Soft Card

Privacy Policy

Soft Card provides tools to create and share virtual visiting cards across our websites and apps, including QR sharing, NFC sharing (when available), contact capture, and related analytics (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use the Service.

Effective: Last Updated: Contact: softcard.app@gmail.com

If you do not agree with this Policy, do not use the Service. Your use is also governed by our Terms of Service.

1) Who We Are & Scope

Controller/Business. For most processing, Soft Card acts as an independent “data controller”/“business”.

Processor/Service Provider. For enterprise customers using team features and integrations, we may process certain data as a processor/service provider under a Data Processing Addendum (DPA) made available upon request.

Coverage. This Policy applies to personal data we process about account owners, team members, card recipients, website visitors, and support contacts.

Contact: softcard.app@gmail.com (Subject: “Privacy”)
Registered address: As listed on our website.

2) Personal Data We Collect

A. Data You Provide

  • Account & Profile. Name, email, password, photo, job title, company, preferences and other information.
  • Card Content (“User Content”). Logos, photos, links, bios, phone numbers, social profiles, locations, and any other fields you choose to include on your card(s).
  • Contacts & Imports. People you add or import (e.g., via CSV, address book, CRM, or OCR scans of paper cards or any other means). You are responsible for having the right to upload or share others’ data.
  • Communications. Support requests, feedback, surveys.
  • Billing. Subscription tier, invoices; payment card data is processed by payment processor (we do not store full card numbers).

B. Data Collected Automatically

  • Usage & Device Data. App and web activity (pages viewed, features used, taps/scans), device type, OS, browser, language, app version, referrer/UTM, session IDs, crash logs.
  • Event & Analytics Data (QR/NFC/Links). When someone scans a QR code, taps NFC, or opens a card link, we log timestamp, general location inferred from IP (city/region level), device/browser metadata, and referral context to generate analytics for card owners.
  • Cookies/SDKs. We use cookies and mobile SDKs for session management, analytics, fraud prevention, and—with your consent where required—marketing.

C. Data From Third Parties

  • Integrations. Identity providers (SSO), CRMs, cloud storage, messaging/email platforms, analytics, payment processors—only per your settings/permissions.
  • Partners/Resellers. Basic account and transactional data to deliver the Service.

Sensitive Data: Please do not upload regulated sensitive data (e.g., government ID numbers, financial account numbers, health/biometric data) unless we have expressly agreed in writing (see Terms of Service).

3) How We Use Personal Data (Purposes & Legal Bases)

  • Provide the Service (create/manage cards, show previews/short links/QR codes, enable NFC/QR sharing, sync across website/apps, process imports/OCR, display analytics). Legal bases: contract performance; legitimate interests in operating and securing the Service.
  • Secure, maintain, and improve the Service (debugging, preventing abuse, quality assurance). Legal bases: legitimate interests; legal obligations.
  • Communicate with you (transactional emails, support, important updates). Legal bases: contract performance; legitimate interests.
  • Billing and account management (subscriptions, renewals, tax, fraud prevention). Legal bases: contract performance; legal obligations; legitimate interests.
  • Research and analytics to understand features and adoption, and to improve usability. Legal bases: legitimate interests; consent where required.
  • Marketing (with your consent where required), including newsletters and product announcements; you can opt out anytime. Legal bases: consent; legitimate interests where permitted.
  • Compliance & enforcement (respond to lawful requests, enforce terms, protect rights and safety). Legal bases: legal obligations; legitimate interests.

We do not use automated decision‑making that produces legal or similarly significant effects about you.

4) Sharing & Disclosure

  • Service Providers / Sub‑processors. Hosting, storage, analytics, email delivery, customer support, payment processing, security, bound by confidentiality and data protection terms.
  • Integrations You Enable. At your direction (e.g., sending captured contacts into your CRM). You can disable integrations at any time.
  • Other Users/Recipients. Card content you publish or share (via URL, QR, NFC, email signature, etc.) can be viewable by recipients and may be re‑shared by them.
  • Legal, Safety, and Rights. To comply with law or lawful requests, enforce terms, or protect Soft Card, users, or the public.
  • Business Transfers. In connection with a merger, acquisition, financing, or sale of assets.
  • Aggregated/De‑identified Data. We may use and share data that cannot reasonably identify you.
  • Third‑Party Accessories. Optional NFC cards/tags or stands are provided by independent third parties under their own terms; see our Terms of Service.

5) Cookies, SDKs & Your Choices

Controls. You can manage cookies in your browser and mobile OS settings. Where required, we present a consent banner with granular choices.

Do Not Track / GPC. We currently do not respond to browser “Do Not Track” signals. We honor Global Privacy Control (GPC) signals where required by applicable law.

Marketing Opt‑Out. You can opt out of marketing emails via the unsubscribe link or by emailing us.

6) International Transfers

We operate globally. When transferring personal data internationally, we use appropriate safeguards (e.g., standard contractual clauses where applicable) and implement technical and organizational controls. By using the Service, you understand your data may be processed in countries that may have different data protection laws than your home country.

7) Data Retention

We retain personal data for the shortest time necessary to fulfill the purposes above, comply with law, resolve disputes, and enforce agreements. Typical retention periods:

  • Account & Profile: for the life of the account and up to 30–90 days after closure for backup/administration.
  • Card Content & Contacts: until you delete them or close your account; residual backups typically up to 90 days.
  • Event/Analytics Logs (QR/NFC/Links): 24 months.
  • System Logs & Security Records: 12–24 months.
  • OCR Images & Intermediate Files: ≤30 days (extraction artifacts purged thereafter).
  • Billing & Tax Records: 7 years (or as required by law).
  • Support Tickets: 24 months.

Actual periods may vary per enterprise contracts or legal requirements.

8) Security

We use administrative, technical, and physical safeguards to protect personal data (access controls, encryption in transit, hardened infrastructure, monitoring). No system is 100% secure; you are responsible for safeguarding your credentials and for the content you choose to share. We will notify you of breaches as required by law.

9) Your Rights & Choices

Your rights depend on where you live and how we process your data. Subject to legal limits, you may have the right to:

  • Access, correct, or delete personal data;
  • Port data to another provider;
  • Restrict or object to certain processing;
  • Withdraw consent where processing is based on consent;
  • Opt out of marketing communications at any time.

How to exercise: Email softcard.app@gmail.com with the subject “Privacy Request.” We may ask for verification. If we process your data on behalf of an enterprise customer, we will direct your request to that customer where appropriate.

Region‑Specific Notices – Bangladesh. We strive to comply with applicable data protection and cybersecurity laws of Bangladesh and other jurisdictions where we operate or target users.

10) Children’s Privacy

The Service is not intended for individuals under the age of 16 (or the age of majority where you reside). We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us and we will take appropriate steps.

11) Enterprise & Team Features

  • Admin Controls. Depending on your plan, organization administrators may have the ability to manage user accounts, adjust access settings, or review limited account information (such as card content or analytics). The scope of these controls can vary by customer and setup.
  • Data Processing Addendum (DPA). In some cases, and at our discretion, we may provide a DPA or similar documentation for enterprise or regulated customers. Availability and content can vary.
  • Sub‑processors and Vendors. We work with third-party service providers to deliver parts of the Service. Where appropriate, we may share information about these providers, but details can change and may not always be published in a central list.
  • Controller vs. Processor. For certain enterprise accounts, we may act as a processor/service provider for some customer-directed data (e.g., contact syncing), while at the same time acting as a controller/business for independent activities such as account administration, billing, and product improvement.

12) Third‑Party Services & Links

If you enable or connect third‑party services (identity providers, CRMs, messaging/email platforms, analytics, cloud storage, payment processors), their terms and privacy policies govern their use of data. We are not responsible for third‑party practices. Disable integrations to stop data flows going forward.

13) Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted with a new “Last Updated” date and, where required, we will notify you (e.g., via email or in‑product notice). Your continued use of the Service after changes become effective means you accept the updated Policy.

14) How to Contact Us

Email: softcard.app@gmail.com

Postal: See the registered address listed on our website.

© Soft Card. All rights reserved. Policy version: 2025-08-27