Privacy Policy

AW-CARDS Ltd ("AW-CARDS," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital business card platform, website, applications, and related services (collectively, the "Service"). Please read this policy carefully. By using the Service, you consent to the practices described herein.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide when using the Service, including:

• Account information: name, email address, password, and profile photo when you register for an account
• Card content: professional details such as job title, company, phone number, address, biography, social media links, testimonials, portfolio items, and any other content you add to your digital business card
• Payment information: billing address and payment method details when you subscribe to a paid plan (payment card details are processed and stored by our third-party payment processor, not directly by AW-CARDS)
• Communications: messages, feedback, and support inquiries you send to us
• Lead capture data: information submitted by visitors through contact forms on your published card (name, email, phone, message)
• NFC product orders: shipping address and customization preferences for physical NFC products

1.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information, including:

• Usage data: pages visited, features used, actions taken (e.g., card edits, shares, published/unpublished actions), time stamps, and session duration
• Device information: browser type and version, operating system, device type, screen resolution, and unique device identifiers
• Network information: IP address, internet service provider, and approximate geographic location (city/country level)
• Referral data: the URL that referred you to the Service, and how visitors arrive at your published card
• Card analytics data: views, taps, QR scans, link clicks, contact form submissions, and vCard downloads associated with your published card

1.3 Information from Third Parties

We may receive information from third-party sources, including:

• OAuth providers: if you sign in using a third-party service (e.g., Google), we receive your name, email, and profile image as authorized by you
• AI input sources: if you provide a LinkedIn URL or upload a CV for AI-assisted card generation, we process that information to create your card content
• Payment processors: transaction confirmations and billing status from our payment partners

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and maintain the Service: create and manage your account, host your digital business cards, process lead capture forms, and deliver NFC products
• AI-powered features: generate bios, suggest designs, calculate credibility scores, and provide content recommendations using our AI models
• Analytics and insights: provide you with card performance analytics including views, engagement, geographic distribution, and lead conversion data
• Billing and payments: process subscription payments, manage billing cycles, and handle refund requests
• Communication: send transactional emails (account verification, password reset, billing receipts), respond to support requests, and send optional product updates (with your consent)
• Improvement and development: analyze usage patterns to improve the Service, develop new features, fix bugs, and optimize performance
• Security and fraud prevention: detect and prevent fraudulent activity, unauthorized access, and abuse of the Service
• Legal compliance: comply with applicable laws, regulations, and legal processes

3. How We Share Your Information

We do not sell your personal data to third parties. We may share your information in the following circumstances:

3.1 Public Card Content

When you publish a digital business card, the content on that card is publicly accessible via its unique URL. Anyone with the link, QR code, or NFC tag can view your published card content. You control what information appears on your card and may unpublish at any time.

3.2 Service Providers

We share data with trusted third-party service providers who assist us in operating the Service, including:

• Cloud hosting and infrastructure providers
• Payment processors (for subscription billing)
• Email delivery services (for transactional emails)
• Analytics providers (for aggregated usage insights)
• NFC product manufacturing and shipping partners

These providers are bound by contractual obligations to use your data only for the purposes we specify and to maintain appropriate security measures.

3.3 Lead Data Sharing

When a visitor submits their contact information through your card's lead capture form, that data is shared with you (the card owner) and is accessible through your CRM dashboard. You are responsible for handling lead data in compliance with applicable privacy laws.

3.4 Legal Requirements

We may disclose your information if required to do so by law, in response to a valid legal process (such as a subpoena, court order, or government request), or to protect the rights, property, or safety of AW-CARDS, our users, or the public.

3.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your information.

4. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

• Active accounts: data is retained for the duration of your account activity
• Deleted accounts: upon account deletion, we remove your personal data within 30 days. Certain data may be retained for up to 90 days in backups and will be purged automatically
• Analytics data: aggregated, anonymized analytics data may be retained indefinitely for service improvement
• Legal obligations: some data may be retained longer if required by law, for tax/accounting purposes, or to resolve disputes (typically up to 7 years)
• Lead data: leads captured through your card are retained in your account until you delete them or close your account

5. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures, including:

• Encryption in transit: all data transmitted between your device and our servers is encrypted using TLS/HTTPS
• Encryption at rest: sensitive data stored on our servers is encrypted using industry-standard AES-256 encryption
• Access controls: access to personal data is restricted to authorized personnel on a need-to-know basis, with multi-factor authentication
• Regular audits: we conduct regular security assessments, vulnerability scans, and penetration testing
• Incident response: we maintain an incident response plan and will notify affected users within 72 hours of a confirmed data breach as required by applicable law

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining best-practice protections.

6. Cookies and Tracking Technologies

6.1 What We Use

We use the following types of cookies and similar technologies:

• Essential cookies: required for the Service to function, including authentication tokens, session management, and security cookies. These cannot be disabled.
• Preference cookies: remember your settings, language preferences, and display options to provide a personalized experience
• Analytics cookies: help us understand how users interact with the Service, including page views, navigation paths, and feature usage. We use this data in aggregate to improve the Service.

6.2 Card View Tracking

When someone views your published digital business card, we track the view using lightweight analytics (Beacon API) for your card analytics dashboard. This tracking collects: view timestamp, approximate geographic location (city/country), device type, referral source, and interaction events (link clicks, contact form opens, vCard downloads). No third-party advertising cookies are used.

6.3 Managing Cookies

You can manage or disable cookies through your browser settings. Note that disabling essential cookies may impair the functionality of the Service. For more information about cookies, visit allaboutcookies.org.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

7.1 Rights Under GDPR (European Economic Area, UK)

If you are located in the EEA or UK, you have the right to:

• Access: request a copy of the personal data we hold about you
• Rectification: request correction of inaccurate or incomplete personal data
• Erasure: request deletion of your personal data ("right to be forgotten")
• Restriction: request that we restrict the processing of your personal data
• Portability: receive your personal data in a structured, commonly used, machine-readable format
• Objection: object to the processing of your personal data for certain purposes
• Withdraw consent: withdraw any consent you have previously given

Our legal bases for processing personal data include: performance of a contract (providing the Service), legitimate interest (improving the Service, security), consent (marketing communications), and legal obligation (tax and compliance requirements).

7.2 Rights Under CCPA (California, USA)

If you are a California resident, you have the right to:

• Know: request disclosure of the categories and specific pieces of personal information we have collected
• Delete: request deletion of your personal information
• Opt-out: opt out of the sale of personal information (note: we do not sell personal information)
• Non-discrimination: not be discriminated against for exercising your privacy rights

In the preceding 12 months, we have collected the categories of personal information described in Section 1. We do not sell personal information to third parties.

7.3 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@aw-cards.com. We will respond to your request within 30 days (or sooner if required by applicable law). We may ask you to verify your identity before processing your request.

7.4 Account Data Export

You can export your card data and lead data at any time through your account settings in the cabinet. The export includes your card content, analytics summary, and captured leads in standard formats (JSON, CSV).

8. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe that a child under 16 has provided us with personal information, please contact us at privacy@aw-cards.com.

9. International Data Transfers

Your data may be processed and stored in countries outside of your country of residence, including countries that may not provide the same level of data protection. When we transfer data outside the EEA or UK, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where the destination country has been deemed to provide adequate data protection
• Binding corporate rules or other approved transfer mechanisms

By using the Service, you consent to your data being transferred to and processed in these locations.

10. AI Data Processing

When you use our AI-powered features (card generation, bio writing, design suggestions, credibility scoring), your input data is processed by our AI systems to generate content for your card. Here is how we handle AI data:

• Input data: information you provide for AI generation (name, role, industry, goals, LinkedIn URL, CV text) is used solely to generate your card content
• No training on your data: your individual card content and personal details are not used to train or fine-tune our AI models
• Aggregated improvements: we may use anonymized, aggregated patterns (e.g., which industries prefer which templates) to improve AI output quality
• Third-party AI providers: we may use third-party AI services (such as large language model providers) to power our AI features. Data sent to these providers is governed by our data processing agreements with them

11. Do Not Track

Some browsers offer a "Do Not Track" ("DNT") signal. As there is no common industry standard for handling DNT signals, we do not currently respond to DNT signals. We will update this policy if a standard is established.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will notify you by email or through a prominent notice on the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.

13. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and compliance. You can contact our DPO for any privacy-related questions or concerns.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Data Protection Officer: privacy@aw-cards.com
• General inquiries: hello@aw-cards.com
• Postal address: AW-CARDS Ltd, 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom

If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).