Privacy Policy

1. Who we are

The Card Genie ("we", "us", "our") is a UK-based service that lets you create personalised AI-generated e-cards. We are the data controller for the personal data described in this policy. You can reach us at support@thecardgenie.com.

2. Data we collect

Information you provide

• Account data - email address and display name when you sign up.
• Photos - images you upload to generate cards.
• Card content - text, occasion, and style choices you make.

Information collected automatically

• Usage data - pages visited, features used, timestamps (via Google Analytics).
• Device data - browser type, operating system, screen size, IP address.
• Cookies - see our Cookie Policy.

Information from third parties

• Payment data - Stripe processes your payment. We receive a transaction ID, amount, and last four card digits. We never see or store your full card number.
• Bot detection - Cloudflare Turnstile provides a risk score. No personal data is shared with us from this check.

3. How we use your data

• To create and deliver your AI-generated cards.
• To process payments and send receipts.
• To send card-sharing and reminder emails you request.
• To improve the service and fix bugs.
• To prevent fraud and abuse.

Our legal bases under UK GDPR are: contract performance (providing the service you requested), legitimate interest (analytics, security), and consent(marketing emails, non-essential cookies).

4. Third-party services

We share data only as needed to run the service:

• Supabase (EU) - database hosting and authentication.
• Stripe (US, EU) - payment processing. See Stripe's privacy policy.
• fal.ai (US) - AI image and video generation. Your uploaded photos are sent to fal.ai solely to generate your card, then deleted from their systems.
• Prodigi (UK) - print and postal fulfilment for physical card orders. Receives the recipient's name, postal address and the card image for the purpose of printing and dispatching your order. See Prodigi's privacy policy.
• Resend (US) - transactional email delivery.
• Google Analytics (US) - anonymised usage analytics, only with your consent.
• Cloudflare (US) - CDN, bot protection (Turnstile), and performance.
• Sentry (US) - error monitoring to help us fix bugs. May capture sanitised error data.

Where data is transferred outside the UK, we rely on adequacy decisions or standard contractual clauses to protect your data.

5. Data retention

• Account data - kept while your account is active. Deleted within 30 days of account deletion (including any residual backup copies).
• Uploaded photos, voice notes and handwriting samples - stored in our private storage bucket and used only to generate your cards. Source uploads are automatically deleted 30 days after upload (or sooner once the linked card has been generated and delivered). Earlier deletion if you delete your account.
• Generated cards - the shareable card link stays live for 120 days from the date of purchase. After that the link expires and the underlying image / video assets are deleted. Pro users who schedule a card to send on a future date keep the card live for the longer of: 120 days, or 30 days after the scheduled send date. Download the card or take a screenshot if you want to keep it forever.
• Event invitations and wedding stationery - cards tied to a specific event date (weddings, birthday parties, baby showers, etc) stay live until 30 days after the event date recorded in the event or wedding project, then expire. Invitation-type cards created without a linked event date follow the standard 120-day window above.
• Printed card records - the recipient name and postal address you provided for a print order are shared with our UK print partner to fulfil delivery, and retained on our side for 7 years as part of the linked payment record for UK tax compliance.
• RSVP responses - retained for as long as the associated invitation card is stored (per the rules above), or until the guest asks us to remove their response, whichever is sooner. See section 6 below for the full RSVP detail.
• RSVP submitter IP addresses - stored truncated (/24 for IPv4, /48 for IPv6) for 90 days only, then nulled. Used solely for abuse investigation.
• Payment records - retained for 7 years as required by UK tax law.
• Analytics data - retained for 14 months by Google Analytics.

6. Invitations and RSVPs

Some of our cards are invitation-type cards (weddings, birthday parties, baby showers, etc). When someone creates an invitation through our service, the recipient of the invitation can respond using a public RSVP link. This section explains how we handle both the sender's and the guest's data in that flow.

What the guest (RSVP submitter) provides

• Name - required so the host knows who responded.
• Response - yes, no, or maybe.
• Plus-ones - a number between 0 and 10.
• Dietary requirements (optional) - free-text field. This may include health-related information (allergies, medical diets).
• Message to the host (optional) - free-text field.

What we collect automatically

• Truncated IP address - IPv4 rounded to /24, IPv6 to /48. Stored for 90 days then nulled. Used only for abuse investigation; never shown to the host.

Legal bases under UK GDPR

• Name, response, plus-ones, message - Article 6(1)(f) legitimate interests. The guest has been invited to an event; responding to that invitation is a reasonable expectation of our service.
• Dietary information - Article 9(2)(a) explicit consent. The RSVP form asks the guest to confirm they're happy for the information to be shared with the host; we don't process this field without that explicit tick.
• Truncated IP - Article 6(1)(f) legitimate interests (fraud and abuse prevention).

Who sees what

• The host (the person who created the invitation) sees the guest's name, response, plus-one count, dietary notes and message.
• The host does not see the guest's IP address.
• We do not share RSVP data with any other party. It stays on our servers and is only accessed on the host's personalised RSVP dashboard.

Guest rights

Guests who submit an RSVP are data subjects in their own right. After submitting, guests can:

• Remove their own response from the host's list using the "Remove my response" button that appears after submitting.
• Request removal at any later time by emailing support@thecardgenie.com. Please include the event name and your response name so we can locate the record.
• Exercise all the other rights listed in section 7 below (access, correction, objection, complaint to the ICO).

Sender controls

The host can pause or resume RSVP submissions at any time from their invitation preview page. Pausing stops new responses from being accepted but does not delete responses already received.

7. Your rights

Under UK GDPR you have the right to:

• Access your personal data.
• Correct inaccurate data.
• Delete your data ("right to be forgotten").
• Restrict or object to processing.
• Data portability - receive your data in a common format.
• Withdraw consent at any time (e.g. cookie preferences).

To exercise any of these rights, email us at support@thecardgenie.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Children

The Card Genie is not intended for children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Security

We use HTTPS encryption, secure authentication via Supabase, and restrict access to personal data to essential systems only. While no system is 100% secure, we take reasonable measures to protect your data.

10. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or by displaying a notice on the site. The "last updated" date at the top reflects the most recent revision.

11. Contact

Questions about this policy? Email us at support@thecardgenie.com.