Privacy Policy

This Privacy Policy explains how CardRender, Inc. ("CardRender," "we," "us," or "our") collects, uses, and protects personal data when you use our digital business card and email signature platform (the "Service").

1. Data we collect

  • Account data: Name, email, password hash, language, and organization details.
  • Card data: Profile information you add to cards or signatures (e.g., title, phone, links, photo, brand assets).
  • Usage data: Device/browser info, IP address, pages viewed, time on page, clicks, and interactions.
  • Analytics events: Views, clicks, saves, and shares of your cards (including timestamp, device type, and referral source).
  • Support data: Messages, attachments, and feedback you send to us.

2. How we use data

  • Provide, operate, and improve the Service.
  • Secure accounts, prevent fraud, and enforce acceptable use.
  • Deliver analytics and reporting to workspace admins and users.
  • Send transactional emails (e.g., verification, invites, notices). You can opt out of non-essential marketing emails.
  • Support and respond to your requests.
  • Comply with legal obligations.

3. Legal bases (EEA/UK/Switzerland)

We process personal data based on: (a) contract (to provide the Service), (b) legitimate interests (security, product improvement, analytics), (c) consent (where required, e.g., certain cookies/marketing), and (d) legal obligations.

4. Sharing and disclosures

  • Processors: Trusted vendors for hosting, analytics, email delivery, error monitoring, and payments, bound by data protection terms.
  • Enterprise admins: If you use a company-managed workspace, administrators may access and manage your account, cards, and analytics.
  • Legal/safety: To comply with law, protect rights, or prevent harm.
  • Business transfers: In connection with a merger, acquisition, or asset sale, with notice where required.

5. Cookies and tracking

We use cookies and similar technologies for authentication, security, preference storage, and analytics. You can control cookies via browser settings; disabling some cookies may limit functionality.

6. Data retention

We retain personal data for as long as needed to provide the Service and fulfill the purposes above, then delete or anonymize it unless longer retention is required by law or to resolve disputes.

7. Security

We employ industry-standard safeguards, including encryption in transit, access controls, logging, and regular security reviews. No system is perfectly secure; keep your credentials safe.

8. International transfers

We may process data globally. Where required, we use approved transfer mechanisms (e.g., SCCs) to protect personal data moved outside your region.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. To exercise these rights, contact us at [email protected]. We will verify your request and respond as required by law.

10. Children's data

The Service is not directed to children under 16, and we do not knowingly collect their data.

11. Marketing communications

You can opt out of marketing emails via the unsubscribe link. We will still send transactional or service messages.

12. California privacy notice

  • We collect the categories of personal information described in Section 1 for the business purposes in Section 2.
  • We do not sell personal information. We may "share" limited data for cross-context behavioral advertising only if you consent; you can opt out where applicable.
  • California residents can exercise access, deletion, correction, and opt-out rights by emailing [email protected].

13. Data controller / processor roles

For customer content, your organization is the data controller and CardRender is the processor. For our direct relationship with you (e.g., account, billing, site analytics), CardRender is the controller.

14. Changes

We may update this Privacy Policy. If changes are material, we will provide notice (e.g., in-app or email). Continued use after updates means you accept the revised Policy.

15. Governing law and venue

This Privacy Policy is governed by the laws of Spain. Any disputes arising from it will be subject to the exclusive jurisdiction of the courts of Madrid, Spain.

16. Contact

Privacy questions: [email protected]

Data Protection Officer (if applicable): [email protected]

Security reports: [email protected]