Privacy Policy

Last updated: March 4, 2026

1. Introduction

CallCard ("we", "us", "our") operates the callcard.io website and service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, company name, and job title. We use passwordless authentication (magic links), so we do not store passwords.

Card Content: Information you add to your digital business card, including contact details, links, photos, logos, and bio text. You control the privacy tier (Everyone, Contacts, Connected) for each field.

Visitor Data: When someone views or interacts with your card, we collect their name, email (if they authenticate), and interaction type (message, call request, file upload, contact save). Card owners can see this activity in their dashboard.

Usage Data: We collect anonymized analytics data including page views, feature usage, and device information to improve our service.

Files: Files uploaded by visitors are stored securely on Amazon S3 with access controlled by presigned URLs.

3. How We Use Your Information

• To provide, operate, and maintain the CallCard service
• To send you verification emails and service notifications
• To process visitor interactions on your card (messages, call requests, file uploads)
• To improve and personalize your experience
• To detect and prevent abuse, fraud, and security threats

4. Privacy Controls

CallCard is built around privacy by design. You can:

• Set field-level privacy tiers (Everyone, Contacts, Connected) for each piece of information on your card
• Control which actions visitors can take (message, call, file upload, save contact)
• Block specific visitors from interacting with your card
• Control your location precision (Precise, Suburb, City) or disable the map entirely
• Delete your account and all associated data at any time

5. Data Sharing

We do not sell your personal information. We share data only in these limited circumstances:

• Service providers: Amazon Web Services (hosting, file storage), Cloudflare (security, CDN), PostHog (anonymized analytics), and email delivery services
• AI discoverability: If you enable AI discoverability, your publicly visible card information may be indexed by search engines and AI assistants
• Legal requirements: If required by law, regulation, or legal process

6. Data Security

We implement industry-standard security measures including HTTPS encryption, JWT-based authentication, bcrypt password hashing, Cloudflare Turnstile bot protection, rate limiting, and security event logging.

7. Data Retention

We retain your account data for as long as your account is active. Visitor file uploads on the Free plan expire after 7 days. You can request deletion of your account and all associated data by contacting us.

8. Cookies

We use essential cookies for authentication (JWT tokens) and session management. We use PostHog for anonymized product analytics. We do not use third-party advertising cookies.

9. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. To exercise these rights, contact us at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at [email protected].