Categories of data

• Contact details: name, email address, phone number (if provided).
• Payment information: transaction records, payment confirmation, and metadata. We do not store full card numbers or CVV; payment processing is handled by third-party payment gateways.
• Card data: the answers you provide in the card form (text fields, choices), and an optional photo you upload to generate the card.
• Technical and usage data: IP address, device/browser metadata, cookies and analytics data.

Purpose & legal basis

• Provide services: to generate and deliver the digital card to the email you provide (contractual necessity / performance of service).
• Process payments: to charge the ₹3 fee and process refunds where applicable (legal and contractual necessity).
• Communication: to send transactional emails (card delivery, receipts), updates, and support messages.
• Marketing (optional): with your consent we may send promotional messages and newsletters. You can opt-out at any time.
• Improve services: analytics and aggregated feedback to improve user experience and features.
• Security & compliance: fraud prevention, legal obligations, and dispute resolution.

Payment processors and third parties

We use trusted third-party payment processors (e.g., Razorpay / Paytm / PayPal — replace with the one you use) to handle payment transactions. When you make a payment, payment-related data is transmitted directly to the payment provider and is subject to that provider’s privacy policy.

We also use third parties for:

• Email & newsletter delivery (e.g., MailerLite, SendGrid, Mailchimp)
• Analytics and performance monitoring (e.g., Google Analytics, server logs)
• Cloud storage or CDN providers (for optional uploaded photos and static assets)

We only share personal data with third parties where necessary to provide our service or where required by law. Third parties process data on our behalf as data processors and are required by contract to protect your data.

What we use cookies for

We use cookies and similar technologies to:

• Remember your session and form inputs
• Analyze site usage and performance
• Personalize content and marketing (with consent)

You can control cookies via your browser settings. Blocking certain cookies may affect how our services function.

How long we keep your data

• Transactional data (card delivery, receipts): retained for up to 7 years for accounting and legal compliance.
• Contact & account info: retained while your account or subscription is active and for a reasonable period after if required for legal claims.
• Uploaded optional photos: retained for up to 1 year unless you request deletion sooner.
• Analytics data: aggregated and retained as anonymized records for service improvement.

Deletion requests: You may request deletion or export of your personal data (see "Your rights" below). We will respond to verifiable requests in accordance with applicable law.

Rights depending on your location

• Access: request a copy of personal data we hold about you.
• Correction: request corrections to inaccurate or incomplete data.
• Deletion: request deletion of your data (subject to legal/contractual exceptions).
• Portability: request a machine-readable copy of data you provided.
• Objection: object to certain processing (e.g., direct marketing).

To exercise any right, contact us at the email below. We may ask for verification and will respond as required by law.

How we protect your data

We take commercially reasonable measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include:

• Secure server infrastructure and HTTPS encryption for all communications.
• Access controls, role-based permissions and logging for administrative access.
• Working with vetted third-party processors who follow industry-standard security practices.

No method of transmission or storage is 100% secure. If a data breach occurs, we will follow applicable laws and notify affected users and regulators when required.

Our services are intended for individuals aged 13+ (or as required by local law). We do not knowingly collect personal data from children under the applicable minimum age. If you believe we have collected data of a child, please contact us to request deletion.

Because our infrastructure and third-party services may operate in multiple countries, personal data may be transferred and processed outside your country of residence. We will take steps to ensure such transfers provide appropriate safeguards (e.g., standard contractual clauses) as required by law.

We may update this Privacy Policy to reflect changes to our practices or legal requirements. When we make material changes, we will provide notice (e.g., updated effective date and prominent notice on our site).

Contact details

If you have questions about this Privacy Policy or want to exercise your rights (access, correction, deletion, portability), contact:

Replace the above email with your real support/contact email. For legal concerns, consult a qualified privacy attorney.