Privacy Policy

Welcome to CardHai (“CardHai,” “we,” “us,” or “our”). We operate the website cardhai.com and related mobile-optimised web application (collectively, the “Service”).

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit or use our Service. By using CardHai, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Service.

This policy is published in compliance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 of India.

2.1 Information You Provide

• Account information: When you sign up via Google OAuth, we receive your name and email address.
• Profile data: Your chosen username, display name, bio, profile photo, phone number, WhatsApp number, and contact email that you add to your card.
• Payment data: For Pro upgrades and tip payouts, we collect UPI IDs and basic KYC information (PAN number, Aadhaar number) required under Indian payment regulations. Card/payment details are processed directly by Razorpay and are never stored on our servers.
• Support messages: Name, email, subject, and message content when you contact our support team.

2.2 Information Collected Automatically

• Analytics events: When visitors view your public card, we record the event type, a hashed IP address (not raw IP), user agent, device type, and referrer URL.
• Usage data: Pages visited, features used, and time spent on the platform.
• Log data: Server logs including request timestamps and error reports.

2.3 Information from Third Parties

• Google OAuth: When you sign in with Google, we receive your Google account name, email, and profile picture per Google's API terms.
• Razorpay: We receive payment confirmation, order IDs, and transaction status from Razorpay after a completed payment.

• To create and maintain your CardHai account and public card(s).
• To process Pro upgrade payments and tip transactions via Razorpay.
• To provide you with analytics data about your card's performance.
• To send weekly tip payout summaries and important account notifications.
• To respond to your support requests and inquiries.
• To prevent fraud, spam, and abuse on the platform.
• To improve our Service through aggregated, anonymised usage analysis.
• To comply with applicable Indian laws and regulatory requirements.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Information you add to your public card (name, bio, profile photo, links, phone visibility settings) is publicly accessible at cardhai.com/yourusername when you choose to publish your card. This data may be indexed by search engines such as Google, Bing, and others.

You can unpublish or deactivate your card at any time from your dashboard, which will remove it from public access and prompt search engine de-indexing.

We share your data only in the following limited circumstances:

• Supabase (Supabase Inc.): Our database and authentication provider. Data is stored on servers in Supabase's cloud infrastructure.
• Razorpay (Razorpay Software Private Limited): Payment processing for Pro upgrades and tips. Governed by Razorpay's privacy policy.
• Google (Alphabet Inc.): For Google OAuth sign-in via Google Identity Services.
• Law enforcement: We may disclose information if required by Indian law, court order, or valid government request.
• Business transfer: In the event of a merger or acquisition, your data may be transferred as a business asset with advance notice to you.

CardHai uses essential cookies and browser storage (localStorage) to maintain your authentication session. We do not use third-party advertising cookies or tracking pixels.

• Session cookies: Required to keep you logged in.
• Preference storage: Local browser storage for UI preferences.

You can clear cookies via your browser settings, but doing so will sign you out.

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Analytics events: Retained for 12 months, then aggregated and anonymised.
• Payment records: Retained for 7 years as required by Indian tax and financial regulations.
• Support messages: Retained for 1 year after resolution.

As a user, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data via your dashboard settings.
• Delete your account and associated data by contacting us at mail.cardhai@gmail.com.
• Withdraw consent for optional data processing (analytics) by contacting support.
• Port your data — we will provide an export of your card and link data on request.

To exercise any of these rights, please contact us at mail.cardhai@gmail.com or use our Support page.

We implement industry-standard security measures including HTTPS encryption (TLS 1.3), Row-Level Security (RLS) on our database, hashed IP addresses in analytics, and Razorpay's PCI-DSS compliant payment processing.

However, no internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security and encourage you to use strong passwords and protect your Google account.

CardHai is not directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us personal data, please contact us immediately at mail.cardhai@gmail.com.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our homepage or sending an email to your registered address. Continued use of the Service after changes constitutes acceptance of the revised policy.

For privacy-related questions, concerns, or requests, please contact: