Privacy Policy

Effective Date: March 30, 2026

Cardflo ('we', 'our', or 'us') explains how we collect, use, and safeguard information when you use our mobile apps (iOS and Android), website, and related services. See also our Terms of Service.

Cardflo is not directed at children under 16. We do not knowingly collect data from children.

1. Information we collect

  • Business card images: Images you capture to extract contact details.
  • Contact fields: Names, phones, emails, titles, companies, addresses, and notes extracted from cards.
  • Account data: Email and authentication identifiers to sync your account.
  • Device identifier: A random device ID stored locally to enforce per-plan device limits (not used for advertising).
  • Purchase records: Credit pack purchases via Razorpay (web), Apple App Store, or Google Play, including transaction IDs for fulfillment.
  • Support messages: Content you send via in-app support.

2. Permissions (mobile apps)

  • Camera: Scan business cards.
  • Contacts: Only when you choose "Save to contacts" on your device.
  • Internet: Sync data and run AI extraction on our servers.

3. How we use information

  • AI extraction: Images are sent to Google Gemini and Anthropic Claude only to extract text. We configure these services for inference, not to train on your card images.
  • Storage: Leads and images are stored in Supabase (hosted infrastructure) under your account.
  • Payments: Razorpay, Apple, and Google process payments; we receive purchase confirmations to add credits.
  • No sale of personal data: We do not sell your contact lists or account data to marketers.

4. Data retention

We retain your leads and account data while your account is active. When you delete your account, we delete associated leads, drafts, usage logs, and stored card images within a reasonable period, except where we must retain minimal records for legal, tax, or fraud prevention.

5. Security

We use HTTPS for all API traffic. Optional PIN-based encryption stores lead payloads encrypted; decryption occurs on your device. Cardflo cannot recover a forgotten PIN.

6. Your rights and account deletion

You may delete your account in Account → Delete account in the app. This permanently removes your leads, images, and profile. You may also email support@cardflo.app for help. EU/UK users may request access or erasure where applicable under GDPR.

7. International transfers

Our infrastructure and AI providers may process data in the United States and other countries. We use contractual and technical safeguards appropriate to the service.

8. Contact

support@cardflo.app

© 2026 Cardflo. All rights reserved.