Privacy Policy
Effective: 20 April 2026
This Privacy Policy explains how KudosCards.io("we", "us", "our") collects, uses, stores, and protects personal information when you use kudoscards.io("the Service"). We are committed to protecting your privacy and handling your data with care.
๐ Data location
All data is stored on servers located in Oregon, United States, operated by Supabase Inc. (our infrastructure provider).
1. Information We Collect
1a. Account holders (Creators)
- Email address โ used for authentication via magic link
- Display name โ optional, chosen by you
- Account metadata (plan tier, creation date)
1b. Contributors (no account needed)
- Name โ the name you choose to display on your message
- Team / role โ optional
- Message text โ the message you write
- Photos and GIFs โ any media you attach
- Email address โ only if you opt in to receive card update notifications
1c. Usage data
We log basic events (page views, submissions created) in an events table for analytics and fraud prevention. No personally identifiable information is stored in event logs beyond what you have already provided.
2. How We Use Your Information
- To provide and operate the Service (display your Kudos Card, authenticate you)
- To send magic-link emails for sign-in
- To send notification emails when new messages are added to a Kudos Card โ only if you explicitly opted in, and only until you opt out
- To moderate content and investigate reports of inappropriate messages
- To improve the Service through aggregate, anonymised analytics
3. We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to any third party, ever. We do not use your data for targeted advertising.
4. Marketing Communications
We may occasionally send product updates, feature announcements, or newsletters to registered Creator accounts. You can opt out at any time by:
- Clicking the unsubscribe link in any marketing email
- Emailing us at privacy@kudoscards.io
Card-update notifications (e.g. "Fred signed Kellie's card") are sent only to Contributors who have explicitly subscribed and can be cancelled via the unsubscribe link in each email. We do not use these addresses for marketing.
5. Data Sharing & Sub-processors
We share data only with the following trusted service providers:
| Provider | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database, authentication, file storage | Oregon, USA |
| Vercel Inc. | Web hosting and edge delivery | USA / Global CDN |
| GIPHY Inc. | GIF search (if you use the GIF picker) | USA |
These providers act as data processors on our behalf and are contractually required to protect your data and use it only to provide their services to us.
6. Cookies & Local Storage
We use essential session cookies to keep you signed in. We do not use tracking cookies or third-party advertising cookies. No consent banner is required for essential cookies under US law, though we aim to respect the spirit of privacy regulations globally.
7. Data Retention
- Account data is retained while your account is active
- Kudos Cards and their messages are retained until you delete them from your dashboard
- Contributor messages remain on a card until the card Creator deletes them or the card itself
- On account deletion, your account data is purged within 30 days; anonymised event logs may be retained longer
- Card-follower email addresses are retained until you unsubscribe or request deletion
8. Your Rights
Depending on where you live, you may have rights including:
- Access โ request a copy of data we hold about you
- Correction โ ask us to fix inaccurate data
- Deletion โ request that we delete your personal data
- Objection โ object to certain processing, including marketing
- Portability โ receive your data in a machine-readable format
To exercise any of these rights, email privacy@kudoscards.io. We will respond within 30 days.
9. Security
We use industry-standard measures to protect your data, including TLS encryption in transit, row-level security in our database, and access controls. No system is 100% secure; please contact us immediately if you suspect any unauthorised access to your account.
10. International Users
Our servers are in Oregon, USA. By using the Service from outside the USA you consent to the transfer of your data to the USA. If you are in the European Economic Area (EEA), we rely on your explicit consent (given when you sign up or opt in to notifications) as our legal basis for processing.
11. Children
The Service is not directed to children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us so we can delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users by email of material changes. The effective date at the top of this page will always reflect the latest revision.
13. Contact Us
For privacy questions, data requests, or concerns, please contact:
KudosCards.io
Email: privacy@kudoscards.io