CardtopleaseBack to Home

Privacy Policy

Last updated: November 21, 2025

1. Introduction

Cardtoplease ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted)
  • Account creation date

Content You Upload

When you use our card creation service, we collect:

  • Photos you upload for AI card generation
  • Card personalization information (recipient name, occasion, relationships, custom messages)
  • Generated card images and content

Payment Information

Payment processing is handled by Stripe. We do not store your complete credit card information. We receive from Stripe:

  • Transaction IDs
  • Payment status
  • Credit purchase history

Usage Information

We automatically collect:

  • Card view analytics (when cards are viewed)
  • Credit usage history
  • Login activity
  • Device and browser information

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service
  • Process your photos through AI to generate card illustrations
  • Store and display your cards
  • Process payments and manage your credit balance
  • Send you cards via email when you use the sharing feature
  • Send service-related communications (receipts, account notifications)
  • Improve and optimize our Service
  • Prevent fraud and ensure security
  • Comply with legal obligations

4. Third-Party Services

We use the following third-party services that may collect information:

Supabase (Database & Authentication)

We use Supabase to store your account information, cards, and usage data. Supabase complies with GDPR and industry-standard security practices.

fal.ai (AI Image Generation)

Your uploaded photos are processed by fal.ai to generate card illustrations. Images are processed according to fal.ai's privacy policy and are not used to train AI models.

Stripe (Payment Processing)

Payment information is processed by Stripe. We do not store your complete payment card details. Stripe's privacy policy applies to payment processing.

Resend (Email Delivery)

We use Resend to send card sharing emails. Recipient email addresses are processed according to Resend's privacy policy.

Vercel (Hosting)

Our application is hosted on Vercel, which may collect standard web analytics and performance data.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in these situations:

  • With service providers (Supabase, fal.ai, Stripe, Resend, Vercel) to operate the Service
  • When you choose to share a card with a recipient
  • To comply with legal obligations or respond to lawful requests
  • To protect our rights, property, or safety
  • In connection with a business transfer or acquisition

6. Data Security

We implement appropriate technical and organizational security measures to protect your information:

  • Encryption of data in transit (HTTPS/TLS)
  • Encrypted password storage
  • Row-level security on database access
  • Secure authentication through Supabase
  • Regular security updates and monitoring

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

7. Data Retention

We retain your information for as long as:

  • Your account is active
  • Necessary to provide the Service
  • Required by law or for legitimate business purposes

If you delete your account, we will delete your personal information within 90 days, except where retention is required by law.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Update or correct your information
  • Deletion: Request deletion of your account and data
  • Portability: Receive your data in a structured format
  • Objection: Object to processing of your data
  • Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, contact us at: hello@card.cardtoplease.com

9. Children's Privacy

Our Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete that information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

11. Cookies and Tracking

We use essential cookies to:

  • Maintain your login session
  • Remember your preferences
  • Ensure security

You can control cookies through your browser settings. Disabling cookies may limit functionality of the Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on the Service. Your continued use after changes indicates acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Email: hello@card.cardtoplease.com