Privacy Policy

1. Information We Collect

• Voluntarily Provided Data: Information you provide when registering, making a purchase, or using our services (e.g., name, email, birthday preferences).
• Automatically Collected Data: Device, browser type, IP address, site activity, error logs, and cookies.
• Payment Information: We do not store payment details. Transactions are securely processed by Stripe.

2. How We Use Your Data

• Authentication & Security: User verification via Kinde authentication.
• Service Provision: AI-powered text and image generation.
• Reminders & Notifications: Sending birthday reminders and card updates.
• Payments: Processing transactions through Stripe.
• Content Moderation: AI-generated content is filtered using NSFW.js and Perspective API.
• Legal Compliance: Complying with applicable laws and regulations.

3. Legal Basis for Processing (GDPR Compliance)

• Consent: You give explicit consent for birthday sharing and marketing emails.
• Contractual Necessity: To provide our services (e.g., managing your account and transactions).
• Legitimate Interest: Fraud prevention, improving our services.
• Legal Obligation: Compliance with laws and regulatory requirements.

4. User Rights & Controls

Under GDPR (EU/UK Users):

• Access & Portability: Request a copy of your personal data.
• Correction: Modify inaccurate data.
• Deletion (Right to Be Forgotten): Request account deletion.
• Restriction & Objection: Limit or object to data processing.
• Withdraw Consent: Opt out of marketing emails.

Under CCPA (California, USA Users):

• Right to Know & Delete: Request access to collected data and deletion of personal information.
• Non-Discrimination: No penalties for exercising privacy rights.
• Opt-Out of Data Sharing: We do not sell personal data, but you can opt out of third-party data processing.

Under Australian Privacy Act (AU Users):

• Complaint Handling: We will respond within 30 days if you believe we violated your privacy.
• Disclosure of International Transfers: Your data may be stored outside Australia.
• To exercise your rights, contact us at team@kardz.co.

5. Data Retention & Deletion

• Account Data: Stored while your account is active.
• Payment Data: Processed by Stripe, not stored by us.
• AI Content: Not permanently stored; user-uploaded images are not retained.
• Account Deletion: Data erased within 30 days of account deletion.

6. Third-Party Services & Data Sharing

We do not sell your data. However, we may share information with:

• Authentication & Security: Kinde (login services).
• Payment Processing: Stripe.
• Analytics & Performance: Google Analytics, Mixpanel.
• AI Moderation: NSFW.js, Perspective API.
• Legal Compliance: Regulatory authorities when required by law.

7. International Data Transfers

Your data may be stored in the United States, European Union, and Australia. We implement Standard Contractual Clauses (SCCs) to ensure data security when transferring outside your region.

8. Data Security Measures

• Encryption to protect sensitive data.
• Secure API Authentication with Kinde.
• Secure Payment Processing with Stripe.
• Regular Security Audits to detect vulnerabilities.

9. Children's Privacy

Our services are not intended for users under 13 years old. We do not knowingly collect or process children's data.

10. Cookies & Tracking

We use cookies to improve site functionality and user experience. You can manage cookie settings in your browser. See our Cookie Policy for details.

11. Breach Notification

If a data breach occurs, we will notify affected users and regulatory authorities as required by law.

12. Changes to This Privacy Policy

We may update this Privacy Policy as needed. We will notify users of significant changes via email or app notifications.

13. Contact Us

For questions, requests, or concerns, contact us at: team@kardz.co