Legal
CardWally — Privacy Policy
Effective date: 14/07/2026 · Last updated: 14/07/2026
This Privacy Policy explains how CardWally ("CardWally", "we", "us") collects, uses, and protects personal data when you use our website and app (the "Service"). We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.
1. Who we are (Data Controller)
CardWally is the data controller for personal data processed through the Service. Contact: Leon Gavalas, Motley Group SMPC, email: privacy@cardwally.com.
2. What data we collect
- Account data — when you create an account: your name and email address, and authentication data (via email magic-link or Google sign-in).
- Card content — the information you choose to put on your digital business card: name, job title, company, phone, email, website, social links, logo/avatar images, and any links you add.
- Scan data — when someone views your public card page, we record analytics such as the time of the visit, an approximate country derived from IP address, browser/user-agent, and referrer. We use a cookie or local identifier to recognise repeat visits.
- Lead data — if a visitor chooses to "share their details back", we collect the contact details they submit (name, email, and optionally phone, company, and notes) and make them available to the card owner.
- Payment data — if you upgrade to a paid feature, payments are processed by Stripe. We do not store your full card details; Stripe processes them under its own privacy policy.
- Technical data — cookies and similar technologies necessary to operate the Service (see Cookies below).
3. Why we process your data and our legal basis
We process personal data to: create and operate your account and card (performance of a contract); display public card pages and enable contact sharing (contract / legitimate interests); provide scan analytics to card owners (legitimate interests); process payments (contract); communicate with you about the Service (legitimate interests / consent); and comply with legal obligations. Where we rely on consent (e.g. certain analytics or marketing), you may withdraw it at any time.
4. Lead data and your responsibilities as a card owner
When you use CardWally to collect other people's contact details ("leads"), you act as the controller of that data and are responsible for having a lawful basis (such as the person's consent) to collect and contact them, and for handling their rights. CardWally acts as a processor for that data on your behalf. You agree to use collected contact details lawfully and only for legitimate purposes, and to honour any request from a person to be deleted.
5. How we share data
We share personal data only with service providers that help us run the Service, under appropriate agreements: Supabase (database, authentication, hosting), Stripe (payments), and our hosting/infrastructure providers. Your public card is, by design, visible to anyone who has its link or scans its code. We do not sell your personal data. We may disclose data if required by law.
6. International transfers
Some providers may process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
7. How long we keep data
We keep account and card data for as long as your account is active. Scan and lead data are retained while relevant to the card owner or until deletion is requested. If you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must retain it to meet legal obligations.
8. Your rights
Under the GDPR you have the right to access, correct, delete, restrict, or object to the processing of your personal data, the right to data portability, and the right to withdraw consent. You may exercise these rights by contacting privacy@cardwally.com. You also have the right to lodge a complaint with your local supervisory authority (in Greece, the Hellenic Data Protection Authority).
9. Cookies
We use strictly necessary cookies to run the Service (e.g. keeping you signed in) and a visitor identifier to measure card scans and repeat visits. You can control cookies through your browser settings; disabling some cookies may affect functionality.
10. Security
We use reasonable technical and organisational measures to protect personal data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
11. Children
The Service is not intended for children under 16, and we do not knowingly collect their personal data.
12. Changes to this policy
We may update this policy from time to time. We will post the updated version here and change the "Last updated" date. Significant changes will be communicated where appropriate.
13. Contact
Questions or requests: privacy@cardwally.com.
