Cards of Care

Deeds over feeds

Privacy Policy

How we protect your data

πŸš€ FIRST ROLLOUT
This is our initial rollout. If you encounter any issues or have questions, please email trial@cardsofcare.org

πŸ”’ Our Privacy Commitment

Cards of Care is built with privacy by design. We collect only the minimum data necessary to provide our kindness-sharing service and protect your information with care.

πŸ“Š What Data We Collect

Information You Provide:

  • Messages & Tasks: The kind messages and tasks you write for others
  • Personal Touch (Optional): Your first name, how you received the card, and context notes
  • Location (Optional): City and country to track the card's journey

Technical Information:

  • Session Data: Temporary cookies to keep you logged in securely
  • Browser Storage: Card IDs stored locally to prevent duplicate notifications
  • Security Logs: Timestamps and user agents for security monitoring (no IP addresses)
  • Usage Data: Card interactions for journey tracking and system improvement

🎯 How We Use Your Data

  • Card Delivery: To show your messages to the intended recipients
  • Journey Tracking: To display where cards have traveled
  • Security: To protect against misuse and unauthorized access
  • Improvement: To understand how the service is used and make it better
  • User Experience: To prevent duplicate card notifications and personalize interactions

🚫 What We DON'T Do

  • ❌ No advertising or marketing cookies
  • ❌ No tracking across other websites
  • ❌ No selling of personal data
  • ❌ No external analytics or tracking services
  • ❌ No social media tracking pixels
  • ❌ No IP address collection or logging
  • ❌ No third-party data sharing (except where legally required)

🏒 Data Controller Information

Data Controller: Data SΓΈr (operated by NordicMinds)

βš–οΈ Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on:

  • Legitimate Interest (Article 6(1)(f)): Providing our kindness-sharing service
  • Consent (Article 6(1)(a)): Optional features like analytics and location tracking
  • Vital Interests (Article 6(1)(d)): Security monitoring to protect users

πŸ›‘οΈ Your GDPR Rights

Under the General Data Protection Regulation, you have the following rights:

  • Right of Access (Article 15): Request a copy of your personal data
  • Right to Rectification (Article 16): Correct inaccurate or incomplete data
  • Right to Erasure (Article 17): Request deletion of your personal data
  • Right to Restrict Processing (Article 18): Limit how we process your data
  • Right to Data Portability (Article 20): Receive your data in a portable format
  • Right to Object (Article 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent (Article 7(3)): Withdraw consent at any time

Exercise Your Rights: Contact us to exercise your data protection rights.

πŸ“… Data Retention

  • Card Data: Retained for 2 years from last activity
  • Session Data: Deleted when you close your browser
  • Security Logs: Retained for 12 months for security purposes
  • Consent Records: Retained as required by law for compliance

Data is automatically deleted according to our retention schedule. You can request earlier deletion through our Data Rights Center.

πŸ”„ Data Transfers

Your data is processed within the European Economic Area (EEA). We do not transfer personal data outside the EEA except where:

  • Required by law
  • With your explicit consent
  • Using appropriate safeguards under GDPR

πŸ“§ Contact Us

Questions about privacy, data protection, or GDPR?

You have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.

Cards of Care is committed to spreading kindness while respecting your privacy. We believe in transparency, minimal data collection, and putting users in control of their information.