Privacy Policy

Last Updated: October 19, 2025

1. Introduction

ByteInk ("we," "our," "us") operates Cardova.io ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Cardova, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address (required for authentication)
• Name (optional display name)
• Password (encrypted, never stored in plain text)
• Country (collected during sign up/onboarding)
• Profile photo (optional)

2.2 Business Card Information

When you create digital business cards, we collect:

• Contact information (name, phone, email, address, company)
• Professional details (job title, company name, website)
• Visual assets (logos, cover images, profile photos)
• Social media links (LinkedIn, Twitter, etc.)
• Custom fields and notes

2.3 Usage Data

We automatically collect:

• Device information (device type, operating system, browser)
• IP address and geographic location (country-level)
• Card view analytics (views, saves, wallet additions)
• Interaction data (features used, pages visited)
• Referral sources (how you found our Service)

2.4 Payment Information

When you subscribe to paid plans:

• Payment data is processed by Stripe (we never store full credit card numbers)
• We receive limited payment metadata (last 4 digits, expiration date, billing address)
• Stripe's privacy policy applies to payment processing

2.5 Cookies & Tracking Technologies

We use:

• Essential cookies (authentication, session management)
• Analytics cookies (Google Analytics for usage patterns)
• Preference cookies (theme, language selection)

You can control cookies through your browser settings.

3. How We Use Your Information

3.1 To Provide the Service

• Create and manage your digital business cards
• Generate QR codes and wallet passes
• Enable sharing and contact export
• Process payments and subscriptions
• Provide customer support

3.2 To Improve the Service

• Analyze usage patterns and trends
• Identify and fix bugs
• Develop new features
• Optimize performance
• Conduct research and analytics

3.3 To Communicate With You

• Send transactional emails (password resets, receipts)
• Notify you of service updates
• Respond to support requests
• Send marketing communications (with consent)

3.4 To Ensure Security

• Detect and prevent fraud
• Protect against unauthorized access
• Monitor for suspicious activity
• Comply with legal obligations

4. How We Share Your Information

4.1 Public Sharing

When you share your digital business card:

• Recipients see your contact information (as configured in your card)
• Card views are tracked (anonymized analytics)
• QR codes are publicly accessible (anyone with the link can view)
• You control what information is shared

4.2 Third-Party Services

We share data with trusted service providers:

Firebase (Google Cloud)

• Purpose: Database, authentication, file storage
• Data shared: All user data and card information
• Privacy policy: https://firebase.google.com/support/privacy

Stripe

• Purpose: Payment processing
• Data shared: Email, name, billing information
• Privacy policy: https://stripe.com/privacy

Apple Wallet & Google Wallet

• Purpose: Digital wallet integration
• Data shared: Contact information in wallet passes
• Privacy policies:
  • Apple: https://www.apple.com/legal/privacy/
  • Google: https://policies.google.com/privacy

Google Analytics

• Purpose: Usage analytics and insights
• Data shared: Anonymized usage data, device info
• Privacy policy: https://policies.google.com/privacy

4.3 Legal Requirements

We may disclose your information to:

• Comply with legal obligations
• Respond to lawful requests from authorities
• Protect our rights and property
• Prevent fraud or illegal activity
• Protect user safety

4.4 Business Transfers

If ByteInk or Cardova is acquired or merged, your information may be transferred to the new entity. We will notify you of any such change.

5. Data Retention

5.1 Active Accounts

We retain your data as long as your account is active or as needed to provide services.

5.2 Deleted Accounts

When you delete your account:

• Personal data is deleted within 30 days
• Analytics data may be retained in anonymized form
• Legal and accounting records retained as required by law
• Deletion is permanent and irreversible

5.3 Inactive Accounts

Accounts inactive for 2+ years may be deleted after notice.

6. Your Privacy Rights

6.1 Access & Export

You have the right to:

• Access all your personal data
• Export your information in machine-readable format
• Request a copy of your data

6.2 Correction

You can:

• Update your account information anytime
• Correct inaccurate data
• Complete incomplete information

6.3 Deletion

You can:

• Delete individual business cards
• Delete your entire account
• Request deletion of specific data

6.4 Objection & Restriction

You can:

• Opt out of marketing emails
• Disable analytics cookies
• Restrict certain data processing

6.5 Portability

You can export your data in standard formats (vCard, JSON).

6.6 GDPR Rights (EU Users)

EU users have additional rights under GDPR:

• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to automated decision-making
• Right to lodge a complaint with supervisory authority

6.7 CCPA Rights (California Users)

California residents have rights under CCPA:

• Right to know what data we collect
• Right to delete personal information
• Right to opt out of data sales (we do not sell data)
• Right to non-discrimination for exercising rights

7. Data Security

7.1 Security Measures

We implement industry-standard security practices:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest (database encryption)
• Secure authentication (Firebase Auth with bcrypt)
• Regular security audits
• Access controls (role-based permissions)
• Secure payment processing (PCI-compliant via Stripe)

7.2 Limitations

No system is 100% secure. While we strive to protect your data:

• We cannot guarantee absolute security
• You are responsible for keeping your password secure
• Notify us immediately of any unauthorized access

8. Children's Privacy

Cardova is not intended for users under 18. We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence:

• Firebase servers: Data stored in Google Cloud (multiple regions)
• Stripe servers: Payment data processed globally
• Adequate protections: Standard contractual clauses and safeguards

10. Cookies & Tracking

10.1 Types of Cookies

Essential Cookies:

• Authentication tokens
• Session management
• Security features

Analytics Cookies:

• Google Analytics
• Usage patterns
• Performance monitoring

Preference Cookies:

• Language selection
• Theme (light/dark mode)
• UI preferences

10.2 Cookie Management

You can control cookies via:

• Browser settings (block, delete, or accept)
• Opt-out tools (Google Analytics opt-out)
• Cookie consent preferences

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices. Review their privacy policies before providing information.

12. Marketing Communications

12.1 Email Communications

We may send:

• Transactional emails (receipts, password resets) - cannot opt out
• Product updates (new features, improvements) - can opt out
• Marketing emails (promotions, tips) - can opt out

12.2 Opt-Out

You can unsubscribe from marketing emails:

• Click "unsubscribe" in any marketing email
• Update email preferences in your account settings
• Contact us at [email protected]

13. Do Not Track (DNT)

We currently do not respond to DNT signals, as there is no industry standard for handling them.

14. California Shine the Light Law

California residents may request information about sharing personal data with third parties for direct marketing. We do not share data for third-party marketing.

15. Changes to This Privacy Policy

We may update this policy from time to time. We will notify you of material changes via:

• Email notification
• In-app notification
• Prominent website notice

Continued use after changes constitutes acceptance.

16. Contact Us

For privacy questions, data requests, or concerns:

Email: [email protected]
Privacy Contact: [email protected]
Mail: Available upon request via [email protected]
Website: https://cardova.io

For GDPR Requests:

EU residents may exercise their rights by contacting [email protected]. You may also lodge a complaint with your local supervisory authority; see https://edpb.europa.eu/about-edpb/about-edpb/members_en for contact details.

For CCPA Requests:

California Privacy Rights: [email protected]

17. Your Consent

By using Cardova, you consent to this Privacy Policy and agree to its terms.

Cardova by ByteInk - Protecting your privacy while modernizing networking