Privacy Policy
How we collect, use, and protect your personal information.
Last updated: March 15, 2026
businesscardX ("we", "us", "our") is a Canadian company based in Toronto, Ontario. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.
This policy applies to all information collected through our website (businesscardx.com), our web application (app.businesscardx.com), our NFC business cards, and any related services (collectively, the "Services").
By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our Services.
1. Information We Collect
1.1 Information You Provide Directly
- Account information: Name, email address, password (encrypted), phone number, and language preference when you create an account.
- Profile information: Job title, company name, industry, city, province/state, country, bio/description, physical addresses, website URLs, and social media links (LinkedIn, Instagram, Facebook, X/Twitter, TikTok, Snapchat, WhatsApp, Bluesky, Signal) that you add to your digital profile.
- Profile photo and media: Photos, images, and videos you upload to your profile.
- Contact form submissions: Name, email, phone number, subject, and message when you contact us.
- Payment information: Billing and shipping details when you make a purchase. Payment card details are processed directly by Shopify Payments and are never stored on our servers.
- Two-way share information: When someone shares their contact details with you through your profile page, we collect their name, email, phone, and company on your behalf.
1.2 Information Collected Automatically
- Profile visit analytics: When someone views your digital profile (via NFC tap or QR scan), we collect visit counts, approximate geographic location (city, region, country derived from IP address), browser type, and interaction data (which buttons were tapped — phone, email, social links, save contact).
- Device and usage data: Browser type, operating system, referring URLs, pages visited, and timestamps.
- Cookies and local storage: See Section 5 below.
1.3 Information from Third Parties
- Google Sign-In: If you sign in with Google, we receive your name, email address, and Google account ID from Google.
- Connected email accounts: If you connect your Gmail or Outlook account to send follow-up emails, we store OAuth access and refresh tokens. We do not read your inbox — we only use the send permission to dispatch emails you initiate.
- HubSpot integration: If you connect HubSpot, we sync contact data (names, emails, phone numbers) between your businesscardX CRM and your HubSpot portal.
2. How We Use Your Information
- Provide and improve the Services: Display your digital profile, process orders, ship NFC cards, manage your subscription, and provide customer support.
- Analytics and metrics: Show you how many people viewed your profile, saved your contact, and tapped your links.
- Communications: Send transactional emails (order confirmations, setup links, receipts, invitation emails), and respond to your contact form inquiries.
- Follow-up messages: Send follow-up emails or SMS messages to your contacts on your behalf, only when you initiate them.
- AI-powered features: Generate email signatures and scan business cards using AI (OpenAI), using only the data you provide for that specific feature.
- Security: Detect and prevent fraud, abuse, and unauthorized access.
- Legal compliance: Comply with applicable laws, regulations, and legal requests.
3. How We Share Your Information
We do not sell your personal information. We share your data only in the following circumstances:
- Public profile: The information you add to your digital profile (name, photo, title, company, contact details, social links, bio, media) is publicly accessible to anyone who visits your profile URL, taps your NFC card, or scans your QR code. This is the core purpose of the Service.
- Service providers: We use the following third-party services to operate our business:
- Google Firebase (United States) — Authentication, database, file storage, analytics
- Shopify (Canada/United States) — E-commerce, subscriptions, payment processing
- Vercel (United States) — Web application hosting
- Resend (United States) — Transactional email delivery
- Twilio (United States) — SMS message delivery
- OpenAI (United States) — AI features (email signature generation, business card scanning)
- Google Maps — Map embeds on profile pages showing your address
- Integrations you authorize: If you connect third-party services (HubSpot, Zapier, Gmail, Outlook), data is shared with those services as described at the time of connection.
- Legal requirements: We may disclose your information if required by law, court order, or government request.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
4. Data Storage and Security
Your data is stored on servers operated by Google (Firebase) and Shopify, primarily located in the United States and Canada. We use industry-standard security measures including:
- Encrypted connections (HTTPS/TLS) for all data in transit
- HTTP-only, secure session cookies
- Firebase Authentication with encrypted password storage
- Server-side access controls and authentication checks
- Payment card data processed by Shopify Payments (PCI DSS compliant) — never stored on our servers
While we implement reasonable safeguards, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
5. Cookies and Tracking
We use the following cookies and local storage:
- __session (cookie) — Keeps you logged in. HTTP-only, secure, expires after 14 days. Essential for the Service to function.
- bcx-language (local storage) — Stores your language preference (English or French).
- Google Analytics / Firebase Analytics — We use Google Analytics 4 (via Firebase) to understand how our website and app are used. This sets standard Google Analytics cookies (_ga, _gid). You can opt out using the Google Analytics Opt-out Browser Add-on.
- Shopify cookies — Our store (businesscardx.com) uses standard Shopify cookies for cart functionality, checkout, and analytics.
6. Data Retention
- Account data: Retained as long as your account is active. If you delete your account, we delete your profile data, contacts, and metrics within 30 days.
- Order and billing records: Retained for 7 years as required by Canadian tax law.
- Contact form submissions: Retained for 2 years, then deleted.
- Profile visit analytics: Retained as long as your account is active.
- OAuth tokens: Deleted when you disconnect the integration or delete your account.
7. Your Rights
Under Canadian privacy law (PIPEDA) and applicable provincial legislation, you have the right to:
- Access your personal information — request a copy of the data we hold about you.
- Correct inaccurate information — update your profile at any time through the app, or contact us for assistance.
- Delete your account and personal data — use the "Delete Account" feature in the app, or email us.
- Withdraw consent — you may disconnect third-party integrations or close your account at any time.
- Data portability — request your data in a standard format.
To exercise any of these rights, email us at contact@businesscardx.com. We will respond within 30 days.
8. International Data Transfers
businesscardX is based in Canada. Your data may be processed in the United States by our service providers (Firebase, Vercel, Resend, Twilio, OpenAI). These transfers are necessary to provide the Services. By using our Services, you consent to this transfer. We ensure our service providers maintain adequate data protection standards.
9. Children's Privacy
Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date at the top. We encourage you to review this page periodically. Continued use of the Services after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights:
- Email: contact@businesscardx.com
- Phone: +1 (705) 918-1798
- Address: businesscardX, Toronto, Ontario, Canada