Privacy Policy
Last updated ·
We collect only what's needed to make cardziAI work for you, we don't sell your data, and you can ask us to delete it any time. This page explains the details. The wording is a working draft pending legal review.
Plain-English summary
- We only collect data needed to run cardziAI for you.
- We never sell or rent your contacts to anyone.
- We never see or store your card details — payments are handled by external payment processors.
- WhatsApp messages flow through Meta's WhatsApp Business platform.
- You can export, correct, or delete your data any time.
1. Who is responsible
The data controller for cardziAI is ByteWeb IT Solutions Private Limited, with its registered office in Vadodara, Gujarat, India. You can reach our team at [email protected] for any privacy-related question or request.
2. Data we collect
Information you provide
- Account details — name, email, password (hashed), company, country.
- Billing details — collected directly by our payment processor. We receive a transaction reference only, not your card details.
- WhatsApp number registrations for your team members.
- Contact information from business cards you forward to cardziAI.
Information collected automatically
- Usage data: which features you use and how often, for product improvement.
- Technical data: IP address, browser, device, and basic diagnostics.
- Logs of important actions on your account (sign-ins, plan changes, etc.).
3. How we use your data
We use your data to:
- Provide and operate the cardziAI service for you;
- Authenticate your sessions and protect your account;
- Bill you for paid plans and add-on packs;
- Provide support and respond to enquiries;
- Improve product quality, security, and reliability;
- Comply with legal obligations.
We do not use your business-card contact data to train any third-party AI model. Service improvements use de-identified samples and internal tooling only.
5. International transfers
We are based in India and our primary data hosting is in Asia. If you are in the European Economic Area, the UK, or another region with cross-border data transfer rules, your data may be transferred to and processed in India under standard contractual clauses or equivalent safeguards.
6. Retention
We keep your data only as long as we need to:
- Active accounts — until you delete your account or cancel and request deletion.
- Billing records — for at least 7 years to meet tax requirements.
- Logs — typically 90 days; security-relevant logs up to 12 months.
- After account deletion, your active data is removed within 30 days; backups age out within 90 days.
7. Security
We use industry-standard protections: encryption in transit (TLS), encryption at rest, role-based access controls, audit logging, and least-privilege engineering practices. Sensitive secrets (such as third-party API tokens) are encrypted with bank-grade encryption. No system is perfectly secure, but we treat your data with the care it deserves.
8. Your rights
Depending on your region, you have rights to access, correct, port, restrict, or delete your personal data, and to object to certain processing. To exercise any of these rights, email [email protected] from the address associated with your account. We respond within 30 days.
10. Children
cardziAI is built for businesses and isn't directed at children under 16. If you believe a child has provided us personal data, contact us and we'll delete it.
11. Changes
We'll update this policy when our practices change. Material changes will be highlighted in-app and the "Last updated" date at the top of this page will reflect the new version.
12. Contact us
Privacy questions or requests? Email [email protected] or write to ByteWeb IT Solutions Private Limited, Vadodara, Gujarat, India.