Privacy

Privacy Policy

Last updated. 2026-04-29
Operator. MyKard.link, owned and operated by Kreative Minds (kreativeminds.ae), United Arab Emirates.

This Privacy Policy explains what information MyKard.link collects, how we use it, and the choices you have. We aim to keep this short and clear. If anything is unclear, email hello@mykard.link.

1. Who we are

MyKard.link is a free digital business card and connections tool. It is owned and operated by Kreative Minds, a UAE-based studio. We are the data controller for the personal data we process about you.

2. Information we collect

2.1 Information you give us

Account data. Email address and chosen username when you sign up.
Card content. Anything you put on your card, name, photo, role, contact details, links, socials, bio.
Messages. Anything you send us by email or contact form.

2.2 Information collected automatically

Sign-in data. Magic-link tokens, session cookies, sign-in timestamps.
Card view data. When someone visits your card, we log a hashed IP, browser type, country, and timestamp. We use this to show you "Profile views" stats.
Device data. Standard server logs (IP address, user agent) for security and anti-abuse.

2.3 Information from visitors to your card

If a visitor uses the "Save Contact" or "Reach out" buttons on your card, we may store the data they submit (their name, email, phone, message) and share it with you in your Connections panel. We tell visitors this before they submit.

3. How we use your information

To provide MyKard, render your card, and let you edit it.
To authenticate you (magic-link sign-in).
To show you analytics about your card.
To prevent abuse, fraud, and spam.
To respond to your support emails.
To send you product updates (only essential, you can opt out any time).

We do not sell your personal data. We do not run third-party advertising on MyKard.link.

4. Public vs private data

The following information is public by design and visible to anyone who visits your card URL:

Your username, display name, photo, headline, bio
Anything in your card's public sections (links, socials, contact fields you marked visible)

The following information is private and only visible to you (and our admins for support and abuse-handling):

Your account email and authentication metadata
Visitor analytics, IP hashes, view logs
Connections list and notes
Any contact fields you marked hidden

5. Sharing with third parties

We use a small number of carefully chosen processors to run MyKard.link:

Cloudflare (hosting, DNS, edge cache, R2 storage, D1 database). Data is stored in regional datacenters, including APAC and EU. Cloudflare privacy.
Google Workspace (Gmail API) for sending magic-link sign-in emails. Google privacy.

We share data with these processors only as needed to run the service. We do not share your data with advertisers or data brokers.

6. Cookies

We use a small number of strictly-necessary cookies:

mykard_session, your sign-in session, expires in 30 days, HttpOnly, Secure, SameSite=Lax.
No third-party advertising cookies.
No cross-site tracking.

7. Data retention

Account data. Kept while your account is active. Deleted within 30 days of account deletion.
Card content. Deleted within 30 days of card or account deletion.
Card view logs. Kept for 12 months, then deleted.
Magic-link tokens. Expire 30 minutes after issue.
Server logs. Kept up to 60 days.

8. Your rights

Depending on your country, you may have the right to:

Access the personal data we hold about you
Correct inaccurate data
Delete your account and associated data
Export your data in machine-readable form
Object to certain uses

To exercise any of these rights, email hello@mykard.link. We respond within 30 days.

9. International transfers

MyKard.link operates from the UAE. Your data may be processed in the UAE, the EU, the US, and other countries where Cloudflare operates edge nodes. We rely on standard contractual clauses and processor agreements where required.

10. Children

MyKard.link is not intended for users under 16. We do not knowingly collect data from children under 16. If you believe a child has registered, email us and we will delete the account.

11. Security

We use industry-standard security: TLS in transit, encryption at rest for stored credentials and tokens, hashed IPs, and tight access controls on our admin console. No system is perfectly secure. If you believe an incident has occurred, email hello@mykard.link.

12. Changes to this policy

We will post any material changes here and update the "Last updated" date. For significant changes, we'll also email registered users.

13. Contact

For privacy questions, complaints, or to exercise your rights, contact:
Kreative Minds, MyKard.link team
Email: hello@mykard.link
Web: kreativeminds.ae