Privacy Policy
Last updated: 18 December 2025
1. Introduction
CardITvisio ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application for creating print-ready cards and labels.
This policy is designed to comply with applicable privacy laws including:
- GDPR - General Data Protection Regulation (EU/EEA/UK)
- CCPA/CPRA - California Consumer Privacy Act / California Privacy Rights Act (USA)
- POPIA - Protection of Personal Information Act (South Africa)
- Privacy Act 1988 (Australia)
- APPI - Act on the Protection of Personal Information (Japan)
By using CardITvisio, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
Information You Provide
- Account Information: If you create an account, we collect your email address and payment information (processed by our payment provider, Paystack).
- Uploaded Content: Images you upload to create cards and labels. These are processed in your browser and on our servers for PDF generation.
- Communications: When you contact us for support, we collect your email and message content.
Information Collected Automatically
- Usage Data: Pages visited, features used, and general interaction patterns.
- Device Information: Browser type, operating system, and screen resolution.
- Local Storage: We store your preferences, consent choices, and session data locally in your browser.
3. How We Use Information
We use collected information to:
- Provide, operate, and maintain our service
- Process your uploaded images and generate PDF files
- Process payments and manage subscriptions
- Respond to your inquiries and support requests
- Improve and develop new features
- Detect and prevent fraud or abuse
- Comply with legal obligations
4. Uploaded Content & Ownership
Your Content Remains Yours
You retain all ownership rights to images you upload. We do not claim any intellectual property rights over your content.
Uploaded images are:
- Processed temporarily for PDF generation
- Not stored permanently on our servers after processing
- Not used for any purpose other than providing the service
- Not shared with third parties
- Not used to train AI or machine learning models
You are responsible for ensuring you have the rights to use any images you upload.
5. Legal Basis for Processing (GDPR)
If you are in the EU/EEA/UK, we process your personal data based on:
- Contract Performance: Processing necessary to provide the service you requested.
- Consent: Where you have given explicit consent (e.g., for analytics cookies).
- Legitimate Interests: For security, fraud prevention, and service improvement, balanced against your rights.
- Legal Obligation: Where required by law.
6. International Transfers
CardITvisio is a global service. Your information may be processed in countries outside your jurisdiction, including South Africa and the United States (via our hosting provider Netlify and payment processor Paystack).
When we transfer data internationally, we implement appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data processing agreements with our service providers
- Technical security measures
7. Data Retention
We retain your information only as long as necessary:
- Uploaded Images: Deleted immediately after PDF generation
- Account Data: Retained while your account is active, deleted upon request
- Payment Records: Retained as required by law (typically 7 years)
- Support Communications: Retained for 2 years
- Analytics Data: Anonymized or deleted after 26 months
8. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data ("right to be forgotten")
- Restriction: Request restriction of processing
- Portability: Request your data in a portable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw previously given consent at any time
- Lodge Complaint: File a complaint with your local data protection authority
To exercise these rights, contact us at support@carditvisio.com.
9. Security
We implement appropriate technical and organizational measures to protect your information, including:
- HTTPS encryption for all data transmission
- Secure hosting with industry-standard protections
- Regular security assessments
- Limited access to personal data on a need-to-know basis
However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date.
We encourage you to review this policy periodically for any changes.
11. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Do Not Sell or Share My Personal Information
We do not sell your personal information. We have not sold personal information in the preceding 12 months.
We do not share your personal information for cross-context behavioral advertising.
If our practices change in the future, we will provide an opt-out mechanism and update this policy accordingly.
Your California Rights
As a California resident, you have the right to:
- Know: Request what personal information we collect, use, and disclose
- Access: Obtain a copy of your personal information
- Delete: Request deletion of your personal information
- Correct: Request correction of inaccurate information
- Opt-Out: Opt out of the sale or sharing of personal information (not applicable as we do not sell/share)
- Non-Discrimination: Not be discriminated against for exercising your rights
Exercising Your Rights
To exercise your California privacy rights, contact us at support@carditvisio.com with the subject line "California Privacy Request."
We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.
Categories of Personal Information
In the past 12 months, we have collected the following categories of personal information:
| Category | Collected | Purpose |
|---|---|---|
| Identifiers (email) | Yes | Account creation, communications |
| Commercial Information | Yes | Payment processing |
| Internet Activity | Yes | Service improvement |
| Geolocation | No | N/A |
| Biometric Information | No | N/A |
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
Email: support@carditvisio.com
We aim to respond to all privacy-related inquiries within 30 days.