Privacy Policy

Thank you for using our e‑card web application (“Service,” “we,” “us,” or “our”). Your privacy matters to us. This Privacy Policy explains what information we collect, how we use and share it, and the choices you have—especially regarding our use of Firebase and Google Analytics. By using the Service, you agree to the collection and use of information in accordance with this Policy.

Summary

  • We collect information you provide and data generated by your use of the Service.
  • We use Firebase for hosting, authentication, database, storage, and related services.
  • We use Google Analytics to understand and improve how the Service is used.
  • We do not sell your personal information.
  • You can request access, correction, deletion, or export of your data, subject to applicable law.

Information We Collect

Information You Provide

  • Account details: email address, display name, password (hashed) or OAuth identifiers.
  • Profile and preferences: optional avatar, display settings, language.
  • E‑card content: message text, images/media you upload, recipients’ names/emails (if you choose to send or address an e‑card).
  • Communications: support requests, feedback, and other messages.

Information Collected Automatically

  • Usage data: pages viewed, features used, clicks, session duration, referring URLs, and performance metrics.
  • Device/technical data: IP address, device type, operating system, browser type/version, language, time zone, app version.
  • Cookies and similar technologies: used for authentication, preferences, analytics, fraud prevention, and security.

Information From Third Parties

  • Identity providers (when using social login via Firebase Auth).
  • Aggregated analytics data from Google Analytics.

How We Use Your Information

Purposes of Processing

  • Provide, operate, and maintain the Service (including login and e‑card delivery).
  • Store and render e‑card content and media you upload.
  • Improve and personalize the Service, including analytics, testing, and troubleshooting.
  • Communicate with you about your account, transactions, updates, and support.
  • Ensure safety, security, and integrity (fraud/abuse prevention, monitoring).
  • Comply with legal obligations and enforce our terms.

Legal Bases (EEA/UK)

  • Performance of a contract (to provide the Service).
  • Legitimate interests (security, analytics, improvement).
  • Consent (where required, e.g., certain cookies/marketing).
  • Legal obligation (compliance, record‑keeping).

Firebase Services We Use

Firebase Overview

We may use one or more of:

  • Firebase Authentication (account creation and login)
  • Cloud Firestore / Realtime Database (store app/e‑card data)
  • Cloud Storage for Firebase (store uploaded media)
  • Firebase Hosting (serve the web app)
  • Cloud Functions (server‑side processing)
  • Firebase Performance Monitoring / Crashlytics (reliability and performance, if enabled)

Firebase (provided by Google) may process IP addresses, device identifiers, and usage data. Data may be stored in data centers outside your country. For more information, see Google’s Privacy Policy and Firebase’s Privacy & Security resources.

Google Analytics

What We Collect and Controls

We use Google Analytics to measure how the Service is used so we can improve functionality and performance.

  • Data collected: pages visited, events (e.g., button clicks), session duration, device/browser data, approximate location (based on IP).
  • IP anonymization: Enabled where supported to reduce identifiability.
  • Controls: You can opt out via the Google Analytics Opt‑out Browser Add‑on and/or our cookie preferences (if available).
    For details, see Google’s Privacy Policy and “How Google uses information from sites or apps that use our services.”

Cookies and Similar Technologies

Types of Cookies

  • Essential cookies: required for login, security, and core functionality.
  • Preference cookies: remember settings (e.g., language).
  • Analytics cookies: help us understand usage and improve the Service.

Your Choices

You can manage cookies in your browser and (where provided) in our cookie banner/preferences. Disabling certain cookies may limit functionality.

Sharing of Information

How We Share

We do not sell personal information. We may share:

  • Service providers/processors: e.g., Google (Firebase, Analytics), email providers, cloud hosting, and customer support tools—only to operate the Service under appropriate contracts.
  • Legal/safety: to comply with law, enforce terms, or protect rights, safety, and security.
  • Business transfers: in case of a merger, acquisition, or asset sale, your information may be transferred as permitted by law.
  • With your direction/consent: for example, when you address or send an e‑card to a recipient.

Data Retention

Retention Periods

  • Account data: retained while your account is active.
  • E‑card content: retained while needed to provide the Service or until you delete it.
  • Analytics data: retained per our configuration and Google’s policies (commonly 14–26 months).
  • Legal/backup: some information may be retained as required by law or for limited backup and archival purposes.

Your Rights and Choices

Your Privacy Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data (subject to legal exceptions).
  • Object to or restrict processing in certain circumstances.
  • Data portability (receive your data in a structured, commonly used format).
  • Withdraw consent where processing is based on consent.

To exercise rights, contact us using the details below. We may need to verify your identity.

International Data Transfers

How We Protect Transfers

Your information may be processed and stored in countries other than your own. Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses) to protect your data.

Security

Our Safeguards

We employ administrative, technical, and organizational safeguards, including encryption in transit, access controls, and monitoring. No method of transmission or storage is 100% secure.

Children’s Privacy

Underage Users

The Service is not directed to children under 13 (or higher age where required by local law). We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us to request deletion.

Do Not Track

DNT Signals

We do not currently respond to Do Not Track signals. You can manage tracking through cookie preferences and analytics opt‑outs.

California Privacy Rights (CCPA/CPRA)

Your California Rights

California residents have the right to:

  • Know the categories and specific pieces of personal information collected, the sources, purposes, and disclosures.
  • Request deletion of personal information (subject to exceptions).
  • Opt out of the sale or sharing of personal information. We do not sell personal information and only share with service providers for business purposes.
  • Not be discriminated against for exercising these rights.

Categories we may collect include identifiers (e.g., email, IP), internet activity (usage data), geolocation (approximate), and inferences from analytics. Sources include you, your device, and our service providers (Firebase/Google Analytics). To exercise rights, contact us using the details below.

Third‑Party Links

External Sites

The Service may contain links to third‑party sites. Their privacy practices are governed by their policies. Please review those policies before providing personal information.

Changes to This Policy

How We Update

We may update this Privacy Policy from time to time. We will post the updated version and revise the “Last updated” date. Where required, we will provide additional notice. Your continued use of the Service signifies acceptance of the updated Policy.

Contact Us

Reach Our Privacy Team

If you have questions, requests, or complaints about this Privacy Policy or our data practices, please contact:

If you are in the EEA/UK, you may also contact your local data protection authority.

Notice

Legal Disclaimer

This template is provided for informational purposes and should be reviewed by legal counsel to ensure compliance with your specific operations and applicable laws.