Privacy Policy — FistTap

1. Information We Collect

We collect information you provide directly when you create an account or place an order: name, email address, phone number, billing address, and payment information (processed securely by Stripe — FistTap never stores raw card numbers). We also collect profile content you upload such as photos, logos, links, and bio text. Automatically collected data includes IP addresses, browser type, pages visited, and NFC/QR tap events associated with your card.

2. How We Use Information

Your information is used to fulfil orders and deliver cards, operate and improve the Service, provide customer support, send transactional and (with your consent) marketing emails, and display analytics in your dashboard. Tap event data is aggregated and tied to your card — we do not track the individuals who tap your card.

3. Data Sharing

We do not sell your personal data. We share data only with trusted service providers needed to operate the Service: Stripe (payments), AWS SES (email delivery), and our hosting infrastructure provider. These providers are bound by data processing agreements and may not use your data for their own purposes.

4. Data Retention

Account data is retained for as long as your account is active. If you close your account, we delete or anonymise your personal data within 90 days, except where we are legally required to retain it (e.g., billing records for tax purposes, retained for 7 years per Canadian law).

5. PIPEDA Compliance

FistTap operates under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access, correct, or request deletion of your personal information at any time. To exercise these rights, contact us at the address below. We will respond within 30 days.

6. Contact

Privacy questions or requests should be sent to privacy@fisttap.com. Our mailing address is available on request.