Privacy Policy

Effective Date: May 11, 2026 Last Updated: May 11, 2026

This Privacy Policy describes how Øen Cards ("we," "us," or "our") collects, uses, and discloses information when you use the Øen Cards platform, including our website at oen.cards, our mobile and web applications, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, do not use the Service.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account or use our Service, you may provide:

Account Information: Name, email address, password (stored as a hash), phone number, profile photo, and professional information (job title, company, biography). Business Card Content: Information you choose to display on your digital business cards, including but not limited to: contact details, social media links, website URLs, professional credentials, custom fields, photos, and brand assets (logos, colors, fonts). Contact Information: When you capture contacts using our Service (through badge scanning, QR codes, paper card scanning, voice notes, or manual entry), we collect and store the information you capture about those contacts. Payment Information: When you subscribe to a paid plan, we collect billing information through our payment processor (Stripe). We do not store full credit card numbers on our servers. Communications: Information you provide when you contact us for support, send feedback, or otherwise communicate with us.

1.2 Information We Collect Automatically

When you use our Service, we automatically collect:

Device and Usage Information: IP address, browser type, operating system, device identifiers, pages visited, features used, time spent, and navigation patterns within the Service. Card View Analytics: When someone views your card, we collect data about the view (timestamp, general location based on IP, device type) to provide you with analytics. This data is collected on your behalf as part of the Service you operate. Cookies and Similar Technologies: We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze how the Service is used. You can control cookies through your browser settings.

1.3 Information from Third Parties

If you connect third-party services to your account (such as CRMs, calendars, social networks, or design tools), we may receive information from those services as authorized by you. We only access the data necessary to provide the integration you requested.

2. How We Use Information

We use the information we collect to:

3. The Maria-and-John Ethical Analytics Line

We maintain a strict ethical separation in how we handle viewer data:

What we tell you (the card owner): Aggregate, anonymized information about who viewed your card — total view count, general geographic regions (city level), device types, and time patterns. What we never tell you: The specific identity of individuals who viewed your card without engaging (no name, email, or identifying details for passive viewers). The exception: If someone explicitly engages with your card (saves your contact, sends you a message, scans your QR code as part of a deliberate exchange, or fills out a form), we share their information with you because they took an affirmative action to share it.

This separation exists to protect both you and the people who view your cards. We will not compromise on this line. It is enforced at the database schema level, not just by policy.

4. Information Sharing and Disclosure

We do not sell your personal information. We share information only in these circumstances:

Service Providers: With trusted third-party service providers who help us operate the Service (hosting, payment processing, email delivery, analytics). These providers are bound by confidentiality obligations and may only use information as necessary to provide their services. Card Recipients: Information you choose to display on your cards is, by definition, shared with people who view your cards. Legal Requirements: When required by law, court order, subpoena, or government request, or to protect the rights, property, or safety of Øen Cards, our users, or others. Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy. With Your Consent: With your explicit consent for any purpose not otherwise described in this policy.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service.

Active Accounts: We retain account information, card data, captured contacts, and usage data for as long as you maintain an active account. Closed Accounts: When you close your account, we retain your information for thirty (30) days to allow account recovery, after which we delete it from our active systems. Financial Records: Billing and payment records are retained for seven (7) years as required by tax and accounting laws. Legal Holds: We may retain information longer than the periods above if required by law, court order, subpoena, ongoing investigation, anticipated litigation, or legitimate legal hold. Backups: Information may exist in our encrypted backup systems for up to ninety (90) days after deletion before being overwritten in the normal course of backup rotation. Aggregated Data: We may retain aggregated, anonymized data indefinitely for analytics and product improvement.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access: You may request a copy of the personal information we hold about you. Correction: You may correct inaccurate personal information through your account settings or by contacting us. Deletion: You may request deletion of your personal information, subject to legal retention requirements described in Section 5. Portability: You may request your data in a portable format. Objection and Restriction: You may object to or request restriction of certain processing of your information. Marketing Opt-Out: You may opt out of marketing communications at any time using the unsubscribe link in our emails or by contacting us. Do Not Track: We do not currently respond to "Do Not Track" browser signals.

To exercise these rights, contact us at [email protected] or by mail (see Section 12).

7. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for which we collected the information, and the categories of third parties with whom we share it. Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions. Right to Correct: You may request correction of inaccurate personal information. Right to Opt-Out of Sale: We do not sell personal information. If this changes in the future, you will have the right to opt out. Right to Limit Use of Sensitive Personal Information: You may request that we limit the use of certain sensitive personal information. Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at [email protected]. We may require verification of your identity before processing requests.

Categories of Information Collected: Identifiers, customer records, commercial information, internet activity, geolocation data, professional information, and inferences drawn from these categories. Sources of Information: Directly from you, automatically through your use of the Service, and from third parties when you connect integrations. Business Purposes: Providing the Service, security, analytics, legal compliance, and the purposes described in Section 2. Disclosure to Third Parties: Service providers (hosting, payment processing, email delivery, analytics), as described in Section 4.

8. International Data Transfers

We are based in the United States. If you are accessing the Service from outside the United States, your information will be transferred to, processed, and stored in the United States. By using the Service, you consent to this transfer.

If you are located in the European Economic Area, United Kingdom, or Switzerland, we comply with applicable data protection laws when transferring personal information from these regions.

9. Security

We employ industry-standard security practices to protect your information, including:

However, you acknowledge that no method of internet transmission or electronic storage is one hundred percent secure. While we work diligently to protect your information using these measures and continue to invest in security improvements, we cannot guarantee absolute security against all threats. You use the Service at your own risk and acknowledge this inherent limitation of internet-based services.

10. Children's Privacy

The Service is not intended for children under eighteen (18) years of age. We do not knowingly collect personal information from children under eighteen. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete that information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on the Service before the changes take effect. The "Last Updated" date at the top of this policy indicates when it was last revised.

Continued use of the Service after a Privacy Policy update constitutes acceptance of the updated policy.

12. Artificial Intelligence Features

The Service uses artificial intelligence and machine learning ("AI Features") to enhance functionality. This section describes how your information is handled in connection with AI Features.

12.1 AI Providers

We use third-party AI providers, including Anthropic (Claude), to power certain AI Features. When you use AI Features, certain information may be transmitted to these providers for processing.

12.2 Information Sent to AI Providers

Depending on the AI Feature you use, the following information may be sent to AI providers:

We minimize the information sent to only what is necessary to provide the requested AI Feature.

12.3 How AI Providers Use Information

Our AI providers process inputs to generate outputs but do not use customer inputs to train their AI models without explicit consent. Each AI provider has its own data handling practices, which we cannot fully control. We select AI providers that meet our privacy and security standards.

12.4 Storage of AI Inputs and Outputs

We may store AI inputs (your requests) and outputs (the AI's responses) to:

12.5 Your Choices

You may choose not to use AI Features. Where possible, we offer non-AI alternatives. You may request deletion of AI inputs and outputs associated with your account, subject to the retention requirements described in Section 5.

12.6 Limitations of AI

Please refer to our Terms of Service for important information about the nature of AI outputs and your responsibilities when using AI Features.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, you may contact us:

Email: [email protected] Mail: Øen Cards Attn: Privacy Officer 25891 Nimes Court Mission Viejo, CA 92692 United States

For California residents exercising CCPA / CPRA rights, please include "California Privacy Request" in the subject line of your communication.

14. Legal Entity

Øen Cards is a registered fictitious business name (DBA) of Aidin Foster, an individual located in Mission Viejo, California, United States.