Privacy Policy for Card App

Last Updated Date: November 7, 2024 Effective Date: November 7, 2024

Welcome to Card App, a service provided by Card App LLC (“we,” “us,” “our”). Your privacy is essential to us, and we are committed to safeguarding your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our services. By using Card App, you consent to the practices described in this policy.

1. Information We Collect

We collect various types of information to provide and enhance our services:

(a) Information You Provide Directly:

  • Registration Information: When you create an account, we collect your email address and password.
  • Profile Details: Information you add to your profile, such as name, photo, business, and social media links, which you can choose to share with your connections.
  • User Content: Data you input, including profile customizations and messages shared within the app.

(b) Automatically Collected Information:

  • Device Data: Information related to the device used to access Card App, including IP address, browser type, device type, operating system, and other technical data.
  • Usage Data: Details about your interactions within the app, such as page views and feature usage.

(c) Cookies and Similar Technologies:

We use cookies and similar technologies to enhance your experience, gather information on usage patterns, and improve the overall quality of our services.

(d) Types of Cookies Used:

  • Essential Cookies: Necessary for the operation of the app.
  • Performance Cookies: Help us understand how you use Card App to improve performance.
  • Functionality Cookies: Enhance your experience by remembering preferences.

You can manage your cookie preferences through your browser settings.

2. Legal Basis for Data Processing

We process your personal data based on the following legal grounds:

  • Consent: Where you have provided explicit consent.
  • Contractual Necessity: To fulfill our contractual obligations to you.
  • Legal Obligations: To comply with legal and regulatory requirements.
  • Legitimate Interests: For purposes such as service improvement and security measures, provided that your rights do not override these interests.

3. How We Use Your Information

The information we collect is used for various purposes, including:

  • Service Delivery: To operate and maintain Card App and provide the features and functionalities you request.
  • Personalization: To personalize your experience and tailor content and services based on your preferences.
  • Communication: To contact you with updates, newsletters, marketing or promotional content, and service-related notifications.
  • Analytics and Improvements: To analyze usage trends and improve our services' design, performance, and security.
  • Legal Compliance: To comply with applicable laws and regulations, respond to lawful requests, and prevent fraud.

4. How We Share Your Information

We only share your data under specific circumstances, such as:

  • Service Providers: We share data with trusted service providers who assist us in operating Card App (e.g., cloud storage, analytics services, payment processors). These providers process data on our behalf under strict data protection agreements.
  • Legal Compliance: We may share data if required by law, legal process, or government request, or to protect the rights, property, and safety of our users and the public.

(a) Third-party Services and Integrations

We use third-party services for data hosting and analytics, including:

  • Amazon Web Services (AWS): For secure data storage and processing.
  • Sentry: To collect usage statistics and improve user experience.

These third parties process data according to strict data protection agreements.

5. Social Media Links

Card App does not integrate social media login services. Users may choose to include social media profile links in their Card App profiles, which are optional. These links are only shared with others when the user opts to make them visible to their connections.

6. Data Security

We take reasonable steps to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include encryption, firewalls, and secure access protocols. However, no security measure is perfect, and we cannot guarantee the absolute safety of your data.

(a) Data Breach Response

In the unlikely event of a data breach, we will notify affected users and relevant authorities as required by law. We will provide details on the nature of the breach, affected data, and recommended steps for users to protect themselves.

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. When your data is no longer needed, we will securely delete or anonymize it.

8. Your Rights and Choices

Depending on your location and applicable data protection laws, you may have the following rights:

  • Access: You can request a copy of your data.
  • Correction: You are responsible for updating and correcting your own information within Card App.
  • Deletion: You can request to delete your account, which will result in the deletion of your data.
  • Withdraw Consent: You can withdraw your consent where applicable.

You can always get in touch with us at support@cardapp.com if you need further information.

(a) Right to Complain

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.

9. Processing Children’s Data

By accessing or using Card App, you affirm that you are at least 18 years of age (or have reached the age of majority if that is not 18 years of age where you live). You represent that you are fully able and competent to comply with this Privacy Policy. The service is not directed to children under 13 years old; if you are under 13, you are not permitted to access or use Card App. If we become aware that a user under 13 is using the service, we will deactivate their account and take steps to delete any personal data collected.

10. Cross-border Data Transfers

Card App operates globally, and your data may be transferred to and stored in countries outside of your own. We will ensure appropriate safeguards are in place for these transfers that are in line with applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. If significant changes are made, we will notify you by email or through a prominent notice within Card App. The revised policy will be effective as of the date posted. Please review it periodically to stay informed of updates.

Continued use of Card App after updates to this Privacy Policy constitutes acceptance of those changes. If changes are significant, we will seek your consent where applicable.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, don't hesitate to get in touch with us at:

Email: support@cardapp.com Address: 766 Amsterdam Ave. New York, NY 10025-5703 United States

13. Additional Notice for California Residents (How We Comply with CCPA)

The California Consumer Privacy Act (CCPA) enhances privacy rights and consumer protection for individuals who reside in California. We are committed to full CCPA compliance.

What categories of personal information do we collect?

Card App may collect personal identifiers of personal information:

  • Identifiers: Such as your name, email address, and account credentials when you register for and use our services.
  • Commercial Information: Records of any purchases or transactions made through Card App.
  • Internet or Other Electronic Network Activity: Interaction data such as app usage patterns and feature engagement.
  • Geolocation Data: General location data based on your device settings, if you as the user activate the functionality in the app.
  • User Content: Information you input into your profile, including business and social media links.

Card App does not knowingly collect information about anyone under 18. If we become aware that we have collected personal information from a user under 18, we will delete it and deactivate their account.

Do we share, disclose, or sell your personal information?

We may share your personal information with third parties in the following circumstances:

  • Service Providers: To perform services on our behalf, such as data hosting and analytics.
  • Legal Compliance: To comply with legal obligations, respond to lawful requests, or protect the rights and safety of Card App, its users, or the public.

Card App does not sell your personal information.

What are your rights under the CCPA?

If you are a resident of California, the CCPA grants you the following rights:

  • Right to Know: You may request disclosure of our data collection practices, including the categories of personal information collected, the sources of that information, and whether it was shared with third parties.
  • Right to Access: You may request a copy of the personal information collected about you over the past 12 months.
  • Right to Deletion: You may request that we delete your personal information, subject to certain exceptions (e.g., data required to provide services, maintain security, or comply with legal obligations).
  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your CCPA rights.
  • Right to Opt-Out: While Card App does not sell personal information, you still have the right to request that your data not be sold, if applicable.

Opt-Out Options

If you don’t want us to collect and/or process your information, please contact us at support@cardapp.com. Note that if you decide to opt out of data collection and processing, this can affect some functions, and you may not be able to use all features of our Services to the fullest extent possible.

How can you submit a personal information request?

You can submit a personal information request via email at support@cardapp.com.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to your personal information. For all requests, we will need to collect certain information from you to verify your identity.

14. Additional Notice for EU/EEA Residents (How We Comply with GDPR)

The General Data Protection Regulation (GDPR) enhances data protection rights for individuals residing in the European Union (EU) and European Economic Area (EEA). We are committed to complying with the GDPR’s requirements and ensuring the protection of your personal data.

Categories of Personal Data Collected

Card App may collect, process, and retain the following categories of personal data:

  • Identifiers: Including, but not limited to, user names, email addresses, and account credentials as provided during registration and utilization of our services.
  • Profile Information: Data submitted voluntarily by users, such as business links and social media identifiers.
  • Technical Data: Encompassing IP addresses, browser types, device specifications, and operational system details.
  • Usage Data: Comprising user interactions with Card App, including, but not limited to, page views, feature interactions, and navigation records.
  • Transactional Data: Pertaining to records of purchases or transactions executed via Card App.
  • Geolocation Data: General locational information inferred from device configurations, if the user deliberately activates this feature voluntarily while using the app.

Legal Basis for Processing Personal Data

Card App processes personal data based on the following legal grounds as set forth under GDPR:

  • Consent: Explicit consent as provided by the data subject for one or more specified purposes.
  • Contractual Necessity: Processing necessary for the performance of a contract to which the data subject is a party.
  • Legal Obligations: Processing required for compliance with legal and regulatory mandates to which Card App is subject.
  • Legitimate Interests: Processing undertaken to fulfill legitimate interests pursued by Card App, provided such interests are not overridden by the fundamental rights and freedoms of the data subject.

Rights of Data Subjects under GDPR

Residents of the EU/EEA are entitled to the following rights concerning their personal data:

  • Right of Access: The right to obtain confirmation as to whether or not personal data concerning them is being processed, and, if so, to access such data.
  • Right to Rectification: The right to obtain the rectification of inaccurate personal data and the completion of incomplete data.
  • Right to Erasure (“Right to be Forgotten”): The right to obtain the erasure of personal data without undue delay under specific conditions.
  • Right to Restriction of Processing: The right to request the restriction of processing under certain circumstances, such as when disputing the accuracy of the data.
  • Right to Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format, and to transmit such data to another controller.
  • Right to Object: The right to object to the processing of personal data on grounds relating to the data subject's particular situation when processing is based on legitimate interests or is used for direct marketing.
  • Right to Withdraw Consent: The right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: The right to lodge a complaint with a supervisory authority if the data subject believes their rights under GDPR have been infringed.

Sharing and Transfer of Personal Data

Card App may disclose personal data to:

  • Service Providers: Entities engaged to provide services on behalf of Card App, including, but not limited to, data hosting and analytical services, in accordance with data protection agreements.
  • Compliance with Legal Obligations: Public authorities, as required to comply with legal mandates, respond to lawful requests, and ensure the protection of rights, property, and safety.

International Data Transfers

Personal data processed by Card App may be transferred to, and stored in, jurisdictions outside the EU/EEA. Such transfers shall be conducted in compliance with GDPR through the implementation of appropriate safeguards, including, but not limited to, Standard Contractual Clauses or other legally recognized transfer mechanisms.

Exercising Data Subject Rights

To exercise the rights enumerated herein, data subjects may contact Card App at support@cardapp.com. Verification of identity may be required to ensure the legitimacy and security of requests. Card App shall endeavor to respond to valid requests within the statutory period of one month, as mandated by GDPR.

Data Protection Officer (DPO)

For any inquiries or concerns regarding the processing of personal data or this notice, data subjects may contact the Data Protection Officer at support@cardapp.com.

Modifications to this Notice

This GDPR Notice may be revised periodically to reflect changes in data processing practices or to adhere to updated legal requirements. The date of the most recent update will be indicated at the top of this Privacy Policy.

15. Additional Notice for Brazilian Residents (Compliance with LGPD)

Pursuant to the Lei Geral de Proteção de Dados (LGPD), which governs the processing of personal data of individuals residing in Brazil, Card App is committed to adhering to its provisions and safeguarding the personal data of data subjects in accordance with Brazilian data protection standards.

Categories of Personal Data Collected

Card App may collect, process, and store the following categories of personal data:

  • Identifiers: Including, but not limited to, name, email address, and account credentials provided during registration and use of Card App.
  • Profile Data: Information voluntarily supplied by users, including business and social media profile links.
  • Technical Data: Details related to the IP address, device specifications, browser type, and operational system.
  • Usage Data: Records of user interactions within Card App, including navigation history, feature use, and application engagement.
  • Transactional Data: Data pertaining to any transactions or purchases conducted via Card App.
  • Geolocation Data: General locational information inferred from device configurations, if the user deliberately activates this feature voluntarily while using the app.

Legal Basis for Processing Personal Data

Card App processes personal data in accordance with the following legal bases established by LGPD:

  • Consent: Processing performed with the explicit consent of the data subject for one or more specific purposes.
  • Contractual Performance: Processing necessary to execute a contract to which the data subject is a party or to fulfill pre-contractual procedures.
  • Legal Obligations: Processing required to comply with legal or regulatory obligations applicable to Card App.
  • Legitimate Interest: Processing conducted to further Card App's legitimate interests, provided it does not infringe upon the rights and freedoms of the data subject.
  • Protection of Credit: Where applicable and in compliance with relevant legislation.
  • Protection of Life and Physical Safety: Processing necessary for the protection of the life or physical safety of the data subject or a third party.

Rights of Data Subjects under LGPD

Residents of Brazil are entitled to the following rights regarding their personal data:

  • Right to Confirmation of Processing: The right to obtain confirmation as to whether Card App processes their personal data.
  • Right of Access: The right to access their personal data held by Card App.
  • Right to Correction: The right to request the rectification of inaccurate or incomplete personal data.
  • Right to Anonymization, Blocking, or Deletion: The right to request anonymization, blocking, or deletion of unnecessary or excessive personal data, or data processed in non-compliance with LGPD.
  • Right to Data Portability: The right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another service provider or controller, subject to regulations by the national authority (ANPD).
  • Right to Deletion of Processed Data: The right to request the deletion of personal data processed based on consent, except where retention is necessary to comply with legal or regulatory obligations.
  • Right to Information on Shared Data: The right to be informed about entities with which Card App has shared or transferred their personal data.
  • Right to Withdraw Consent: The right to revoke consent at any time, without affecting the lawfulness of processing conducted prior to its withdrawal.
  • Right to Petition: The right to lodge complaints with the national data protection authority (ANPD) regarding potential infringements of their rights.

Sharing and Transfer of Personal Data

Card App may share personal data under the following conditions:

  • Service Providers: Engaged to perform functions on behalf of Card App, including, but not limited to, data storage, analytics, and payment processing, subject to strict data protection agreements.
  • Compliance with Legal Obligations: When required to comply with legal obligations, regulatory requests, or court orders, or to safeguard the rights, property, or safety of Card App, its users, or the public.

International Data Transfers

Personal data processed by Card App may be transferred to jurisdictions outside Brazil. Such transfers will be conducted in compliance with LGPD, employing appropriate safeguards to ensure the protection of personal data, including standard contractual clauses, international agreements, or other legally recognized mechanisms.

How to Exercise Your Rights

To exercise any of the rights stipulated herein, data subjects may contact Card App at support@cardapp.com. Verification of identity may be required to ensure the authenticity and security of requests. Card App endeavors to respond to legitimate requests within the timeframe established by LGPD.

Data Protection Officer (DPO)

Inquiries and concerns regarding data processing and this notice may be directed to the Data Protection Officer at support@cardapp.com.

Modifications to this Notice

This LGPD Notice may be amended to reflect changes in data processing practices or to remain compliant with new legal requirements. The "Last Updated" date at the top of this Privacy Policy indicates when this section was most recently revised.