Skip to content
Cardyard LogoCARDYARD

CardYard Privacy Policy

Privacy Policy

Last updated: May 16, 2026

This Privacy Policy explains how CardYard ("CardYard," "we," "us" or "our") collects, uses, and shares information when you visit https://www.cardyard.ai, use the CardYard iOS app, or use any related products or services (collectively, the "Service").

1. Information We Collect

  • Account Information – email address, display name, password (stored using strong hashing), and OAuth account identifiers for supported sign-in providers such as Google sign-in/OAuth and Sign in with Apple.
  • Subscription & Payment Details – payment method tokens, billing address, and related metadata processed securely by Stripe® for web purchases; Apple transaction identifiers, product identifiers, subscription status, and renewal/expiration events for iOS in-app purchases. CardYard never stores credit‑card numbers.
  • Usage Data – game sessions, prompts, cards you generate, feature interactions, logs, feedback, and quota counters (per account or IP) used to enforce free and premium limits.
  • Cookies & Device Data – IP address, browser/OS type, device identifiers, language, referrer URLs, and analytics cookies.
  • Push Notification Data – if you enable iOS notifications, we may store push notification device tokens, bundle identifier, app version, locale, environment, and notification permission/status data so we can deliver and troubleshoot CardYard announcements.
  • Age Confirmation – a yes/no response confirming you meet the required age before accessing mature content. The iOS app uses a 17+ confirmation. We do not collect your birthdate.

2. How We Use Information

  • Provide, operate, and personalize the Service;
  • Verify age eligibility for mature and premium features;
  • Process payments, manage subscriptions, and prevent fraud;
  • Store prompts, cards, usage logs, and per-account/IP quota counters indefinitely to moderate content, improve models, develop new features, and enforce free/premium limits;
  • Perform analytics, monitor performance, and troubleshoot issues;
  • Send transactional emails (receipts, critical updates) and marketing emails (you can opt out at any time);
  • Comply with legal obligations and enforce our Terms of Service.

3. Legal Bases (EEA/UK)

We process personal data when necessary to (a) perform our contract with you, (b) pursue our legitimate interests (e.g., improve and secure the Service), (c) meet legal obligations, or (d) with your consent (e.g., marketing emails).

4. Sharing of Information

We share information only with:

  • Stripe for web payment processing;
  • Apple for iOS in-app purchases, subscription management, Sign in with Apple, refunds, push notification delivery, and App Store transaction validation;
  • Google for Google sign-in/OAuth where you choose that sign-in method;
  • Supabase for authentication, account records, database storage, and serverless functions;
  • Analytics providers (e.g., Google Analytics) for usage insights;
  • Service providers who process data on our behalf under strict confidentiality;
  • Authorities or third parties when legally required or to protect rights, safety, or property.

We do not sell or rent personal information.

5. Cookies & Tracking Technologies

We use cookies and similar technologies to recognize you, remember preferences, perform analytics, and improve the Service. You can disable cookies via your browser, but some features may not function properly.

6. Data Retention

Account data is retained while your account is active. Prompts, cards, and usage logs are retained indefinitely for moderation and product improvement unless deletion is required by law or requested through an available deletion flow. Upon a verified deletion request, we will delete or anonymize personal data within 30 days. The iOS app includes an in-app account deletion flow under Settings > Account. Apple and Stripe subscription history and billing records may remain with the applicable payment provider and must be managed separately.

7. Your Rights

Depending on your location, you may request to access, correct, delete, export, object to, or restrict processing of your personal data. California residents may also request information about categories of personal information collected and opt out of any "sale" or "sharing" (we do not sell personal information). To exercise rights, use the in-app deletion flow where available or email support@cardyard.ai.

8. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If we learn that such data has been collected, we will delete it.

9. Security

We use industry‑standard measures, including encryption in transit, role‑based access controls, and regular backups, to protect personal information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email (if you have an account) or by posting a prominent notice on the Service. The "Last updated" date indicates when updates become effective.

11. Contact Us

Questions or requests? Email support@cardyard.ai.