Privacy Policy
Last Updated: January 31, 2026
1. Introduction
DigiCards ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").
This policy applies to users in Canada (including Quebec), the United States, and other jurisdictions where our Service is available. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Law 25, the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
2. Information We Collect
2.1 Information You Provide
| Category | Data Collected | Purpose |
|---|---|---|
| Account Information | Name, email address, password (encrypted) | Account creation and authentication |
| Business Card Data | Names, job titles, companies, phone numbers, email addresses, websites, addresses from scanned cards | Core service functionality |
| Payment Information | Processed by third-party payment providers; we do not store credit card numbers | Premium subscription processing |
2.2 Information Collected Automatically
| Category | Data Collected | Purpose |
|---|---|---|
| Device Information | Device type, operating system, unique device identifiers | Service optimization and troubleshooting |
| Usage Data | Features used, scan counts, interaction patterns | Service improvement |
| Location Data (Optional) | Geographic location when you scan a card (only with your explicit consent) | Tagging where cards were collected |
2.3 Information from Third-Party Services
If you choose to connect third-party services, we may receive:
- Google Contacts: Your email address and contact list access (with your explicit consent)
- HubSpot: Your account information and CRM access (with your explicit consent)
3. How We Use Your Information
We use your information for the following purposes:
- Provide the Service: Process scanned business cards, store your contacts, sync with connected CRMs
- Account Management: Create and manage your account, authenticate access
- Service Improvement: Analyze usage patterns to improve features and user experience
- Communications: Send service-related notifications, respond to inquiries
- Legal Compliance: Comply with applicable laws and regulations
- Sell your personal information to third parties
- Use your data for targeted advertising
- Share your business card data with other users
- Access your contacts without explicit consent
4. How We Share Your Information
We may share your information with:
- Service Providers: Third parties that help us operate the Service:
- Google Cloud Vision API (for OCR text extraction from business cards)
- Supabase (cloud database and storage)
- Fly.io (application hosting)
- Connected Services: HubSpot and Google Contacts, only when you explicitly authorize the connection
- Legal Requirements: When required by law, court order, or to protect our rights
- Business Transfers: In connection with a merger, acquisition, or sale of assets
5. Data Storage and Security
5.1 Where Your Data is Stored
Your data is stored on secure servers located in:
- United States (primary data storage via Supabase)
- Various locations for application hosting (Fly.io)
By using our Service, you consent to the transfer of your data to these locations. We ensure appropriate safeguards are in place for international data transfers.
5.2 Security Measures
We implement industry-standard security measures including:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure password hashing (bcrypt)
- JWT-based authentication with token expiration
- Regular security assessments
- Access controls and audit logging
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:
- Account Data: Retained until you delete your account
- Business Card Data: Retained until you delete individual cards or your account
- Usage Logs: Retained for up to 12 months for analytics and troubleshooting
After account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law.
7. Your Privacy Rights
7.1 Rights for All Users
Regardless of your location, you have the right to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data
- Portability: Export your data in a machine-readable format
- Withdraw Consent: Revoke consent for optional data processing
7.2 Additional Rights for California Residents (CCPA/CPRA)
California residents have additional rights:
- Right to Know: Request details about data collection and sharing
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: We do not sell personal information, so this right does not apply
- Non-Discrimination: We will not discriminate against you for exercising your rights
7.3 Additional Rights for Canadian Residents
Canadian residents, including Quebec residents, have rights under PIPEDA and provincial laws:
- Access and Correction: Access your personal information and request corrections
- Consent Withdrawal: Withdraw consent at any time
- Data Portability: Receive your data in a structured, commonly used format (Quebec Law 25)
- Complaint: File a complaint with the Office of the Privacy Commissioner of Canada or Quebec's Commission d'accès à l'information
7.4 How to Exercise Your Rights
To exercise any of these rights:
- In the App: Go to Settings > Privacy > Delete Account or Export Data
- By Email: Contact us at privacy@digi-cards.app
We will respond to your request within 30 days (or sooner if required by applicable law).
8. Third-Party Services
Our Service integrates with third-party services. Each has its own privacy policy:
- Google Cloud Vision: Google Cloud Privacy Notice
- Google Contacts: Google Privacy Policy
- HubSpot: HubSpot Privacy Policy
- Supabase: Supabase Privacy Policy
9. Children's Privacy
Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will promptly delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new policy on this page with an updated "Last Updated" date
- Sending you an email notification (for significant changes)
- Displaying a notice in the app
Your continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
For Canadian Residents
You may also contact the Office of the Privacy Commissioner of Canada:
- Website: www.priv.gc.ca
- Toll-free: 1-800-282-1376
For Quebec Residents
You may also contact the Commission d'accès à l'information du Québec:
- Website: www.cai.gouv.qc.ca
For California Residents
You may also contact the California Privacy Protection Agency:
- Website: cppa.ca.gov