Privacy policy
PLACEHOLDER — have this reviewed by a solicitor before launch. It reflects how the product actually works so review is fast.
Who we are. Emberloop provides digital business cards and related NFC hardware. For card owners we act as a data controller of account data; for contacts captured through a card's form, the card owner (or their organisation) is the controller and Emberloop is the processor.
What we collect. Account details (name, email, hashed password), card content you publish, leads submitted to your card with an explicit consent record, and usage events (views, saves, taps) without advertising trackers.
Lawful basis. Contract (running your account), consent (lead submissions — the exact consent wording is stored with every lead), and legitimate interest (security and aggregate analytics).
Your rights. Export your data from Settings → Data at any time, and delete your account there too — erasure cascades through cards, leads and analytics. Contacts may ask the card owner or us to remove their lead record.
Retention & security. Sessions are stored hashed; passwords use bcrypt. Data is retained while your account is active and removed on deletion. Sub-processors: hosting, email delivery and payments (Stripe) — full list available on request.
Contact. privacy@emberloop.example.