← Back to Cardfolio
Plain English · no lawyer fog

Privacy Policy.

Last updated: 18 June 2026 · Effective immediately for new users.

1. The short version

Cardfolio (“we”, “us”) is an app that scans business cards, turns them into structured contacts, and lets you sync those contacts to the CRM of your choice. To do that, we hold onto your email, the cards you scan, and the access tokens you grant for any CRM you connect. We don’t sell any of it. We don’t use your cards to train AI. If you delete your account, your data goes with it.

The long version is below. If anything is unclear, write to support@usecardfolio.com.

2. Who we are

Cardfolio is operated by the publisher of usecardfolio.com. For privacy questions in the EU, UK, or California, you can reach our data team at the address above. For GDPR/UK GDPR purposes, we act as a data controller for your account data and as a data processor for the contact data you choose to push to third-party CRMs.

3. What we collect and why

Account data

Card & contact data

Subscription & billing data

Usage data

4. Your business cards and AI processing

When you scan a card, the image is sent to a third-party vision model (currently Google Gemini) for OCR. The model returns the extracted fields, which we store in your account. We do not retain card images for longer than necessary to process them, and we do not use your cards to train any AI model. Google’s API terms prohibit them from training on customer data in this configuration.

The cards belong to you and to the people who handed them to you. You are responsible for how you use the contact information — in most jurisdictions, business cards exchanged in a professional setting carry an implied permission to follow up, but local laws vary.

5. CRM connections

If you connect a CRM (Hubspot, Salesforce, Zoho, Outlook, Google Contacts), we store the OAuth access token you authorize. We use it only to push the contacts you choose to push. We don’t read or modify other data in your CRM. You can disconnect a CRM at any time in Settings, which revokes our access on our side; you can also revoke from the CRM’s own dashboard.

6. Device permissions

7. Who we share data with

We share only what’s necessary, only with these processors:

We do not sell your personal data, ever. We do not share it with advertisers. (The free tier of the mobile app shows ads served by Google AdMob, but we do not pass your personal data to AdMob beyond what the SDK collects under its own privacy policy.)

8. How long we keep things

9. Your rights

Depending on where you live, you have the right to:

Email support@usecardfolio.com for any of these — we’ll respond within 30 days.

10. Children

Cardfolio is a business tool. It’s not designed for, marketed to, or intended for anyone under 16. We don’t knowingly collect data from minors. If we learn that we have, we delete it.

11. Changes to this policy

If we change anything material, we’ll email registered users and post a notice in the app at least 14 days before the change takes effect. The “last updated” date at the top of this page always reflects the current version.

12. Contact

Questions, requests, complaints — all welcome.
Email: support@usecardfolio.com
Web: usecardfolio.com