1. What we collect
When you use CardForge, we may collect the following information:
- Profile details — name, company, title, contact info, and design preferences you enter to generate business card mockups. These are sent to our AI provider (fal.ai) for processing and are not retained on our servers after generation completes.
- Account data — email address and authentication tokens when you sign in. Managed by Better Auth.
- Usage analytics — page views, feature interactions, and general traffic patterns collected via Google Analytics 4. Analytics cookies are only activated after you accept the cookie consent banner.
- Payment metadata — billing email, last-four card digits, and subscription status. Full card numbers are handled entirely by Stripe.
- Request metadata — IP address and user-agent string, retained briefly by Vercel for security and abuse prevention.
2. Data processors
We use the following third-party services to operate CardForge. Each service processes data on our behalf under its own privacy policy.
- Google Analytics 4 (GA4) — anonymous usage analytics and traffic measurement. Consent mode defaults to denied; analytics tracking only activates after you accept the cookie banner. GA4 privacy policy: policies.google.com/privacy
- Stripe — payment processing, subscription management, and billing records. We never store full card numbers. Stripe privacy policy: stripe.com/privacy
- fal.ai — AI image generation for business card mockups. Your profile details and design prompts are transmitted to fal.ai for model inference. Data is not retained by fal.ai after generation completes per their standard terms. fal.ai privacy policy: fal.ai/privacy
- Better Auth — authentication and session management. Handles sign-in, email verification, and session tokens on our behalf.
- Vercel — hosting, CDN, and serverless functions. Standard request logs (IP address, user agent, response times) are retained per Vercel's data retention policy. Vercel privacy policy: vercel.com/legal/privacy-policy
3. Cookies
We use essential cookies to maintain your session and authentication state. We use optional analytics cookies (Google Analytics 4) that require your explicit consent via the cookie banner. You can withdraw consent at any time by clearing your browser cookies or using your browser's privacy settings.
4. Your rights
You may request access to, correction of, or deletion of your personal data at any time by contacting us. If you are located in the EU, EEA, or UK, you have additional rights under GDPR/UK GDPR, including:
- Right to access the data we hold about you
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
5. Data retention
Profile data entered for generation is processed in real-time and not stored after generation completes. Account data is retained while your account is active. Analytics data follows GA4 defaults (14 months). Payment records are retained as required by applicable law and Stripe's financial record-keeping obligations.
6. We do not sell your data
We do not sell, rent, or trade personal information to third parties for marketing or advertising purposes.
7. Contact
For privacy questions, data access requests, or deletion requests, email us at support@symplyai.io. We aim to respond to all privacy requests within 30 days.