Law4u - Made in India
Home
Lawyer Signup Download Apps

How to file a complaint against apps that store card details without permission?

Consumer Court Law Guides

Answer By law4u team

In today’s digital world, many mobile apps or online platforms request users to store their payment card details for convenience, such as for fast checkouts or subscription services. However, some apps may store these details without obtaining proper consent or may fail to provide adequate data protection measures. Storing sensitive payment information without permission is a violation of user privacy and data protection laws. Consumers have several options to file complaints and protect their financial data.

Steps to File a Complaint Against Apps Storing Card Details Without Permission

  • Review the App’s Privacy Policy: Start by reviewing the app's privacy policy or terms of service to check if they clearly explain how your card details are collected, stored, and used. If the app doesn’t provide adequate transparency or you did not give explicit consent for storing your card details, this could be a violation of your rights.
  • Contact the App Developer or Company Directly: The first step is to contact the app developer or the company that operates the app. Most apps have a support section or a contact email listed in their settings or on their website. Clearly explain your concerns, request that they delete your stored card details, and demand an explanation for how and why they were stored without your consent.
  • Check for Data Protection or Privacy Settings: In some apps, you may have the option to delete or manage stored card details directly through the app’s settings or payment methods section. Ensure you delete your payment information and disable any automatic storage features if possible. If the app allows you to revoke access to your card details, do so immediately.
  • Request Data Deletion Under Applicable Data Protection Laws: Depending on where you live, you may have the right to request the deletion of your personal data under data protection laws. For example:
    • GDPR (General Data Protection Regulation): In the EU, GDPR gives consumers the right to request that businesses delete personal data (known as the right to be forgotten). If you are in the EU, you can contact the company and request that they delete your card details.
    • CCPA (California Consumer Privacy Act): In California, you have the right to request the deletion of personal data, including payment information, if it is stored without your consent.
    • Other Local Privacy Laws: Many countries have their own data protection laws, such as India's Personal Data Protection Bill and Australia's Privacy Act, which protect consumers' personal data.
  • File a Complaint with Data Protection Authorities: If the app refuses to remove your card details or continues to store your information without your consent, you can file a formal complaint with the relevant data protection authority:
    • GDPR (EU): File a complaint with the Data Protection Authority (DPA) in your country. You can find your local DPA’s contact information on the European Commission’s website.
    • CCPA (California): You can file a complaint with the California Attorney General’s Office or the California Privacy Protection Agency (CPPA).
    • Other Countries: Many countries have similar data protection authorities that oversee privacy violations. Look up your country's regulatory body responsible for data protection.
  • File a Complaint with Consumer Protection Agencies: If the app or platform has engaged in fraud or misled you about its data practices, you can file a complaint with consumer protection agencies. These agencies can investigate claims of unfair practices and help resolve disputes:
    • Consumer Financial Protection Bureau (CFPB) (US)
    • Federal Trade Commission (FTC) (US)
    • Competition Commission of India (CCI) (India)
    • Australian Competition and Consumer Commission (ACCC) (Australia)
  • Use Fraud Reporting Channels: If the app has used your card details without your consent and there is evidence of unauthorized transactions or fraudulent charges, you should:
    • Report to your bank or card issuer: Inform your bank immediately about the unauthorized storage and any suspicious activity related to your card details. Most banks and financial institutions offer fraud protection and can assist with blocking the card or issuing a new one.
    • File a complaint with fraud protection services: Many countries have national fraud protection services that you can report to, such as the National Cyber Crime Reporting Portal (India) or Action Fraud (UK).
  • Document All Communications and Evidence: Throughout this process, be sure to document all communication with the app developers, data protection authorities, and consumer protection agencies. Keep records of emails, screenshots, and any responses you receive. This documentation can be important if you need to escalate the issue or take legal action.

Legal Protections Available to Consumers

  • General Data Protection Regulation (GDPR): If you're in the European Union, the GDPR provides strong protections for personal data. Apps are required to obtain explicit consent from users before storing payment information. Under GDPR, consumers can request:
    • Deletion of their data.
    • Correction of inaccurate data.
    • Information on how their data is being processed.
  • California Consumer Privacy Act (CCPA): The CCPA allows California residents to request the deletion of personal data, including card details. Under CCPA, you can also request that a company stop selling your data.
  • Payment Card Industry Data Security Standard (PCI DSS): Apps that store card details are required to comply with PCI DSS regulations. These standards ensure that cardholder data is stored securely. If an app fails to comply with PCI DSS, it could be fined or face legal consequences.
  • Consumer Protection Laws: Many countries have consumer protection laws that ensure businesses act fairly and transparently with consumers. If an app is storing card details without consent, it may be in violation of these laws, and you can file complaints with the relevant consumer protection agency.

Example

  • Suppose a consumer uses a mobile app to purchase a subscription service, and they later realize that the app has stored their card details without explicit consent or notification. Upon reviewing the app’s settings, the consumer finds no way to remove the stored payment information.

Steps the consumer should take:

  • Review the Privacy Policy: The consumer checks the app's privacy policy and notices that it doesn’t mention storing card details, nor was there any consent request.
  • Contact the App Developer: The consumer reaches out to the app’s customer support, requesting immediate removal of their card details and clarification of how the details were stored without consent.
  • Request Data Deletion Under GDPR: The consumer, residing in the EU, sends an email to the app developer invoking their GDPR right to be forgotten, demanding that all personal data, including card details, be deleted from the app’s system.
  • File a Complaint with the DPA: If the app developer does not respond within the required time frame, the consumer files a formal complaint with the relevant Data Protection Authority (DPA).
  • Report to Bank: The consumer also reports the issue to their bank, requesting that any unauthorized transactions or charges be investigated.

Conclusion

  • Consumers have multiple avenues for addressing the issue of apps that store card details without permission. By understanding their rights under data protection laws like the GDPR and CCPA, and following the proper steps to file complaints with app developers, data protection authorities, and consumer protection agencies, users can ensure that their payment information is handled securely and in accordance with privacy laws.
  • If necessary, consumers can seek legal action to hold apps accountable for violating their privacy and financial security.

Our Verified Advocates

Get expert legal advice instantly.

Advocate Sandip Kaushal

Advocate Sandip Kaushal

Criminal, Civil, High Court, Family, R.T.I, Supreme Court, Arbitration

Get Advice
Advocate Poloju Madhu

Advocate Poloju Madhu

Civil, Family, Court Marriage, Criminal, Motor Accident, Property, Divorce, Cheque Bounce, Breach of Contract, Anticipatory Bail, Domestic Violence

Get Advice
Advocate Sarat Chandra Pradhan

Advocate Sarat Chandra Pradhan

Breach of Contract, Cheque Bounce, Consumer Court, Domestic Violence, Insurance, Medical Negligence, Motor Accident, RERA, Revenue

Get Advice
Advocate Madhuri sangani

Advocate Madhuri sangani

Anticipatory Bail,Arbitration,Armed Forces Tribunal,Bankruptcy & Insolvency,Banking & Finance,Breach of Contract,Cheque Bounce,Child Custody,Civil,Consumer Court,Corporate,Court Marriage,Customs & Central Excise,Criminal,Cyber Crime,Divorce,Documentation,GST,Domestic Violence,Family,High Court,Immigration,Insurance,International Law,Labour & Service,Landlord & Tenant,Media and Entertainment,Medical Negligence,Motor Accident,Muslim Law,NCLT,Patent,Property,R.T.I,Recovery,RERA,Startup,Succession Certificate,Supreme Court,Tax,Trademark & Copyright,Wills Trusts,Revenue

Get Advice
Advocate Naitik Pandey

Advocate Naitik Pandey

Cheque Bounce, Criminal, Divorce, Documentation, Domestic Violence, Family, Landlord & Tenant, Anticipatory Bail, Court Marriage

Get Advice
Advocate Jai Prakash Garg

Advocate Jai Prakash Garg

Anticipatory Bail, Arbitration, Cheque Bounce, Civil, Consumer Court, Court Marriage, Criminal, Cyber Crime, Divorce, Domestic Violence, Family, Insurance, International Law, Medical Negligence, Motor Accident, Muslim Law, Property, Recovery, Succession Certificate, Wills Trusts, Revenue

Get Advice
Advocate Ansar Ahmad

Advocate Ansar Ahmad

Anticipatory Bail, Banking & Finance, Breach of Contract, Child Custody, Civil, Court Marriage, Criminal, Divorce, Domestic Violence, Family, High Court, Insurance, Motor Accident, Muslim Law, Property, R.T.I, Recovery

Get Advice
Advocate Kurra Ravi

Advocate Kurra Ravi

Arbitration, Anticipatory Bail, Court Marriage, Civil, Divorce, Family, Domestic Violence, Insurance, Landlord & Tenant, Muslim Law, Motor Accident, R.T.I, Recovery, Succession Certificate, Criminal, Cheque Bounce, Child Custody, Documentation, Medical Negligence

Get Advice

Consumer Court Law Guides Related Questions

Discover clear and detailed answers to common questions about Consumer Court Law Guides. Learn about procedures and more in straightforward language.

18-May-2026 | Consumer Court Law Guides

What rights do consumers have when online check-in fails?
Read Now By Law4u
18-May-2026 | Consumer Court Law Guides

What can consumers do when personal photos are misused by online sellers?
Read Now By Law4u
18-May-2026 | Consumer Court Law Guides

How to complain if an online platform sells consumer data to advertisers?
Read Now By Law4u
18-May-2026 | Consumer Court Law Guides

How to report cyber harassment by online sellers?
Read Now By Law4u
18-May-2026 | Consumer Court Law Guides

How to file a complaint against apps that store card details without permission?
Read Now By Law4u
18-May-2026 | Consumer Court Law Guides

Can consumers file complaints for unauthorized access to smart home devices?
Read Now By Law4u
See More Questions