Privacy

Privacy Policy

Last updated. 2026-06-13
Operator. MyKard.link, owned and operated by Kreative Minds (kreativeminds.ae), United Arab Emirates.

This Privacy Policy explains what information MyKard.link collects, how we use it, and the choices you have. We aim to keep this short and clear. If anything is unclear, email talk@mail.mykard.link.

1. Who we are

MyKard.link is a free digital business card and connections tool. It is owned and operated by Kreative Minds, a Dubai-based marketing and project management agency. We are the data controller for the personal data we process about you.

2. Information we collect

2.1 Information you give us

Account data. Email address and chosen username when you sign up.
Card content. Anything you put on your card, name, photo, role, contact details, links, socials, bio.
Messages. Anything you send us by email or contact form.

2.2 Information collected automatically

Sign-in data. Magic-link tokens, session cookies, sign-in timestamps.
Card view data. When someone visits your card, we log a hashed IP, browser type, country, and timestamp. We use this to show you "Profile views" stats.
Approximate location. Country and region derived from your IP address. Used for security logs, discovery filtering by country, and abuse prevention. Not shared with other users in identifiable form.
Device data. Standard server logs (IP address, user agent) for security and anti-abuse.

2.3 Precise location (events feature, optional)

If you use the Events feature in the MyKard Android app and grant location permission, we may collect your precise location (GPS or device-derived) to tag the event you create or join, and to help you discover nearby events. This is only collected when you explicitly grant permission in the app, and only at the moment you tag or browse events.

You can revoke location permission at any time in your phone's Settings.
Precise location is not shared with other users in real time. Events display only the event venue you chose, not your live location.
The web version of MyKard.link does not access precise location.

2.4 Information from visitors to your card

If a visitor uses the "Save Contact" or "Reach out" buttons on your card, we may store the data they submit (their name, email, phone, message) and share it with you in your Connections panel. We tell visitors this before they submit.

3. How we use your information

To provide MyKard, render your card, and let you edit it.
To authenticate you (magic-link sign-in).
To show you analytics about your card.
To prevent abuse, fraud, and spam.
To respond to your support emails.
To send you product updates (only essential, you can opt out any time).

We do not sell your personal data. We do not run third-party advertising on MyKard.link.

4. Public vs private data

The following information is public by design and visible to anyone who visits your card URL:

Your username, display name, photo, headline, bio
Anything in your card's public sections (links, socials, contact fields you marked visible)

The following information is private and only visible to you (and our admins for support and abuse-handling):

Your account email and authentication metadata
Visitor analytics, IP hashes, view logs
Connections list and notes
Any contact fields you marked hidden

5. Sharing with third parties

We use a small number of carefully chosen processors to run MyKard.link:

Cloudflare (hosting, DNS, edge cache, R2 storage, D1 database). Data is stored in regional datacenters, including APAC and EU. Cloudflare privacy.
Google Workspace (Gmail API) for sending magic-link sign-in emails. Google privacy.
Stripe for processing Pro subscription payments. Card numbers and full payment details are entered on Stripe-hosted forms and never touch MyKard servers. Stripe is the data processor for payment information. Stripe privacy.

We share data with these processors only as needed to run the service. We do not share your data with advertisers or data brokers.

5a. Payment data

Pro subscription billing is handled by Stripe. When you subscribe to Pro:

Card number, expiry, CVC, and full billing details are collected and stored by Stripe. MyKard.link never sees or stores your card number.
We receive and store: a Stripe customer ID, a subscription ID, the plan you bought, the billing country, and the last 4 digits of your card (for invoice display).
We use this to keep your subscription active, show invoices, and process refunds.

The Free plan does not collect payment data.

6. Cookies

We use a small number of strictly-necessary cookies:

mykard_session, your sign-in session, expires in 30 days, HttpOnly, Secure, SameSite=Lax.
No third-party advertising cookies.
No cross-site tracking.

7. Data retention

Account data. Kept while your account is active. Deleted within 30 days of account deletion.
Card content. Deleted within 30 days of card or account deletion.
Card view logs. Kept for 12 months, then deleted.
Magic-link tokens. Expire 30 minutes after issue.
Server logs and request IP logs. Kept up to 30 days for security and abuse-handling, then deleted.
Payment records. Subscription invoices and Stripe customer references are kept for the period required by tax and accounting law (typically 7 years in the UAE). These records do not include card numbers.
Precise location. Used only at the moment of tagging or browsing events. Not stored long-term beyond the event record itself.

8. Your rights

Depending on your country, you may have the right to:

Access the personal data we hold about you
Correct inaccurate data
Delete your account and associated data
Export your data in machine-readable form
Object to certain uses

To exercise any of these rights, email talk@mail.mykard.link. We respond within 30 days.

8.1 Delete my data

You can delete your account and all data at any time. Two ways:

From inside the app. Sign in at app.mykard.link, go to Settings, tap "Delete account". Data is removed within 30 days.
By email. Email talk@mail.mykard.link with the subject "Delete my data". Include the email you signed up with. We action the request within 90 days, usually sooner.

You can also delete individual items without removing your account: cards, connections, events, profile fields, uploaded files. See the Delete your account page for full details.

9. International transfers

MyKard.link operates from the UAE. Your data may be processed in the UAE, the EU, the US, and other countries where Cloudflare operates edge nodes. We rely on standard contractual clauses and processor agreements where required.

10. Children

MyKard.link is not intended for users under 16. We do not knowingly collect data from children under 16. If you believe a child has registered, email us and we will delete the account.

11. Security

We use industry-standard security: TLS in transit, encryption at rest for stored credentials and tokens, hashed IPs, and tight access controls on our admin console. No system is perfectly secure. If you believe an incident has occurred, email talk@mail.mykard.link.

12. Changes to this policy

We will post any material changes here and update the "Last updated" date. For significant changes, we'll also email registered users.

13. Contact

For privacy questions, complaints, or to exercise your rights, contact:
Kreative Minds, MyKard.link team
Email: talk@mail.mykard.link
Web: kreativeminds.ae