Privacy Policy
Last updated: June 1, 2025
1. Who We Are
CardLinks LLC ("CardLinks," "we," "our," or "us") operates the CardLinks platform, including the cardlinks.app marketing site, the mobile app, the web app at app.cardlinks.app, and all associated services (collectively, the "Service"). This Privacy Policy explains what personal information we collect, how we use it, and your rights regarding that information.
If you have questions, contact us at privacy@cardlinks.app.
2. Information We Collect
2.1 Information You Provide Directly
- Account & Profile Data: Name, email address, profile photo, bio, social media links, job title, and any other content you add to your CardLinks profile.
- Payment Information: When you purchase a physical card or subscription, payment card details are collected and processed by our payment processor. We store only the last four digits, card brand, and transaction metadata — we never store your full card number or CVV.
- Order & Shipping Data: Shipping name, address, and order details when you purchase physical NFC cards.
- Contact Form Submissions: Any messages you send via our contact form or support channels.
- Referral Program Data: Information about referral relationships you create or participate in, including the identities of referrers and referred contacts.
2.2 Information Collected Automatically
- Tap Analytics: When your NFC card or profile link is accessed, we log an event that may include timestamp, approximate geolocation (city/region derived from IP), device type, browser, and referring source. This data is tied to your account and shown in your analytics dashboard.
- Usage Data: Pages visited, features used, session duration, and clickstream data within the app.
- Device & Connection Data: IP address, browser user-agent, operating system, and device identifiers.
- Cookies & Local Storage: We use session cookies and local storage to authenticate users and preserve preferences. We do not use third-party advertising cookies.
2.3 Information from Third Parties
- Email Authentication: We use one-time passcodes (OTPs) delivered via email to verify your identity at login. These expire within a short window.
- Shipping Carriers: Shipping rates and tracking are managed through a third-party logistics provider. Tracking events may be surfaced in your order history.
3. How We Use Your Information
- To create and maintain your account and profile.
- To process orders, payments, and fulfill physical card shipments.
- To send transactional emails (OTP codes, order confirmations, shipping updates).
- To provide analytics about your profile's performance (tap counts, sources, geographies).
- To operate the Referral Rewards program, including tracking referral events and issuing rewards.
- To respond to support requests and communicate service updates.
- To detect and prevent fraud, abuse, and security incidents.
- To improve the Service through aggregated, de-identified usage analysis.
- To comply with legal obligations.
We do not sell your personal information to third parties. We do not use your data for targeted advertising on external platforms.
4. How We Share Your Information
We share your information only in the following circumstances:
- Service Providers: We share data with vendors who help us operate the Service, including providers of cloud infrastructure, payment processing, shipping logistics, email delivery, and CRM services. Each vendor is contractually bound to use your data only to provide services on our behalf.
- Profile Viewers: Your public profile is visible to anyone who taps your NFC card, scans your QR code, or visits your profile link. You control what content appears on your public profile.
- Referral Relationships: When a referral is completed, the referring party can see that a referral was attributed to them. Specific personal details of referred contacts are not shared beyond what is necessary to operate the program.
- Legal Requirements: We may disclose information if required by law, regulation, court order, or to protect the rights, property, or safety of CardLinks, our users, or the public.
- Business Transfers: If CardLinks is acquired or merged, your information may be transferred as part of that transaction. We will notify you before such a transfer occurs and your data becomes subject to a materially different privacy policy.
5. Data Retention
We retain personal data only as long as reasonably necessary for the purpose it was collected. We enforce the following retention periods automatically:
- Account & profile data: kept while your account is active; on deletion, removed or anonymized promptly (see Section 6).
- Tap and engagement analytics: identifying details (IP address, device, coordinates) removed after 13 months; aggregate non-identifying counts may be kept longer.
- Unconverted lead and conversion records: deleted after 13 months.
- Operational and webhook logs: deleted after 90 days.
- Security and administrative audit logs: deleted after 24 months.
- Financial and transaction records: retained as required for legal, tax, and fraud-prevention purposes; personal identifiers stripped when no longer needed to identify you.
6. Your Rights and Choices
- Access & Portability: You can request a copy of the personal data we hold about you at privacy@cardlinks.app; we respond within 45 days.
- Correction: You can update your profile and account information in the app, or request a correction by contacting us.
- Deletion: You can request deletion at privacy@cardlinks.app. We delete or anonymize your data, except where retention is required by law (see Section 5).
- Opt-Out of Sale, Targeted Advertising, and Profiling: We do not sell personal data, run targeted advertising, or use profiling with legal or similarly significant effects. You may still record an opt-out below; we will honor it if these practices ever change.
- Opt-Out of Marketing: Transactional emails (order confirmations, OTPs) are required for service operation. Any marketing email will include an unsubscribe link.
- California Residents (CCPA): You may request to know, delete, and opt out of the sale of personal information (we do not sell). Contact privacy@cardlinks.app.
7. Connecticut Residents (CTDPA)
If you are a Connecticut resident, the Connecticut Data Privacy Act gives you the right to confirm whether we process your personal data and to access it, to correct inaccuracies, to delete it, to obtain a portable copy, and to opt out of the sale of personal data, targeted advertising, and certain profiling.
To exercise these rights, email privacy@cardlinks.app or use the opt-out control in Section 6. We respond within 45 days. If we decline a request you may appeal by replying to our response; if an appeal is denied you may contact the Connecticut Attorney General.
8. Data Security
We use industry-standard cloud infrastructure with encryption in transit (TLS), DDoS protection, and access controls. Payment processing is handled by a PCI-DSS compliant payment processor — we never store full card numbers. We apply access controls, rate limiting, and OTP-based email authentication to protect accounts. No transmission over the internet is 100% secure, and we cannot guarantee absolute security.
9. Children's Privacy
The Service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it promptly. If you believe someone under 18 has provided us personal information, contact us at privacy@cardlinks.app.
10. International Users
CardLinks is operated in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, notify you via email or an in-app notice. Your continued use of the Service after such changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy questions or requests, contact us at: privacy@cardlinks.app
CardLinks LLC · Stratford, CT, USA