Privacy Policy

Last updated: November 27th, 2024

1. Introduction

This Privacy Policy explains how we collect, use, and protect your personal information when you use our digital card letter service. We are committed to ensuring the privacy and security of your content and personal data.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name (optional)
• Email address
• Account creation date
• Account update timestamps

2.2 Card Letter Content

When you create card letters, we collect:

• Text content you input
• Images you upload
• Customization preferences
• Access passcodes (if enabled)
• Creation and modification dates

2.3 Image Storage

• Images are stored securely in Cloudflare R2 storage
• Public access to images is blocked
• Temporary secure access links are generated when viewing cards
• Original image metadata is processed for security

2.4 Usage Data

We automatically collect the following information about visits:

• Session start and end times
• Country of access
• Browser and device information
• Device type
• IP address
• Referring website
• Interaction timestamps

2.5 Payment Information

For processing payments, we use Stripe as our payment processor. We collect and store:

• Stripe Customer ID
• Payment history
• We do not store your actual credit card numbers or banking details on our servers.

3. How We Use Your Information

3.1 Card Letter Service

• To create and store your card letters
• To generate secure access links for images
• To enforce passcode protection when enabled
• To provide card letter sharing capabilities
• To save and restore your customizations

3.2 Account Management

• To create and manage your account
• To authenticate your identity
• To provide customer support
• To send important service updates

3.3 Service Improvement

• To analyze how our service is used
• To identify and fix technical issues
• To improve user experience
• To develop new features

3.4 Payment Processing

• To process your payments through Stripe
• To maintain payment records
• To prevent fraudulent transactions
• To provide billing support

4. Content Security and Storage

4.1 Image Security

• Images are stored in private Cloudflare R2 buckets
• Access is controlled through temporary signed URLs
• Public access to stored images is blocked
• Images are served through secure, expiring links

4.2 Passcode Protection

• Passcodes are encrypted before storage
• Access attempts are monitored for security
• Failed access attempts are logged
• Passcodes can be reset by card owners

4.3 Data Storage

• Card content is stored securely in our databases
• Images are stored in Cloudflare R2 with encryption
• We implement appropriate technical measures to protect your data
• Regular backups are performed for data protection

4.4 Duration

• Account information is stored until you request deletion
• Card letters are retained until deleted by you
• Images are kept as long as associated cards exist
• Session data is retained for analytical purposes
• Payment records are kept as required by law

5. Data Sharing and Third-Party Services

5.1 Content Sharing

• Card letters can be shared via links you create
• Access to password-protected cards requires the correct passcode
• You control who can access your card letters

5.2 Cloudflare R2

We use Cloudflare R2 for image storage:

• Images are stored securely with encrypted access
• Cloudflare's privacy policy applies to image storage
• No public access to stored images is permitted

5.3 Stripe

We use Stripe for payment processing. When you make a payment:

• Your payment information is handled directly by Stripe
• We only store the Stripe Customer ID and transaction records
• Stripe's privacy policy applies to payment processing

6. Cookies

We use cookies to:

• Track user sessions
• Analyze site usage
• Improve our service
• Remember your preferences

7. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data and card letters
• Export your data
• Opt-out of analytics tracking
• Withdraw consent
• Change or remove passcodes on your cards
• Delete uploaded images

8. International Data Transfers

Your data may be processed in different countries where we or our service providers operate. We ensure appropriate safeguards are in place for international transfers.

9. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any significant changes through:

• Email notification
• Notice on our website
• Service notification

11. Content Removal

You can request removal of:

• Card letters you've created
• Images you've uploaded
• Your account and associated data

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us at: fuaberu@gmail.com

13. Legal Basis for Processing (GDPR)

For users in the European Union, we process your data based on:

• Contract performance (card letter service)
• Legal obligations (payment records)
• Legitimate interests (analytics)
• Consent (optional features)

By using MoriCard, you acknowledge that you have read, understood, and agree to this Privacy Policy.