Privacy Policy

Last updated: October 15, 2025

Friend.Cards (“Friend.Cards”, “we”, “us”, “our”) provides a mobile app (built with React/Expo) and a website at friend.cards (the “Services”). This Policy explains what we collect, how we use it, and your choices. This page is for transparency and convenience and is not legal advice.

Information We Collect

• Account information. When you create an account we collect a username, your email address, and a password. Passwords are stored using industry-standard hashing (we never store plain-text passwords). We also assign a system UUID to your account.
• Profile & content. Photos/images you upload for your cards, text you add (titles, captions, themes), and related metadata (e.g., file type, dimensions).
• Usage & diagnostics. Basic logs and performance data to operate and secure the Services (e.g., timestamps, IP address at request time, device/app version, crash reports). We do not sell this data.
• Cookies/local storage. On the website we may use cookies or local storage to keep you logged in and remember preferences.

How We Use Information

• To create and manage your account and authenticate you.
• To let you create, view, and share your Friend Cards and related features.
• To maintain security, prevent abuse, and debug/measure performance.
• To communicate with you about updates, support, and policy changes.
• To comply with legal obligations.

Where Your Data Lives (Our Providers)

We use reputable service providers to run the Services. In particular we use Supabase for database, authentication, and file storage (images). Your data is stored and processed on their infrastructure subject to their security practices. We may also use hosting/CDN, email, and logging providers. These providers act as our processors and only use your information to provide services to us.

When We Share Information

• Service providers. As above, only to operate the Services and under confidentiality obligations.
• Legal and safety. If reasonably necessary to comply with law, protect rights, users, or the public, or detect/prevent fraud or security issues.
• With your direction. For example, when you make a card public, its content is available to anyone who can view it.

Retention

• Account data is kept while your account is active. If you delete your account, we delete or anonymize personal data within a reasonable period, except where retention is required by law or for security (e.g., backup logs).
• Content you delete is removed from active systems; residual copies may persist in backups for a limited time.

Your Choices & Rights

• Access, correction, deletion. You can request a copy of your data, ask us to correct inaccurate information, or delete your account. We’ll verify requests before acting.
• Public cards. If you publish a card, it’s public by nature. You can unpublish or delete it at any time.
• Emails. If we ever send non-essential emails, you can opt out via the message or by contacting us.

Security

We use reasonable technical and organizational measures—encryption in transit (HTTPS), hashed passwords, access controls, least-privilege—to protect information. No system is perfectly secure; please report issues if you find them.

Children

Friend.Cards is not directed to children under 13, and we do not knowingly collect personal information from them.

International Transfers

We may process and store information in countries other than where you live (e.g., where our providers host their systems). We take steps to protect your data consistent with this Policy wherever it is processed.

Changes to This Policy

We may update this Policy from time to time. We’ll post the updated version here and revise the “Last updated” date above. Material changes may also be announced in-app or on the site.

Contact Us

Questions or requests? Email support@friend.cards.

This summary is not legal advice. Depending on your users and location, additional notices (e.g., GDPR/CCPA disclosures) may be required.