← Back to Qardly

Qardly Privacy Policy

Last updated: June 29, 2026

1. Information We Collect

Qardly collects the following information to provide our digital business card service:

2. How We Use Your Information

3. Web Card Viewer Analytics

When someone views your shared card on the web (qardly.app/c/...), we collect:

This data is shown to the card owner in their analytics dashboard. Card owners can disable location tracking via the "Track viewer location" toggle in their card's privacy settings. Viewers cannot be personally identified from this data.

4. Contact Information Protection

By default, email addresses and phone numbers displayed on web card pages are obfuscated (Base64-encoded) to prevent automated scraping by bots. The information is decoded by JavaScript when a real user views the page. Card owners can control this via the "Hide email from bots" toggle.

5. Search Engine Indexing

By default, shared card pages are not indexed by search engines (noindex, nofollow). Card owners can opt in to search engine indexing via the "Allow search engine indexing" toggle if they want their card to appear in Google results.

6. PIN Protection

Card owners can protect their web card with a 6-digit PIN. PIN verification is rate-limited (maximum 5 attempts per 15 minutes per IP address). After successful verification, a signed HTTP-only cookie is set for 1 hour so the viewer does not need to re-enter the PIN. The PIN is never transmitted in the URL.

7. Data Sharing

We do not sell your personal data. Your business card information is only shared with people you explicitly share your card with. We use the following third-party services:

8. Data Storage and Security

Your data is stored securely using Google Firebase infrastructure with encryption at rest and in transit. We implement industry-standard security measures including:

9. Your Rights

You can:

10. Legal Basis, Third-Party Data, and Your Rights (KVKK & GDPR)

Data controller. Qardly is the data controller for the account and card data processed through the Service. For any data-protection request, use the contact address in Section 13.

Legal basis. We process your personal data based on your consent (given when you create an account and cards), the performance of our agreement with you (our Terms of Service), and our legitimate interest in operating and securing the Service.

Third-party information. If you add another person's personal data to a card (for example, a colleague's phone number or photo), you are responsible for obtaining that person's consent, and you act as the controller of that data. Qardly processes it only on your behalf to provide the Service.

Your rights. Under the Turkish Personal Data Protection Law (KVKK, Law No. 6698) and, where applicable, the EU General Data Protection Regulation (GDPR), you may request access to, correction, deletion, or portability of your personal data, object to or restrict its processing, and withdraw your consent at any time. If someone has published your personal data through Qardly without your consent, you may ask us to remove it, and we will act on such requests within the periods required by applicable law.

11. Children's Privacy

Qardly is not intended for children under 13. We do not knowingly collect data from children under 13 years of age.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes through the app or via email.

13. Contact Us

If you have questions about this privacy policy, wish to exercise your data rights, or need to report content that misuses your personal data, contact us at: support@ingredioscanner.app