Privacy Policy

Last updated: October 23, 2025

Cardfolio (“we”, “us”, “our”) provides a platform for creating a personal public card/portfolio (“Service”). This Privacy Policy explains what data we collect, how we use it, and your choices.

What We Collect

  • Account data: email, display name, profile fields you voluntarily provide.
  • Authentication data: session token/ID to keep you signed in.
  • Usage data (server-side): IP address, user agent, request logs, basic events needed to operate and secure the Service.
  • User content: any text, images, links you add to your Cardfolio card. You control what you publish and can delete it at any time.

How We Use Data

  • Provide and secure authentication, sessions, and core functionality.
  • Operate service-side analytics to improve reliability and UX.
  • Process payments and subscriptions (via a third-party provider).
  • Enforce our Terms, investigate abuse, and comply with legal obligations.

Cookies & Similar Technologies

We use essential cookies (or similar storage) for authentication and session continuity. Third-party providers used by the Service may also set cookies for their functionality.

Verification

Verification is optional. To request a verification badge, you may upload a photo of yourself in front of a screen displaying your Cardfolio page. We use this image solely to confirm that the person in the photo controls the published card.

  • Lawful basis: your consent (you choose to submit a verification photo).
  • Use: manual or automated review to assign a verification badge.
  • Retention: we keep the original photo only as long as necessary for review and audits, then delete or irreversibly blur/redact. The badge status (verified/not verified) may be stored.
  • Visibility: the verification photo is never publicly shown.
  • Withdrawal: you can withdraw consent by emailing support@cardfolio.site; we’ll delete the photo, and your badge may be revoked.

Third-Party Providers

  • Firebase (Google): authentication, hosting and related infrastructure.
  • Lemon Squeezy: payment processing and subscription management.

These providers act as processors or independent controllers for certain activities. Their use of data is subject to their own privacy policies.

Legal Basis

We process personal data to perform our contract with you (provide the Service), pursue legitimate interests (security, service improvement), and comply with legal obligations. Where required, we rely on your consent (e.g., when you publish information publicly on your card).

Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. You can delete your content at any time; server logs are kept for a limited period for security and operations.

Your Rights

Depending on your location, you may have rights to access, correct, delete, export, or object to certain processing. To exercise rights or request data deletion, contact us at support@cardfolio.site.

Children’s Privacy

The Service is not intended for children under 13 (or the relevant age in your jurisdiction).

Changes

We may update this Policy from time to time. Material changes will be indicated by updating the “Last updated” date. Continued use of the Service means you accept the updated Policy.

Contact

Questions or requests: support@cardfolio.site