Privacy Policy

Last updated: 2025-08-30

Who we are. ShareCreditCard.link ("ShareCreditCard", "we", "us") provides a service that lets users create one‑time links to transmit sensitive information to a chosen recipient.

Role. For account, billing, and service telemetry data, we are a data controller. For content you encrypt and send to a recipient ("Secrets"), we act primarily as a data processor on your instructions and store only an encrypted payload; the decryption key is never sent to our servers by design.

Data we process

  • Account & billing data: name, email, company, plan, invoices, support interactions.

  • Service metadata: link ID, creation and expiry timestamps, status (unopened/opened/expired), approximate counts of views (configurable), sender/recipient identifiers you optionally add. We do not store plaintext Secrets.

  • System logs: IP address, user agent, and timestamps for security and abuse prevention. We automatically redact URL fragments (#...).

  • Cookies: strictly necessary session cookies (see Cookie Policy). We do not use marketing cookies.

What we do not store

  • We never store your decryption keys.

  • We do not store CVV/CVC after transmission or display. We recommend disabling CVV storage entirely; if you enable it, you must ensure lawful use and deletion per PCI DSS.

Purposes & legal bases (EEA/UK)

  • Provide and secure the service (contract, legitimate interests).

  • Billing, fraud prevention, and abuse mitigation (contract, legitimate interests, legal obligation).

  • Product communications (legitimate interests) with opt‑out.

Retention

  • Encrypted payloads are deleted on first view or at expiry (whichever is earlier). Backups follow a rolling retention of 7 days, after which data is purged.

  • Logs are retained for 14 days for security, then anonymized or deleted.

  • Account/billing records are kept as required by law (typically 6–10 years, depending on jurisdiction).

International transfers

We may process data in and outside your country. Where required, we use SCCs or other appropriate safeguards.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your data, and to object to certain processing. Contact us to exercise these rights.

Security

We use client‑side encryption, TLS, HSTS, CSP, least‑privilege access, and continuous deletion workflows. No system is perfectly secure; report vulnerabilities to info@sharecreditcard.link.

Children

Not for use by children under 16. We do not knowingly collect children’s data.

Changes

We may update this Policy from time to time. The date above shows the latest change.

Contact: info@sharecreditcard.link