What we collect, and what we don't.

mcard is a digital business card platform. We store the contact details you put on your card, the photos you upload, the leads people send you through the form, and basic billing information if you subscribe. We don't track you across other sites, don't sell your data, and don't buy data about your visitors from third-party brokers.

When you sign up:

• Your email address (used to log you in and send you account-related notices).
• Your name and avatar, if you set them in Settings → Profile.

When you use the app:

• The card data you enter (name, title, company, bio, phone numbers, email addresses, links, address, photos).
• Sections you add to your public page (about, links, gallery images, video URLs, testimonials, lead form configuration, and so on).
• Any contacts you save to your library by tapping “Keep” on someone else's public card.
• Notes, folders, and tags you attach to those saved contacts.

When someone visits your public card page:

• A view event with the visitor's country (resolved from edge headers — we never store IP addresses or user-agent strings).
• If they click a link, share the card, or play a video, an event row with the kind of action and the target (e.g. action:call, link:0, cta).
• If they submit your lead form, the contact details they typed.

If you subscribe:

• Stripe collects and stores your payment information directly. We never see card numbers; we receive a Stripe customer ID and your subscription status.

• We don't use third-party tracking pixels or advertising cookies.
• We don't sell, rent, or share your data or your visitors' data with data brokers.
• We don't buy “identity resolution” or “intent” data to enrich your visitors. The leads you see are the leads people actively submitted.
• We don't store visitor IP addresses, user-agent strings, or device fingerprints.

• To run the service. Render your card, deliver leads, send the email notification when someone fills your form, generate the weekly digest if you have one queued, run OCR if you upload a paper card to import.
• To bill you, if you subscribe.
• To answer support questions when you write to us.

We don't use your card data or your leads to train any machine-learning model. The optional “AI bio polish” feature, if you ever click it, sends only that one bio paragraph to our model provider for the duration of the request and is not retained beyond that.

Our database, file storage, and authentication run on Supabase. Hosting and edge routing run on Vercel. Subscription billing runs on Stripe. Outbound email runs on Resend. If you import a paper card, the photo is sent to Google Cloud Vision for one-time OCR and is not retained by us after the parsed text comes back.

All data flows happen over HTTPS. Each of those vendors has their own privacy policy and security posture; we recommend reviewing them if you have specific compliance requirements.

We set one essential cookie: a Supabase auth session cookie that keeps you logged in. We don't set advertising or analytics cookies. The public card page uses localStorageonly to remember a 30-day dismissal of the floating “Save card” CTA after a successful submit, so you don't see your own cards prompting you to save them.

When you publish a card, anyone who has the URL can view it. The URL contains an 8-character random suffix to resist enumeration, but it's not a secret in the cryptographic sense. If you don't want your card to be reachable, unpublish it from the editor. The kiosk view at /k/<id> is also public to anyone with the link.

Search engines may index your published card page, the same way they would index any other public web page. If you want to keep it out of search results, contact us and we'll add anoindex directive.

Leads submitted to your card stay between you and the visitor. We never share them with anyone else. If you connect an outbound webhook in Settings, we'll POST the lead to the URL you chose — that's a transfer you've initiated, not one we've made on your behalf.

You can, at any time:

• Export everything we have on you — visit Settings → Profileand click “Export my data”. You'll get a JSON file with your profile, all your cards, sections, library, leads, and folders.
• Delete your account — also in Settings. This removes your profile, cards, sections, leads, library, and folders. Stripe customer records are kept for the legally required retention period (typically 7 years for tax purposes) even after account deletion.
• Correct anything — by editing your card, profile, or library entries directly.
• Withdraw consent — by deleting your account and stopping use of the service.

If you're in California, the EEA, or the UK, you have additional statutory rights (GDPR Articles 15–22, CCPA/CPRA §1798.100 et seq.). The export and delete tools cover the substance of those rights. Email us if you need a written response: support@mcard.app.

• While your account is active, we keep your data so the service works.
• If you delete your account, your records are removed within 30 days from active systems and within 90 days from backups.
• Anonymous view and event rows older than 12 months are periodically purged.
• Expired exchange rows are kept for 30 days as an audit trail, then removed.

mcard isn't designed for children. You must be at least 16 years old (or 13 with parental consent in jurisdictions that allow it) to create an account. If we learn we've collected data from a child under those thresholds, we'll delete it.

Data is encrypted in transit (TLS) and at rest by our cloud providers. Access to production systems is limited to the people who need it. We don't guarantee that no breach can ever happen — no online service can — but we'll notify you promptly if a breach affects your data.

If we make material changes, we'll bump the “Last updated” date and, for changes that affect how we use data, email logged-in users at least 14 days before they take effect.

Questions, requests, or complaints: support@mcard.app.