Last updated: May 25, 2026

This Privacy Policy explains how Drive Card (“Drive Card”, “we”, “us”, or “our”) collects, uses, shares, and protects personal information when you use our digital business card platform at drivecard.io and related services (the “Service”). By using the Service, you agree to the practices described here. If you do not agree, do not use the Service.

For the purposes of laws like the EU/UK GDPR, Drive Card is the data controller for personal information collected about you as an account holder. For personal information you upload about other people (for example, contacts who scan your card), you are the controller and Drive Card acts as a processor on your behalf.

1. Information we collect

a. Information you give us directly

  • Account information: name, email address, password (stored hashed), and, if you sign in with Google, your Google account identifier and basic profile fields returned by Google.
  • Card content: profile info, job title, company name, bio, photos, logos, cover images, contact details, links, theme/font choices, and any other content you add to your public card.
  • Team and company information: team and company names, member emails you invite, roles, and company‑wide branding/links.
  • Shop and payment information: orders you place, shipping address, and order history. Card numbers are entered on Stripe’s hosted checkout and are never seen or stored by Drive Card.
  • Support and communications: messages you send to support@drivecard.io or marketing@advyon.com.

b. Information collected automatically when you or visitors use the Service

  • Visit and event data on public cards: page views, link clicks, referrer URL, and approximate device/browser info. This powers your insights dashboard.
  • Geolocation (approximate): city / region / country derived from the visitor’s IP address via a third‑party IP geolocation lookup. We do not collect GPS location.
  • Log data: IP address, user agent, timestamps, and request paths, used for security, abuse prevention, and debugging.
  • Cookies and similar technologies: a session cookie to keep you signed in (essential), and, on public cards, a small first‑party identifier used to de‑duplicate repeat visits in the insights dashboard. We do not use third‑party advertising or cross‑site tracking cookies. If a card owner has connected GA4 (see below), Google may also set its own analytics cookies on that public card.

c. Information from third parties you connect

When you connect an external account, we receive only what you authorize:

  • Google (sign‑in): your verified email, name, profile picture, and Google account ID.
  • X (Twitter): OAuth 2.0 access and refresh tokens with scopes tweet.readtweet.writeusers.readoffline.access, plus your X user ID/handle. Used so you can post to X from your card.
  • Facebook Pages: OAuth tokens and Page IDs/names obtained via Facebook Login for Business with permissions pages_show_listpages_manage_postspages_read_engagement. Used so you can post to a Page from your card.
  • Stripe: customer, checkout session, and order metadata necessary to process payments.
  • Google Analytics 4 (GA4): if the operator of the Service has configured a GA4 property, visits to public cards are also mirrored to GA4 for the card owner’s analytics.

2. How we use information

We use personal information to:

  • Create and operate your account, authenticate you, and keep the Service secure.
  • Render and host your public digital business card and make it accessible at its URL or via its QR code.
  • Show you insights and analytics about visitors to your card.
  • Send transactional emails — sign‑in, invitations, password reset, receipts, important account or service notices — via our SMTP email provider.
  • Publish content to connected third‑party accounts (X, Facebook) on your behalf when you ask us to.
  • Process payments and fulfill shop orders.
  • Detect, investigate, and prevent fraud, abuse, spam, and security incidents.
  • Comply with legal obligations and enforce our Terms of Service.
  • Improve and develop the Service (in aggregated or de‑identified form where feasible).

We do not sell your personal information. We do not use your content or your card visitors’ data to train AI models or for advertising.

3. Legal bases (EU/UK users)

Where GDPR applies, we rely on the following legal bases:

  • Contract — to provide the Service you signed up for (account, card hosting, shop orders).
  • Legitimate interests — security, abuse prevention, product analytics, basic insights for card owners on their own cards.
  • Consent — for optional integrations you choose to connect (Google, X, Facebook), and for any analytics that go beyond what’s strictly necessary. You can withdraw consent at any time by disconnecting the integration in your settings or in the third party’s account.
  • Legal obligation — to comply with tax, accounting, and other applicable laws.

4. Sharing of information

We share personal information only with:

  • Service providers (“sub‑processors”) that help us operate the Service, under contract and only for our instructions, including:
    • Stripe — payment processing.
    • Google — sign‑in, GA4 analytics (where configured).
    • X (Twitter) / Meta (Facebook) — only the requests you initiate to publish content.
    • SMTP email provider — to deliver transactional email.
    • IP geolocation provider — to resolve approximate visitor location for insights.
    • Hosting / infrastructure providers — to host the application and databases.
  • Other users on your team or company — your name, email, profile, and team/company role are visible to teammates and admins of your team or company.
  • Anyone you share your public card with — your card content (name, title, photo, links, bio, etc.) is intentionally public to anyone with the URL or QR code.
  • Authorities or third parties when required by law, valid legal process, or to protect the rights, property, or safety of Drive Card, our users, or the public.
  • Successors in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

We do not sell personal information and do not “share” it for cross‑context behavioral advertising as defined under U.S. state privacy laws.

5. Public content

Your public business card is — by design — public. Anything you put on it (name, photo, contact methods, links, bio, employer, posts) is visible to anyone with the URL or QR code, and may be indexed by search engines and cached by third parties. Do not put information on your public card that you do not want to be public.

6. International transfers

Drive Card is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. and other countries where our service providers operate. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses for transfers of personal data out of the EU/UK.

7. Data retention

We keep account and card data for as long as your account is active. When you delete your account, we delete or de‑identify the associated personal information within a reasonable period, except where we are legally required to keep it (for example, tax records of past purchases) or where retention is necessary for security, fraud prevention, or to resolve disputes. Aggregated and de‑identified data that can no longer reasonably be linked to you may be retained.

Visitor insight events on public cards are stored for as long as the card owner uses the Service.

8. Security

We use industry‑standard measures to protect your data, including TLS encryption in transit, bcrypt password hashing, SHA‑256‑hashed password‑reset tokens, server‑side session management, and access controls on our infrastructure. No system is perfectly secure; if you have reason to believe your account or data has been compromised, contact us immediately at support@drivecard.io.

9. Your rights

Depending on where you live (e.g., EU/UK/EEA, California, other U.S. states with privacy laws), you may have the right to:

  • access the personal information we hold about you,
  • correct inaccurate information,
  • delete your information (subject to legal exceptions),
  • export a copy of your data in a portable format,
  • restrict or object to certain processing,
  • withdraw consent for optional integrations,
  • opt out of “sale” or “sharing” — we do neither, but you may still submit a request,
  • lodge a complaint with your data protection authority.

To exercise any of these rights, email support@drivecard.io from the email address associated with your account, or use the in‑app account settings where available. We will respond within the timeframe required by applicable law. We will not discriminate against you for exercising your rights.

10. Children

Drive Card is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, please contact us at support@drivecard.io and we will delete it.

11. Third‑party links and services

Public cards typically contain links to third‑party websites and platforms. Those services have their own privacy practices, and we are not responsible for them. We encourage you to read the privacy policy of any third party you interact with through Drive Card.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If a change is material, we will provide reasonable notice (for example, by email or an in‑app notice) before it takes effect. The “Last updated” date at the top of this page indicates when this Policy was last revised.

13. Contact

For any privacy questions or requests, contact:

Drive Card
100 Seven Oaks Ln, Summerville, SC 29485, United States
Email: support@drivecard.io