Security
- All client data is stored in Supabase with row-level security (RLS). Every client's data is completely isolated.
- Data is encrypted at rest via Supabase's built-in encryption.
- AwardWallet connections use OAuth. We never see or store program credentials.
- Email forwarding: raw email content is parsed by AI and deleted within 24 hours. Only structured data is retained.
- AI processing occurs via Anthropic's Claude API with standard data processing terms.
5. Data Sharing
We share your data only with the following sub-processors, and only to the extent necessary to provide our service:
- Anthropic (Claude API): Processes your portfolio data to generate educational suggestions
- Supabase: Hosts and stores your account data with encryption and row-level security
- Wati / Meta (WhatsApp Business): Delivers messages between you and First Officer
- AwardWallet: Reads loyalty program balances via OAuth (only if you connect)
- Plaid: Reads categorized transaction data (only if you connect, Select tier and above)
- Stripe: Processes subscription payments
We do not sell your personal information to anyone. We do not share your data with advertisers. We do not use your data for aggregate analytics that could identify individuals.
6. Data Retention and Deletion
- Your data is retained for as long as your account is active.
- Upon cancellation, all personal data is deleted within 30 days.
- You can request data deletion at any time by messaging us on WhatsApp or emailing support.
- Deletion includes: profile data, card information, loyalty program data, conversation history, alerts, travel goals, portfolio valuations, and any AwardWallet OAuth tokens.
- A deletion confirmation is sent to you upon completion.
- Anonymized business records (recommendation logs, consent logs) may be retained for legal protection.
7. Your Rights
California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect about you
- Request deletion of your personal information
- Opt out of the sale of your personal information (we do not sell your data)
- Not be discriminated against for exercising your rights
- Request a copy of your data in a portable format
EU/EEA/Canadian Residents (GDPR)
If you are in the EU, EEA, or Canada, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure of your data
- Data portability (export your data)
- Object to or restrict processing
- Withdraw consent at any time
Our legal basis for processing is your explicit consent, provided when you sign up for and use our service.
8. Do Not Sell My Personal Information
We do not sell your personal information. We have never sold personal information. We will not sell personal information in the future. If you have questions about this, contact us at any time.
9. Email Forwarding Disclosure
If you use our email forwarding feature to share loyalty program emails with First Officer:
- Forwarded emails are processed by AI (Anthropic Claude) to extract loyalty program data
- Raw email content is deleted within 24 hours
- Only structured data is retained (program name, balance, expiry date, credit status)
- Email content is not read by humans. It is processed only by AI for data extraction.
- You can stop forwarding at any time to cease this data collection
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes via WhatsApp or email. Your continued use of our service after notification constitutes acceptance of the updated policy.
11. Contact
Questions about this Privacy Policy? Message us on WhatsApp or email support at UpNonStop.