Privacy Policy
Last updated: 15 July 2026 · Applies to onlinevcard.com and related apps
1. Who we are
OnlineVCard provides digital business cards for individuals, businesses and teams. All customer data is hosted in Frankfurt, Germany (EU) — database and file storage alike. For any privacy matter, contact privacy@onlinevcard.com.
2. What we collect
- Account data — name, email, country, password (hashed), and for organisations the legal/tax details you provide for invoicing (e.g. GSTIN, VAT ID, TRN).
- Card content — everything you choose to publish on your card: text, images, links, services. You control what appears and whether search engines may index it.
- Usage & analytics — anonymous, cookieless view counts on public cards (country-level, no visitor profiles). Raw events are deleted after 90 days; only aggregates are kept.
- Leads — details visitors submit through your card's enquiry form belong to you; we store them so you can access them.
- Payment data — processed by our payment partners (Stripe, Razorpay, PayPal). We never see or store full card numbers.
3. How we use it
To operate your cards and dashboard, bill you correctly with tax-compliant invoices, send essential transactional emails (receipts, security, trial notices), and — only with your consent — analytics and marketing cookies on our marketing site. We never sell personal data.
4. Cookies
Public card pages are cookie-free for visitors. Our marketing site and dashboards use cookies as described in the Cookie Policy, controllable anytime via "Cookie settings" in the footer.
5. Your rights (GDPR & similar laws)
- Access, correct, export or delete your data — self-service from account settings or via privacy@onlinevcard.com.
- Withdraw consent at any time (cookies, marketing, search-engine indexing of your card).
- California residents: we do not sell personal information; "Do Not Sell/Share" is honoured.
6. Retention & security
Account data is kept while your account is active and deleted on request. Encrypted backups are retained 30 days. We use encryption in transit and at rest, strict access controls, two-factor authentication for administrative access, and full audit logging.
7. Processors
We use vetted sub-processors under data-processing agreements: EU-region database and object storage, Vercel (delivery), payment gateways, and a transactional email provider. A current list is available on request.
8. Changes
We'll notify you of material changes by email or in-app before they take effect.