Trust Center › Privacy Policy

Privacy & Data Last updated: 2026-03-01

Last updated: 1 March 2026

NFC Tagify ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at nfctagify.com and associated subdomains (the "Service").

Please read this policy carefully. By using the Service, you agree to the practices described here.

---

1. Who We Are

NFC Tagify provides a digital business card platform enabling professionals and organisations to create, share, and manage digital profiles via NFC cards and QR codes.

For data protection purposes, the data controller is NFC Tagify Ltd.

Contact: privacy@nfctagify.com

---

2. Information We Collect

2.1 Information You Provide

  • Account data: name, email address, password (hashed), company name
  • Profile data: job title, phone numbers, social links, profile photo, bio
  • Billing data: payment method details (processed by Stripe — we do not store card numbers)
  • Order data: NFC card orders, shipping address, order status
  • Communications: support messages, feedback, and correspondence with us

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, time spent, click events
  • Device data: IP address, browser type, operating system, device identifiers
  • Analytics data: profile views, link clicks, and card tap events
  • Cookies and similar technologies: session cookies, preference cookies, analytics cookies

2.3 Information from Third Parties

  • Stripe: payment confirmation and subscription status
  • Shopify: order data for NFC card purchases made through our store
  • Google Analytics: aggregated usage statistics
  • Reseller partners: account and profile data for white-label deployments

---

3. How We Use Your Information

We use your information to:

  • Provide the Service: create and manage your account and digital profiles
  • Process transactions: handle card orders and subscription payments
  • Personalise your experience: remember your preferences and settings
  • Communicate with you: send transactional emails, support responses, and product updates
  • Improve the Service: analyse usage patterns, fix bugs, and develop new features
  • Ensure security: detect fraud, abuse, and unauthorised access
  • Comply with legal obligations: respond to lawful requests from authorities

We do not sell your personal data to third parties.

---

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area and United Kingdom, we process your data under these legal bases:

| Processing Purpose | Legal Basis |

|---|---|

| Providing the Service | Performance of contract (Art. 6(1)(b)) |

| Billing and payments | Performance of contract (Art. 6(1)(b)) |

| Analytics and improvement | Legitimate interests (Art. 6(1)(f)) |

| Marketing communications | Consent (Art. 6(1)(a)) |

| Legal compliance | Legal obligation (Art. 6(1)(c)) |

---

5. Data Sharing

We share your data only with:

  • Service providers: Supabase (database), Stripe (payments), Resend (email), DigitalOcean (hosting), Cloudflare (CDN/DNS). All are bound by data processing agreements.
  • Reseller partners: if your account is managed under a white-label reseller, that reseller can access your organisation's profile data as defined in our Reseller Agreement.
  • Analytics providers: anonymised usage data only (Google Analytics).
  • Law enforcement: when required by applicable law or valid legal process.

We do not transfer your data outside the UK/EEA without appropriate safeguards (Standard Contractual Clauses or equivalent).

---

6. Your Rights

Under GDPR and UK GDPR, you have the right to:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of your data ("right to be forgotten")
  • Restriction: limit how we use your data in certain circumstances
  • Portability: receive your data in a structured, machine-readable format
  • Object: opt out of processing based on legitimate interests or for direct marketing
  • Withdraw consent: where processing is based on consent

To exercise any of these rights, email privacy@nfctagify.com. We will respond within 30 days.

You also have the right to lodge a complaint with your supervisory authority (in the UK: the Information Commissioner's Office, ico.org.uk).

---

7. Data Retention

| Data Type | Retention Period |

|---|---|

| Account and profile data | Duration of account + 90 days after deletion |

| Billing records | 7 years (legal requirement) |

| Analytics and usage logs | 24 months |

| Support correspondence | 3 years |

| Cookies | See our Cookie Policy |

---

8. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Row-level security on all database tables
  • Multi-factor authentication for privileged access
  • Regular security reviews and access audits
  • Third-party hosting on DigitalOcean with SOC 2 compliance

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but take all reasonable precautions.

---

9. Cookies

We use cookies and similar tracking technologies. See our Cookie Policy for full details, including how to manage your preferences.

---

10. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us and we will delete it promptly.

---

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or via a prominent notice in the portal. The "Last updated" date at the top of this page reflects the most recent revision.

---

12. Contact Us

NFC Tagify — Privacy Team

Email: privacy@nfctagify.com

Website: https://nfctagify.com