Privacy Policy | eCards Photos

👋 Introduction

eCards Photos ("we," "our," or "us") is a personal project operated by an individual sole proprietor based in Ontario, Canada. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our digital greeting card service at ecardsphotos.com (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and complying with applicable privacy laws including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

📋 Information We Collect

Account Information

When you create an account, we collect:

Email address Required for authentication and account recovery

Display name Used to personalize your experience

Password Stored securely using industry-standard encryption

Google profile If you sign in with Google, we receive your name, email, and profile photo

Card Content

When you create cards, we collect:

Photos Images you upload to include in cards

Video messages Videos you record or upload (Premium, up to 30 seconds)

Voice messages Audio recordings you add to cards (Premium, up to 30 seconds)

Messages Personal messages you write on cards

Recipient info Names and email addresses of card recipients (optional)

Sealed Cards When Sealed Card is enabled, all card content (photos, messages, names, voice, video) is encrypted on your device before upload. We store only the encrypted data — we cannot read or access it.

Business Information (Business Subscribers)

If you subscribe to the Business tier, we additionally collect:

Business logo An image file uploaded to represent your business on cards. Stored in Firebase Storage under your user account.

Company name Displayed on your cards and visible to card recipients

Business email Displayed on your cards and visible to card recipients (may differ from your account email)

Business phone Displayed on your cards and visible to card recipients

Business website Displayed on your cards and visible to card recipients

View counts The number of times each business card is viewed, stored per card

Technical Data

We automatically collect:

IP address Hashed using SHA-256 for privacy. Used for rate limiting. We do not store your actual IP.

Browser storage localStorage to remember which cards you've viewed

Device info Basic browser and device type for optimizing your experience

Analytics data Page views, session duration, and general usage patterns collected via Google Analytics (anonymized, no personally identifiable information)

Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card numbers or banking information. Stripe may collect information necessary to process your payments in accordance with their Privacy Policy.

legal.privacy.collect.usage.title

legal.privacy.collect.usage.content

🔧 How We Use Your Information

We use your information to:

✓Provide, maintain, and improve our card creation and sharing service
✓Process your subscription payments through Stripe
✓Authenticate your account and keep it secure
✓Enforce usage limits and prevent abuse (rate limiting)
✓Analyze usage patterns to improve the Service (via Google Analytics)
✓Respond to your requests or questions
✓Send important service updates (we do not send marketing emails)
✓Display your business branding (logo, name, email, phone, website) on cards you create with a Business subscription, visible to all card recipients
✓Track view counts on Business tier cards to provide engagement data to the card creator

📅 Data Retention

We retain your data according to these policies:

Cards and photos (Free tier)

Automatically deleted 7 days after creation

Cards and photos (Premium tier)

Automatically deleted 90 days after creation

Cards and photos (Business tier)

Automatically deleted 180 days after creation

Business logos

Retained while your Business subscription is active. Deleted when your subscription ends or when you delete your account. Copies of logos embedded in previously created cards persist until those cards expire.

Business profile data

Company name, email, phone, and website are retained while your Business subscription is active. A snapshot is embedded in each card at creation time and persists until that card expires.

Account data

Retained until you delete your account

Rate limiting & download tracking data

Anonymous IP hashes retained for the lifetime of the associated card, then deleted

Access logs (Protected Cards)

Retained for 90 days for creator visibility, then permanently deleted

AI usage tracking

Daily and per-card counts stored to enforce rate limits, reset daily

When cards expire, all associated photos, content, and embedded business branding are permanently deleted from our servers. Downloaded cards remain on your device and may continue to display business branding that was embedded at creation time.

🤝 Data Sharing

We share your information only with:

Firebase/Google Cloud Our infrastructure provider that hosts and processes data on our behalf

Stripe Our payment processor for subscription management

Google Analytics Collects anonymized usage data (page views, session duration, device type) to help us understand how the Service is used and improve it. No personally identifiable information is shared.

OpenAI Powers our AI Message Assistant (Premium). Only occasion type, tone, and optional recipient name are sent—no photos or personal messages

We do NOT:

✗Sell your personal information
✗Share your data with advertisers
✗Use your photos for any purpose other than delivering your cards

Important: If you use a Business subscription, the business contact information you provide (company name, email, phone, website) and your business logo are intentionally displayed on your cards and visible to anyone who views or downloads them. This is a core feature of the Business tier, not an incidental data disclosure.

⚖️ Your Privacy Rights

Canadian Residents (PIPEDA)

Under Canadian privacy law, you have the right to:

✓Access your personal information we hold
✓Request correction of inaccurate information
✓Withdraw consent for data processing
✓Request deletion of your account and associated data

European Residents (GDPR)

If you are in the European Economic Area, you have additional rights to:

✓Data portability
✓Object to processing
✓Restrict processing
✓Lodge a complaint with your supervisory authority

California Residents (CCPA)

California residents have the right to:

✓Know what personal information we collect
✓Request deletion of personal information
✓Opt-out of the sale of personal information (note: we do not sell personal information)
✓Non-discrimination for exercising your rights

🔒 Data Security

We implement appropriate security measures to protect your information, including:

✓Encryption in transit (HTTPS/TLS)
✓Secure password hashing
✓IP address hashing for anonymization
✓Regular security updates
✓Firebase Security Rules to control data access
✓End-to-end encryption for Sealed Cards (AES-256-GCM — your content is encrypted on your device before upload; we never have access to the decryption key)

🌐 International Data Transfers

Your information may be processed on servers located outside your country of residence, including in the United States where Google Cloud/Firebase operates data centers. We rely on standard contractual clauses and other appropriate safeguards for such transfers.

👶 Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

✏️ Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

📧 Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

Email: support@ecardsphotos.com

Location: Ontario, Canada