← Back to syncdcard.com

Privacy Policy

Last updated: 2026-06-11

This Privacy Policy explains how SYNCD Ltd ("SYNCD", "we") collects and uses your personal information. We are the data controller for the data you share with us.

1. What we collect

  • Account data: name, email, password hash, plan, sign-up date.
  • Profile data (what you put on your public card): name, role, company, phone, email, social links, headshot, logo.
  • Order data: shipping address, card SKU, payment method last-4 (via Stripe — we never store the full PAN).
  • Event data: each scan of your card creates an event with timestamp, approximate location (city/country only, from IP), and the device user-agent.
  • Cookies: a session cookie for login, an optional analytics cookie for usage statistics. No third-party advertising cookies.

2. How we use it

  • to operate the Service (render your profile, ship your cards, process payments via Stripe);
  • to send transactional emails (receipts, password resets, shipping updates);
  • to compute the analytics shown in your dashboard;
  • to detect abuse and protect the Service.

We do not sell your data to advertisers. We do not share your contact list or scan history with third parties for marketing.

3. Processors we share data with

  • Stripe — payment processing (PCI-DSS scope).
  • Resend — transactional email.
  • AWS / Google Cloud — hosting + database storage (UK / EU regions).
  • Apple PassKit, Google Wallet — to issue and update digital wallet passes (only the data on your profile).

4. Retention

  • Account + profile data is retained while your account is active and for 30 days after deletion.
  • Event data is retained for 24 months in identifiable form, then aggregated.
  • Order data is retained for 7 years for tax compliance.

5. Your rights (UK GDPR)

You can request a copy of your data, ask us to correct it, or ask us to delete your account, at any time. Email support@syncdcard.com or use the in-app "Account & danger" controls.

6. International transfers

Data may be processed in the EU, the UK and the US (via Stripe). We use Standard Contractual Clauses where required.

7. Security

Passwords are bcrypt-hashed. Stripe handles all card data. Database connections are encrypted in transit. Internal access is restricted and logged.

8. Children

SYNCD is not for under-16s. If we learn we hold data on a child under 16, we delete it.

9. Changes

We will publish material changes here and notify you by email or in-app.

10. Contact

Email support@syncdcard.com for any data-protection question.