CardFolio Privacy Policy

Our Business

We recognize that privacy is important to our users.

This Privacy Policy describes how CardFolio ("CardFolio", "we", "us", or "our") collects, uses, stores, processes and shares personal information and non-personally identifiable data from users accessing the CardFolio website, our mobile application, and any related services (collectively, the "Platform").

By accessing or using the Platform, you consent to the collection, use and disclosure of your information in accordance with this Privacy Policy and the applicable laws of India.

This Privacy Policy is an electronic record under the Information Technology Act, 2000 and the rules made thereunder. No physical or digital signature is required.

1. What is Personal Information?

"Personal Information" means any information relating to an identified or identifiable individual, whether provided by you or collected automatically.

This Policy does not apply to anonymized or aggregated information that cannot identify you.

2. What Personal Information We Collect

Depending on how you use CardFolio, we may collect:

A. Information You Provide

• Full name
• Email address and mobile number
• Shipping or delivery address
• Profile photograph (optional)
• Username and profile details
• Content you upload (images, videos, listings, messages, etc.)
• Identity verification information: We may request basic KYC such as name, address, date of birth, photograph, and may request PAN or other government-issued ID if required by law or for high-value transactions.

B. Automatically Collected Information

• Device details, OS, browser type
• IP address and approximate location
• Mobile network information
• Log data (pages viewed, actions taken, time spent)
• Referral source (where you came from)
• Crash logs, diagnostics, performance data

C. Information for Legal Compliance

We may collect information required under Indian law for identity verification, fraud prevention, and transaction monitoring.

D. Information from Personnel

We may collect limited personal information from employees, contractors, and job applicants, used solely for employment/operational purposes.

3. How We Collect Personal Information

We collect information through:

• User account registration
• Order/transaction submission
• Voluntary uploads or interactions
• Automatic collection through cookies, logs, and analytics
• KYC verification (if applicable)
• Customer support queries

We only collect information necessary for providing our services and operating the Platform.

4. Cookies & Tracking Technologies

We use cookies to:

• Enable essential Platform functions
• Maintain session and login state
• Understand usage patterns
• Improve user experience
• Provide relevant (non-behavioural) ads

You may decline cookies in your browser settings. Disabling cookies may affect some Platform features.

We also maintain server logs to manage system performance and security.

5. Online Advertising & Analytics

CardFolio may use:

• Basic web analytics tools (e.g., Google Analytics, Firebase Analytics)
• Advertising partners for app install campaigns or remarketing

We do NOT perform cross-site behavioral ad tracking. Tracking is limited to our own Platform usage.

6. How We Use Your Personal Information

We use your information to:

• Provide and operate CardFolio services
• Manage your account and transactions
• Process and ship physical items (if applicable)
• Facilitate card ownership transfer between users
• Respond to inquiries and provide support
• Improve Platform performance and security
• Develop new features and conduct testing
• Send notifications, updates, or marketing material (with consent)
• Detect and prevent fraud or misuse
• Comply with Indian laws

We may also use anonymized, aggregated data for analytics or product improvement.

7. How We Share Your Personal Information

We may share your information with:

• Delivery/shipping providers (address, contact details)
• Payment gateway partners (no card data stored by us)
• KYC/verification partners (if applicable)
• Analytics or advertising service providers
• Cloud hosting and IT infrastructure providers
• Legal authorities when required by applicable law

We do not sell personal information.

We do not enable monetary withdrawals for users.

Card transfers occur only within the Platform as per our Terms.

Shipping fees are non-refundable except for defective/damaged items.

8. Protection of Information Shared with Third Parties

We take reasonable measures to ensure third parties:

• Maintain confidentiality
• Use the data only for permitted purposes
• Follow adequate security standards

This is enforced through contracts or written assurances where applicable.

9. Data Retention

We retain Personal Information only as long as necessary for:

• Providing services
• Legal compliance
• Resolving disputes
• Preventing fraud

When no longer needed, data is deleted, anonymized, or securely archived.

10. Where We Store Your Data

Data may be stored:

• On secure cloud servers (AWS / Google Cloud / Azure) located in India or abroad
• In compliance with applicable Indian data protection laws

Financial information processed through payment gateways is not stored on our servers.

11. How We Protect Personal Information

We use:

• Access controls
• Encrypted transmission (HTTPS/SSL)
• Secure cloud infrastructure
• Periodic security reviews

However, no system is fully secure. You are responsible for maintaining confidentiality of login credentials and OTPs.

12. Children's Privacy

The Platform is strictly for users 18 years and above.

If a minor submits information, parents/guardians may request deletion via: support@peelblue.in

13. Payment Transaction Security

• All payments are processed through PCI-DSS compliant gateways.
• Card or bank details are never stored by CardFolio.
• Transaction data is retained only as long as required to complete the transaction.

14. Breach Notification

If we believe a breach may cause significant harm, we will:

• Notify affected users
• Notify government authorities if required
• Take steps to reduce impact and prevent recurrence

15. Access & Correction Rights

You may request:

• Access to your personal information
• Correction of inaccurate details
• Deletion of certain information (unless required by law)

We may request identity verification before processing such requests.

16. Your Choices

You may:

• Disable cookies via browser settings
• Opt-out of marketing emails via "unsubscribe"
• Modify account information anytime
• Restrict permissions on your device (location, camera, etc.)

17. Links to Third-Party Websites

External links on CardFolio are not covered by this Privacy Policy.

We are not responsible for third-party content, security, or practices.

18. Changes to this Privacy Policy

We may update this Policy at any time.

Changes become effective upon posting on the Platform.

Continued use constitutes acceptance.

19. Governing Law

This Privacy Policy is governed by the laws of India. Any disputes are subject to the exclusive jurisdiction of courts located in Chennai, India.

20. Data Protection Principles (Best Practices)

We aim to:

• Process data lawfully and fairly
• Collect only what is necessary
• Maintain accuracy
• Apply appropriate security safeguards
• Limit retention to necessary periods
• Offer user rights consistent with emerging Indian data protection norms