Privacy Policy

Introduction

Welcome to GreetingCardify. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our website and services.

GreetingCardify is operated by GreetingCardify Ltd, a company registered in the United Kingdom. We comply with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable data protection laws.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Data We Collect

We collect several types of information from and about users:

Information You Provide Directly

• Account Information: Name, email address, password (encrypted), and profile photo when you create an account
• Card Content: Messages, signatures, photos, and other content you add to greeting cards
• Payment Information: Billing address and payment details (processed securely through our payment provider)
• Communications: Messages you send us through contact forms or customer support

Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on pages, and interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Tracking: Data collected through cookies and similar technologies (see our Cookie Policy)

Information from Third Parties

• Social Media: If you sign in using a social media account, we receive basic profile information
• Analytics Providers: Aggregated usage statistics from analytics services

How We Use Your Data

We use the information we collect for the following purposes:

Service Delivery

• Creating and managing your account
• Processing and delivering greeting cards
• Facilitating card signing and collaboration
• Processing payments and managing subscriptions
• Providing customer support

Service Improvement

• Analyzing usage patterns to improve our platform
• Developing new features and services
• Conducting research and analytics
• Testing and troubleshooting

Communication

• Sending transactional emails (order confirmations, receipts)
• Notifying you about card invitations and signatures
• Sending service updates and security alerts
• Marketing communications (only with your consent, and you can opt-out anytime)

Legal and Security

• Complying with legal obligations
• Protecting against fraud and abuse
• Enforcing our Terms of Service
• Resolving disputes

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services and fulfill our contractual obligations to you
• Consent: Where you have given explicit consent for specific processing activities (e.g., marketing emails)
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services and preventing fraud
• Legal Obligation: Processing required to comply with legal and regulatory requirements

Data Sharing & Third Parties

We do not sell your personal data. We share your information only in the following circumstances:

Service Providers

We work with trusted third-party service providers who help us operate our platform:

• Payment Processors: Stripe for secure payment processing
• Cloud Hosting: Vercel and AWS for hosting and infrastructure
• Email Services: SendGrid for transactional emails
• Analytics: Google Analytics for usage statistics (anonymized)
• AI Services: OpenAI for AI-powered card generation

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

Card Recipients and Signers

When you create or sign a card, your name, message, and any uploaded content are shared with the card organizer and recipient as part of the service.

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change.

Cookies

We use cookies and similar tracking technologies to enhance your experience. Cookies are small text files stored on your device that help us:

• Keep you logged in
• Remember your preferences
• Analyze site usage
• Provide personalized content

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our services. For detailed information, please see our Cookie Policy.

Data Retention

We retain your personal data for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements

Specific retention periods:

• Account Data: Retained while your account is active, plus 30 days after deletion
• Card Content: Retained for 2 years after card delivery, or until you delete it
• Payment Records: Retained for 7 years for tax and accounting purposes
• Analytics Data: Anonymized and retained for up to 26 months

Your Rights (GDPR)

Under GDPR and UK data protection law, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, please contact us at privacy@greetingcardify.com. We will respond within 30 days.

International Transfers

Your data may be transferred to and processed in countries outside the UK and European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent protections
• Binding Corporate Rules for transfers within multinational organizations

Our primary data processing occurs in the UK and EU. Some service providers (e.g., cloud hosting) may process data in the United States, but only with appropriate safeguards.

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information from our systems.

Users between 13 and 18 years old should have parental consent before using our services.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@greetingcardify.com
• Mail: GreetingCardify Ltd, Data Protection Team, 123 Card Street, London, EC1A 1BB, United Kingdom
• Phone: +44 20 1234 5678

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection practices. You can contact our DPO directly:

• Email: dpo@greetingcardify.com
• Mail: Data Protection Officer, GreetingCardify Ltd, 123 Card Street, London, EC1A 1BB, United Kingdom