Law4u - Made in India
Home
Lawyer Signup Download Apps

How to file a complaint against apps that store card details without permission?

Consumer Court Law Guides

Answer By law4u team

In today’s digital world, many mobile apps or online platforms request users to store their payment card details for convenience, such as for fast checkouts or subscription services. However, some apps may store these details without obtaining proper consent or may fail to provide adequate data protection measures. Storing sensitive payment information without permission is a violation of user privacy and data protection laws. Consumers have several options to file complaints and protect their financial data.

Steps to File a Complaint Against Apps Storing Card Details Without Permission

  • Review the App’s Privacy Policy: Start by reviewing the app's privacy policy or terms of service to check if they clearly explain how your card details are collected, stored, and used. If the app doesn’t provide adequate transparency or you did not give explicit consent for storing your card details, this could be a violation of your rights.
  • Contact the App Developer or Company Directly: The first step is to contact the app developer or the company that operates the app. Most apps have a support section or a contact email listed in their settings or on their website. Clearly explain your concerns, request that they delete your stored card details, and demand an explanation for how and why they were stored without your consent.
  • Check for Data Protection or Privacy Settings: In some apps, you may have the option to delete or manage stored card details directly through the app’s settings or payment methods section. Ensure you delete your payment information and disable any automatic storage features if possible. If the app allows you to revoke access to your card details, do so immediately.
  • Request Data Deletion Under Applicable Data Protection Laws: Depending on where you live, you may have the right to request the deletion of your personal data under data protection laws. For example:
    • GDPR (General Data Protection Regulation): In the EU, GDPR gives consumers the right to request that businesses delete personal data (known as the right to be forgotten). If you are in the EU, you can contact the company and request that they delete your card details.
    • CCPA (California Consumer Privacy Act): In California, you have the right to request the deletion of personal data, including payment information, if it is stored without your consent.
    • Other Local Privacy Laws: Many countries have their own data protection laws, such as India's Personal Data Protection Bill and Australia's Privacy Act, which protect consumers' personal data.
  • File a Complaint with Data Protection Authorities: If the app refuses to remove your card details or continues to store your information without your consent, you can file a formal complaint with the relevant data protection authority:
    • GDPR (EU): File a complaint with the Data Protection Authority (DPA) in your country. You can find your local DPA’s contact information on the European Commission’s website.
    • CCPA (California): You can file a complaint with the California Attorney General’s Office or the California Privacy Protection Agency (CPPA).
    • Other Countries: Many countries have similar data protection authorities that oversee privacy violations. Look up your country's regulatory body responsible for data protection.
  • File a Complaint with Consumer Protection Agencies: If the app or platform has engaged in fraud or misled you about its data practices, you can file a complaint with consumer protection agencies. These agencies can investigate claims of unfair practices and help resolve disputes:
    • Consumer Financial Protection Bureau (CFPB) (US)
    • Federal Trade Commission (FTC) (US)
    • Competition Commission of India (CCI) (India)
    • Australian Competition and Consumer Commission (ACCC) (Australia)
  • Use Fraud Reporting Channels: If the app has used your card details without your consent and there is evidence of unauthorized transactions or fraudulent charges, you should:
    • Report to your bank or card issuer: Inform your bank immediately about the unauthorized storage and any suspicious activity related to your card details. Most banks and financial institutions offer fraud protection and can assist with blocking the card or issuing a new one.
    • File a complaint with fraud protection services: Many countries have national fraud protection services that you can report to, such as the National Cyber Crime Reporting Portal (India) or Action Fraud (UK).
  • Document All Communications and Evidence: Throughout this process, be sure to document all communication with the app developers, data protection authorities, and consumer protection agencies. Keep records of emails, screenshots, and any responses you receive. This documentation can be important if you need to escalate the issue or take legal action.

Legal Protections Available to Consumers

  • General Data Protection Regulation (GDPR): If you're in the European Union, the GDPR provides strong protections for personal data. Apps are required to obtain explicit consent from users before storing payment information. Under GDPR, consumers can request:
    • Deletion of their data.
    • Correction of inaccurate data.
    • Information on how their data is being processed.
  • California Consumer Privacy Act (CCPA): The CCPA allows California residents to request the deletion of personal data, including card details. Under CCPA, you can also request that a company stop selling your data.
  • Payment Card Industry Data Security Standard (PCI DSS): Apps that store card details are required to comply with PCI DSS regulations. These standards ensure that cardholder data is stored securely. If an app fails to comply with PCI DSS, it could be fined or face legal consequences.
  • Consumer Protection Laws: Many countries have consumer protection laws that ensure businesses act fairly and transparently with consumers. If an app is storing card details without consent, it may be in violation of these laws, and you can file complaints with the relevant consumer protection agency.

Example

  • Suppose a consumer uses a mobile app to purchase a subscription service, and they later realize that the app has stored their card details without explicit consent or notification. Upon reviewing the app’s settings, the consumer finds no way to remove the stored payment information.

Steps the consumer should take:

  • Review the Privacy Policy: The consumer checks the app's privacy policy and notices that it doesn’t mention storing card details, nor was there any consent request.
  • Contact the App Developer: The consumer reaches out to the app’s customer support, requesting immediate removal of their card details and clarification of how the details were stored without consent.
  • Request Data Deletion Under GDPR: The consumer, residing in the EU, sends an email to the app developer invoking their GDPR right to be forgotten, demanding that all personal data, including card details, be deleted from the app’s system.
  • File a Complaint with the DPA: If the app developer does not respond within the required time frame, the consumer files a formal complaint with the relevant Data Protection Authority (DPA).
  • Report to Bank: The consumer also reports the issue to their bank, requesting that any unauthorized transactions or charges be investigated.

Conclusion

  • Consumers have multiple avenues for addressing the issue of apps that store card details without permission. By understanding their rights under data protection laws like the GDPR and CCPA, and following the proper steps to file complaints with app developers, data protection authorities, and consumer protection agencies, users can ensure that their payment information is handled securely and in accordance with privacy laws.
  • If necessary, consumers can seek legal action to hold apps accountable for violating their privacy and financial security.

Our Verified Advocates

Get expert legal advice instantly.

Advocate Ashutosh Kumar Daftuar

Advocate Ashutosh Kumar Daftuar

GST, Anticipatory Bail, Banking & Finance, Tax, Criminal

Get Advice
Advocate R Rajesh Prabhakar

Advocate R Rajesh Prabhakar

Anticipatory Bail, Consumer Court, Cheque Bounce, Arbitration, Family, Divorce, Criminal, Motor Accident

Get Advice
Advocate M S Niranjhan

Advocate M S Niranjhan

Anticipatory Bail, Arbitration, Bankruptcy & Insolvency, Breach of Contract, Cheque Bounce, Child Custody, Civil, Consumer Court, Corporate, Criminal, Cyber Crime, Divorce, Documentation, Family, Domestic Violence, High Court, Landlord & Tenant, Property, R.T.I, Supreme Court, Wills Trusts, Recovery, RERA, NCLT, Succession Certificate

Get Advice
Advocate Anuj Kumar Singh

Advocate Anuj Kumar Singh

Anticipatory Bail, Cheque Bounce, Child Custody, Consumer Court, Court Marriage, Criminal, Divorce, Documentation, Domestic Violence, Family, High Court, Motor Accident, R.T.I, Recovery, Succession Certificate, Revenue

Get Advice
Advocate Chandra Prakash

Advocate Chandra Prakash

Cheque Bounce, Child Custody, Civil, Consumer Court, Court Marriage, Criminal, Cyber Crime, Divorce, Domestic Violence, Family, High Court, Motor Accident, Muslim Law, Property, Recovery, Succession Certificate

Get Advice
Advocate Pawan Kumar Kaushik

Advocate Pawan Kumar Kaushik

High Court, Property, Wills Trusts, Family, Divorce, Succession Certificate, Breach of Contract, Domestic Violence, Muslim Law, Criminal

Get Advice
Advocate Santhana Karuppu

Advocate Santhana Karuppu

Anticipatory Bail, Arbitration, Bankruptcy & Insolvency, Banking & Finance, Breach of Contract, Cheque Bounce, Child Custody, Civil, Consumer Court, Corporate, Customs & Central Excise, Criminal, Cyber Crime, Divorce, Domestic Violence, Family, High Court, Landlord & Tenant, Motor Accident, Property, R.T.I, RERA

Get Advice
Advocate Mohd Usman Shahid

Advocate Mohd Usman Shahid

Anticipatory Bail, Cheque Bounce, Child Custody, Civil, Court Marriage, Customs & Central Excise, Criminal, Cyber Crime, Divorce, GST, Domestic Violence, Family, High Court, Labour & Service, Motor Accident, Muslim Law, Tax, Banking & Finance, Consumer Court, Property, R.T.I, Patent, Corporate

Get Advice

Consumer Court Law Guides Related Questions

Discover clear and detailed answers to common questions about Consumer Court Law Guides. Learn about procedures and more in straightforward language.

18-May-2026 | Consumer Court Law Guides

What rights do consumers have when online check-in fails?
Read Now By Law4u
18-May-2026 | Consumer Court Law Guides

What can consumers do when personal photos are misused by online sellers?
Read Now By Law4u
18-May-2026 | Consumer Court Law Guides

How to complain if an online platform sells consumer data to advertisers?
Read Now By Law4u
18-May-2026 | Consumer Court Law Guides

How to report cyber harassment by online sellers?
Read Now By Law4u
18-May-2026 | Consumer Court Law Guides

How to file a complaint against apps that store card details without permission?
Read Now By Law4u
18-May-2026 | Consumer Court Law Guides

Can consumers file complaints for unauthorized access to smart home devices?
Read Now By Law4u
See More Questions