CardCipher

Last updated:

Privacy Policy

This policy explains what information CardCipher (“we”, “us”, “our”) collects, how we use it, and the choices you have. It applies to cardcipher.com and services that link to it.

Quick links

Overview & scope Information we collect How we use information Controller vs. processor Payments via Stripe When we share information International transfers Retention Security Your choices & rights Cookies & tracking Region-specific notices Children Changes Contact

1) Overview & scope

We collect and use only what we need to operate CardCipher, provide features you request, secure the service, and improve performance. We do not sell your personal information and we do not share it for cross-context behavioral advertising.

2) Information we collect

  • Account data — display name, email address, hashed password, and in-app preferences (e.g., shipping settings).
  • Authentication — session tokens (e.g., JWT) kept in your browser to stay signed in.
  • App content you provide — inventory, sales, transactions, and files you upload for parsing or label printing (e.g., packing slips), plus related metadata.
  • Buyer details inside your uploads — names, addresses, order numbers, and line items contained in the files you submit; processed solely to serve your account.
  • Payments metadata — via Stripe (see Payments via Stripe): status, last-4, brand, expiration month/year, billing name/address; we do not store full card numbers or CVV.
  • Usage & diagnostics — device/browser info, pages viewed, performance and error logs. We do not build advertising profiles.

3) How we use information

  • Provide, maintain, and improve the service (including parsing uploads, computing fees, and printing labels).
  • Authenticate users, secure accounts, prevent fraud/abuse, and diagnose issues.
  • Respond to support requests and communicate service updates.
  • Comply with legal obligations and enforce our Terms.

4) Controller vs. processor

For your account, billing, and site usage data, CardCipher acts as a controller.

For buyer data contained in your uploads (e.g., names and shipping addresses in packing slips), you are the controller and CardCipher processes that data on your instructions to provide the service to your account. We do not use that buyer data for our own purposes.

5) Payments via Stripe

We use Stripe to process payments. When you subscribe or make a purchase, certain billing information is shared with Stripe so the transaction can be completed (e.g., billing name, email, billing address, payment method details). We do not store full card numbers or CVV; Stripe stores and processes that data on our behalf.

  • See Stripe’s Privacy Policy for details on how Stripe handles personal data.
  • Stripe is PCI DSS Level 1 certified; we use Stripe Elements/Checkout so card data is sent directly to Stripe.
  • If a charge fails, we may retry and may pause access until payment is successful.

6) When we share information

We do not sell or share your personal information for cross-context behavioral advertising. We share only as needed to run CardCipher:

  • Service providers (e.g., infrastructure, storage, logging, email, analytics, and payments via Stripe) under confidentiality and security commitments.
  • Legal & safety when required by law or to protect users, our rights, or the public.
  • Business transfers in connection with a merger, acquisition, or reorganization, with protections maintained or appropriate notice provided.

7) International transfers

We and our providers (including Stripe) may process data in countries other than yours. Where required, we use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and vendor Data Processing Agreements. See Stripe’s Data Processing Agreement for more information.

8) Retention

We retain account data and in-app content while your account is active or as needed to provide the service. You may delete content or your account; we then delete or anonymize data unless we need to retain limited records for legal, security, or operational reasons (e.g., audit logs, short-lived backups).

9) Security

We use industry-standard safeguards: HTTPS in transit, hashed/salted passwords, least-privilege access, monitoring, and vendor reviews. No method is 100% secure, but we work continuously to protect your data.

10) Your choices & rights

  • Access / correct / delete — manage certain data in-app; for account deletion or export, contact us below.
  • Emails — if we send product updates, you can unsubscribe at any time.
  • Permissions — revoke browser or device permissions (e.g., file access) at any time.

11) Cookies & tracking

  • Essential — sign-in and in-app preferences (cookies/local storage). Blocking these may break core functionality.
  • Analytics — privacy-respecting, aggregate usage only; no ad targeting profiles.

12) Region-specific notices

California (CCPA/CPRA). We do not “sell” or “share” personal information as defined by CPRA. You may request access or deletion using the contact methods below. Sensitive personal information (if present in your uploads) is used only to provide requested services.

EEA/UK/Switzerland (GDPR). For account/billing/site data, CardCipher is the controller. You may have rights to access, correct, delete, restrict, port, or object. You can also lodge a complaint with your local supervisory authority. For buyer data in your uploads, you are the controller and we process on your instructions.

13) Children

CardCipher is not directed to children under 13 (or the minimum age in your region). We do not knowingly collect such data. If a child’s data was provided to us, contact us to remove it.

14) Changes to this policy

We may update this policy to reflect changes to our practices or legal requirements. When we post changes, we’ll update the “Last updated” date above and, where appropriate, provide additional notice.

15) Contact us

Questions or requests? Email [email protected]. If you prefer, you can also reach us at [email protected].

This page is for transparency and convenience and is not legal advice. Your use of CardCipher remains subject to our Terms of Service.

↑ Back to top