Skip to main content

Privacy Policy

RelationshipCards.com

Effective Date: April 7, 2026 Last Updated: April 7, 2026

Introduction

RelationshipCards.com ("RelationshipCards," "we," "us," or "our") operates an online platform for creating, personalizing, and sending animated video greeting cards featuring original music by independent artists. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our website at RelationshipCards.com (the "Site"), use our mobile applications (if any), access our public REST API (the "API"), or interact with any of our services (collectively, the "Services").

This Privacy Policy applies to all users of the Services, including:

  • Senders — registered account holders who create and send greeting cards
  • Recipients — individuals who receive and view greeting cards sent through our platform
  • API Users — developers and third-party applications that access our Services through the API
  • Visitors — individuals who browse the Site without creating an account

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services.

This Privacy Policy forms part of our Terms of Service. It should be read together with any other applicable policy posted on or linked from our Site.

1. Who We Are

RelationshipCards.com is operated by 555NTSH LLC a Wyoming LLC located at 30 N Gould St. Suite R, Sheridan, Wyoming 82801 with a mailing address of 15202 NW 147th Dr. Suite 1200, PMB #334, Alachua, FL 32615.

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

  • Email: privacy@relationshipcards.com
  • Mail: 555NTSH LLC, Attn: Privacy, 15202 NW 147th Dr. Suite 1200, PMB #334, Alachua, FL 32615

For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, we are the "controller" of your personal data. For the purposes of the California Consumer Privacy Act (CCPA), we are a "business" that collects your personal information.

2. Minimum Age Requirement

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If you are under 18, do not use the Services or provide any personal information to us.

If we learn that we have collected personal information from a person under 18, we will delete that information promptly. If you believe we have inadvertently collected information from someone under 18, please contact us at privacy@relationshipcards.com.

Parents and guardians who wish to send greeting cards on behalf of or to minors may do so from their own adult accounts. In such cases, the adult account holder is responsible for all content and recipient information provided.

3. Information We Collect

We collect information in three ways: directly from you, from recipients of your cards, and automatically through your use of the Services.

3.1 Information You Provide Directly

Account Information. When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored only in hashed form; we cannot read your password)
  • Time zone preference

If you choose to sign in using Google or Apple, we receive your name and email address from the provider you select. We use this information only to create or access your RelationshipCards.com account. We do not receive or store your Google or Apple password, and we do not access your contacts, calendars, files, or any other data from your Google or Apple account.

Optional Profile Information. You may choose to provide additional information to personalize your experience. This information is entirely optional and can be modified or deleted at any time through your account settings:

  • Date of birth
  • Gender
  • Zip code
  • Subject preferences (types of cards and occasions you are interested in)

Payment Information. When you make a purchase or subscribe, we collect:

  • Your chosen pay-what-you-wish amount or subscription tier
  • Billing name and address
  • Transaction confirmation details (amount, date, subscription status)

We do not collect, store, or have access to your credit card number, debit card number, bank account number, or any payment card details. All payment processing is handled by Stripe, Inc. ("Stripe"), our third-party payment processor. When you enter your payment information, it is transmitted directly to Stripe's servers using Stripe.js and Stripe Elements, and is never sent to or stored on our servers. Stripe is a PCI DSS Level 1 certified service provider. You can review Stripe's privacy policy at https://stripe.com/privacy.

We store only a Stripe Customer ID, a token reference to your payment method (not the actual card number), the transaction amount, and the transaction date. This allows us to process subscription renewals and issue refunds without handling your card details.

Card Content. When you create a greeting card, we collect:

  • Your personalized text message
  • Your selection of card template, animation style, and music track
  • Scheduled delivery date and time (if applicable)
  • Sender display name (as you want it to appear to the recipient)

Recipient Information. When you send a card, we collect the following about the recipient, as entered by you:

  • Recipient's name
  • Recipient's email address
  • Event type (e.g., birthday, anniversary, holiday)
  • Relationship to sender (e.g., friend, spouse, parent)
  • The personal message you write to the recipient

This information is provided by the sender, not the recipient. See Section 5 (How We Handle Recipient Data) for details on our commitments regarding recipient data.

Manage People (Contact Lists). We offer a "Manage People" feature that allows you to save a list of recipients for future card sending. Recipients are added to your contact list only if you explicitly add them through this feature. Sending a card to someone does not automatically add them to your contact list.

Communications. When you contact us for support, provide feedback, or respond to surveys, we collect the content of those communications along with your name and email address.

3.2 Information Collected Automatically

When you access the Services, we automatically collect certain technical information:

  • Log Data: IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and time spent on pages.
  • Device Information: Device type, screen resolution, and language preference.
  • Location Detection: When you create an account, we use your IP address to determine your approximate country of location using a locally-hosted IP geolocation database. This lookup is performed entirely on our own servers — no data is sent to any third party. We use this information solely to determine which privacy protections and consent mechanisms apply to your account (for example, to present appropriate marketing consent options based on applicable law). Your registration IP address and the resolved country code are retained as part of your account record.
  • Analytics Data: We use a self-hosted analytics system that runs entirely on our own servers. No analytics data is transmitted to or shared with any third party. This system collects page views, feature usage patterns, and general navigation data to help us improve the Services.
  • Authentication Data: We use JSON Web Tokens (JWT) stored in secure, HTTP-only cookies to manage your login session. These are strictly functional cookies required for the Services to operate. They do not track you across other websites.

What we do NOT collect automatically:

  • We do not use third-party advertising cookies or tracking pixels.
  • We do not use Google Analytics, Meta Pixel (Facebook Pixel), or any third-party behavioral analytics platform.
  • We do not use session replay tools.
  • We do not use iBeacons, GPS tracking, or precise geolocation technologies.
  • We do not engage in cross-site tracking of any kind.

3.3 Information Collected Through the API

If you access our Services through the API, we collect:

  • Your API key (used for authentication; treated as a credential)
  • API request metadata: endpoints accessed, request timestamps, IP address of the requesting server, response codes, and request volume
  • Any personal data you submit through the API (such as sender name, recipient name, recipient email, and card content)

API Users are responsible for providing their own privacy notices to their end users regarding any personal data submitted through the API. See Section 11 (API-Specific Provisions) for additional terms.

3.4 Information We Do NOT Collect

We want to be explicit about what we do not collect:

  • Social Security numbers or government-issued ID numbers
  • Biometric data (fingerprints, facial recognition, voiceprints)
  • Health or medical information
  • Financial account numbers (bank accounts, card numbers — Stripe handles this)
  • Precise geolocation data
  • Photos, images, or media files (our cards do not support photo uploads)
  • Audio recordings of users (the music in our cards is pre-recorded by artists, not user-generated audio)
  • Data from social media accounts beyond name and email (when you sign in with Google or Apple, we receive only your name and email address — we do not access your contacts, photos, files, or any other account data)
  • Information about children under 18

4. How We Use Your Information

We use personal information for the purposes described below.

| Purpose | Data Used | Legal Basis (GDPR) | |---|---|---| | Create and manage your account | Name, email, password hash, time zone | Performance of contract | | Process your payment or subscription | Stripe Customer ID, transaction details, billing address | Performance of contract | | Create, personalize, and deliver your greeting cards | Card content, recipient information, scheduled delivery time | Performance of contract | | Send your card to the recipient on the date you specify | Recipient email, card content, delivery schedule | Performance of contract; legitimate interest (completing the sender's request) | | Notify you about card status (delivered, viewed, expiring) | Your email, card metadata | Performance of contract | | Provide customer support | Communications content, account information | Performance of contract; legitimate interest | | Send you transactional emails (receipts, account changes, password resets) | Your email | Performance of contract | | Send you marketing communications about RelationshipCards.com, including new features, card designs, artist collaborations, and promotional offers | Your email, optional profile information | Consent (where required by applicable law) or legitimate interest (existing customer relationship); you may opt out at any time | | Send you marketing communications on behalf of our affiliates and partners about products and services we think you may find useful | Your email, optional profile information | Consent (where required by applicable law) or legitimate interest; you may opt out at any time | | Personalize your experience based on your preferences | Optional profile data (DOB, gender, zip, subject preferences) | Consent (you choose to provide this data); legitimate interest | | Detect and prevent fraud, abuse, and unauthorized access | IP address, log data, authentication data, API request metadata | Legitimate interest | | Maintain the security and performance of the Services | Log data, device information, analytics data | Legitimate interest | | Comply with legal obligations | Any data as required by law | Legal obligation | | Enforce our Terms of Service | Account and usage data | Legitimate interest |

Important Notes About Marketing Communications

When we send marketing communications on behalf of our affiliates and partners, your personal information is never disclosed to those affiliates or partners. We are the ones doing the sending. Your name, email address, and personal information never leave our systems. Our affiliates and partners do not have access to your data.

Depending on your location, you will either be enrolled in marketing communications when you create an account (with the ability to opt out at any time), or you will be asked to opt in during registration. Where applicable law requires your explicit consent before we send marketing emails, we will present a clear, separate consent option during account creation. You will not receive marketing emails unless you have opted in or are otherwise enrolled in accordance with the laws applicable to you.

You may opt out of marketing emails at any time by:

  • Clicking the "Unsubscribe" link in any marketing email
  • Updating your email preferences in your account settings
  • Emailing privacy@relationshipcards.com

Opting out of marketing emails does not affect transactional emails required for the operation of the Services.

What We Do NOT Use Your Information For

  • We do not sell your personal information to third parties.
  • We do not disclose your personal information to advertisers.
  • We do not use your information for third-party behavioral advertising or profiling.
  • We do not build advertising profiles based on your behavior for external use.
  • We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

5. How We Handle Recipient Data

We take the privacy of card recipients seriously. Recipients have not created accounts with us and have not agreed to a direct relationship with RelationshipCards.com.

5.1 What We Collect About Recipients

When a sender creates a card, the sender provides us with the following about the recipient:

  • Recipient's name
  • Recipient's email address
  • Event type (e.g., birthday, anniversary)
  • Relationship to sender
  • The sender's personal message to the recipient

When a recipient opens and views a card, we automatically collect:

  • The fact that the card was viewed (yes/no)
  • The date and time it was first viewed
  • Browser type and IP address (collected automatically via server logs)

5.2 How We Use Recipient Data

We use recipient data for the following purposes:

  • Delivering the greeting card to the recipient's email address via Mailgun (our email delivery service)
  • Displaying the card to the recipient when they click the viewing link
  • Notifying the sender that the card was viewed (view confirmation only — we do not share the recipient's IP address or browser information with the sender)
  • Sending a reminder to the recipient if the card has not been viewed and is approaching expiration (one reminder only)

5.3 Our Commitments Regarding Recipient Data

  • We will not add recipients to any marketing email list unless the recipient specifically requests it. Receiving a card does not subscribe the recipient to promotional communications from RelationshipCards.com. However, if a recipient wishes to receive marketing from us, they may sign up through the link provided in the card delivery email.
  • We will not sell, rent, or disclose recipient email addresses to any third party for marketing, advertising, or any purpose unrelated to card delivery.
  • We will not use recipient email addresses to create advertising audiences (e.g., custom audiences, lookalike audiences, retargeting lists).

5.4 Recipient Options

Each card delivery email and expiration reminder includes links that allow the recipient to:

  • Opt out of reminders for that card
  • Block all future cards from being delivered to their email address through RelationshipCards.com

If a recipient chooses to block future cards, we add their email address to our suppression list. This means no cards can be sent to that address through our platform. The suppression list entry is retained indefinitely to ensure we continue to honor the opt-out request.

6. Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. When personal information is no longer needed, it is permanently deleted or irreversibly anonymized.

Factors we consider in determining retention periods include the nature of the data, the purposes of processing, applicable legal requirements, and our legitimate business needs.

If you delete your account, we will delete your personal data. Some partial data may remain in backups and caches for a limited period. Payment and transaction records are retained as required by applicable tax and financial record-keeping laws. We also retain records of the consent choices you made when creating your account (including the legal basis on which we process your data for marketing purposes, the consent mechanism presented, and your response) for as long as necessary to demonstrate compliance with applicable law.

Anonymization. Where data is anonymized (made irreversibly non-identifiable), the anonymized data may be retained indefinitely for aggregate analytics purposes (e.g., total cards sent per month). Anonymized data cannot be traced back to any individual.

Legal holds. If we are involved in litigation, a regulatory investigation, or a legal proceeding, we may retain relevant data beyond standard periods as required by law.

7. Who We Share Data With

We do not sell your personal information to third parties. We do not disclose your personal information to third-party advertisers. When we send marketing communications on behalf of our affiliates and partners, we do the sending — your data stays in our systems and is never disclosed to those third parties.

We share data only with the following categories of service providers, and only to the extent necessary for them to perform their functions.

7.1 Service Providers

| Provider | Purpose | Data Shared | Provider's Privacy Policy | |---|---|---|---| | Stripe, Inc. | Payment processing | Billing name, billing address, payment card details (transmitted directly to Stripe, never touching our servers), transaction amounts | stripe.com/privacy | | Mailgun (Sinch Email) | Email delivery (card delivery emails, transactional emails, marketing emails) | Recipient email address, sender display name, email subject line, email body content | mailgun.com/legal/privacy-policy | | Hostinger | Server hosting and content delivery | All data stored on our servers (encrypted at rest) | hostinger.com/legal/privacy-policy |

We require all service providers to:

  • Process personal data only on our documented instructions
  • Maintain appropriate technical and organizational security measures
  • Not use personal data for their own purposes
  • Delete or return personal data at the end of the service relationship

We do not use any advertising networks, data brokers, social media tracking pixels, or third-party behavioral analytics platforms.

7.2 Affiliate and Partner Marketing

We may send you marketing communications on behalf of our affiliates and partners. In these cases:

  • We are the sender. We send the communications using our own systems (Mailgun).
  • Your data is never shared. Your name, email address, and personal information are never disclosed to, shared with, or accessible by the affiliate or partner.
  • You can opt out. Every marketing email includes an unsubscribe link. You may also opt out through your account settings or by emailing privacy@relationshipcards.com.

Under the CCPA and similar state privacy laws, sending marketing on behalf of a third party using our own systems — where no personal information is disclosed to the third party — does not constitute a "sale" or "sharing" of personal information.

We may disclose personal information if we believe in good faith that disclosure is necessary to:

  • Comply with a legal obligation, subpoena, court order, or government request
  • Protect the rights, property, or safety of RelationshipCards.com, our users, or the public
  • Detect, prevent, or address fraud, security issues, or technical problems
  • Enforce our Terms of Service

If we are legally compelled to disclose your personal information, we will notify you in advance (by email to your account address) unless prohibited by law from doing so.

7.4 Business Transfers

If RelationshipCards.com is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Site before your personal information is transferred and becomes subject to a different privacy policy. You will have the opportunity to delete your account before any such transfer.

We may share your personal information with third parties when you have given explicit, informed consent. We will clearly describe the data being shared and the purpose before requesting your consent.

8. Cookies and Tracking Technologies

8.1 Cookies We Use

We use only essential cookies required for the Services to function. We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.

| Cookie Name | Purpose | Type | Duration | |---|---|---|---| | auth-token | Authentication — stores your encrypted JWT session token | First-party, HTTP-only, Secure, SameSite=Lax | 7 days | | csrf-token | Security — prevents cross-site request forgery attacks | First-party, Secure, SameSite=Lax | 7 days | | 2fa-pending-token | Security — temporary token during two-factor authentication verification | First-party, HTTP-only, Secure, SameSite=Lax | 10 minutes (consumed on use) | | oauth_state | Security — CSRF protection during Google sign-in | First-party, HTTP-only, Secure, SameSite=Lax | 5 minutes (consumed on use) | | apple_oauth_state | Security — CSRF protection during Apple sign-in | First-party, HTTP-only, Secure, SameSite=Lax | 10 minutes (consumed on use) | | cart_session | Functionality — maintains your shopping cart as a guest before you sign in | First-party, HTTP-only, Secure, SameSite=Lax | 30 days |

8.2 What We Do NOT Use

  • No Google Analytics or any third-party analytics service
  • No Meta Pixel (Facebook Pixel) or any social media tracking pixel
  • No advertising cookies or retargeting tags
  • No session replay or screen recording tools
  • No fingerprinting or cross-device tracking technologies

8.3 Global Privacy Control

We honor Global Privacy Control (GPC) signals. If your browser or device sends a GPC signal, we treat it as a valid request to opt out of any sale or sharing of personal information, consistent with applicable state laws. We note that we do not sell or share personal information with third parties. The GPC signal applies to the specific browser or device from which it is sent.

All cookies listed above are strictly necessary for the Services to operate — they provide authentication, security, and core shopping functionality. Under the EU ePrivacy Directive, GDPR, CCPA, and other applicable privacy laws, strictly necessary cookies are exempt from consent requirements because the Services cannot function without them. No cookie consent banner or opt-in is required.

We do not set any non-essential cookies (analytics, advertising, or tracking). If this changes in the future, we will update this section and implement an appropriate cookie consent mechanism before deploying any non-essential cookies.

9. Data Security

We implement the following technical and organizational measures to protect your personal information:

Encryption:

  • All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS everywhere).
  • All personal data stored on our servers is encrypted at rest using AES-256 encryption.
  • Passwords are hashed using bcrypt with per-user salts. We cannot reverse or read your password.
  • API keys are stored in hashed form. The plaintext key is shown to the developer only once, at the time of creation.

Access Controls:

  • Access to personal data is restricted to authorized personnel on a need-to-know basis.
  • All administrative access requires multi-factor authentication.
  • We maintain audit logs of all access to personal data.

Infrastructure:

  • Our servers are hosted by Hostinger.
  • We conduct regular security assessments.
  • We maintain an incident response plan and will notify affected users of a data breach as required by applicable law.

Payment Security:

  • We are PCI DSS compliant by virtue of using Stripe's hosted payment fields (Stripe.js / Stripe Elements). Card data never touches our servers.
  • We do not store, process, or transmit payment card data.

No method of transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

10. Original Music and Artist Attribution

RelationshipCards.com features original music composed and performed by independent artists. This section describes how music-related data is handled.

10.1 Music in Our Cards

All music available on the platform is original work created by or exclusively licensed to RelationshipCards.com. We do not use stock music, royalty-free library music, or user-uploaded audio.

Each card that includes music displays a visible credit identifying the artist name and track title.

10.2 Music Data Collection

When you select a music track for your card, we record:

  • The track ID and title selected
  • The artist credited for the track
  • The card in which the track was used

We use this data to:

  • Deliver the correct audio with your card
  • Display artist attribution to the recipient
  • Calculate aggregate play counts for artist compensation purposes

10.3 Artist Information

We may display the following information about our contributing artists on the Site:

  • Artist name (or stage name)
  • A brief biography (if provided by the artist)
  • Links to the artist's own website or social media (if provided by the artist)

This information is provided voluntarily by the artists and is displayed with their consent. Artists may contact us at artists@relationshipcards.com to update or remove their information.

11. API-Specific Provisions

This section applies to developers and third-party applications ("API Users") that access the Services through our public REST API.

11.1 API Authentication and Data Collection

API access is authenticated using API keys. We collect:

  • The API key (stored in hashed form)
  • The identity and contact information of the API key holder (name, email, organization)
  • API request logs (endpoints, timestamps, IP addresses, response codes, request volume)

11.2 API User Responsibilities

If you use the API to send cards on behalf of your own users, you are a separate controller (under GDPR) or business (under CCPA) with respect to the personal data you collect from your users. You are responsible for:

  • Providing your own privacy notice to your users that accurately describes how their data will be processed, including disclosure that data will be transmitted to RelationshipCards.com for card delivery
  • Obtaining any consents required under applicable law before submitting personal data (such as recipient email addresses) through the API
  • Ensuring that all personal data submitted through the API is accurate and that you have the right to provide it
  • Honoring your users' data subject rights (access, deletion, etc.) with respect to data in your own systems; we will cooperate with deletion requests for data in our systems

11.3 API Data Processing Agreement

API Users who process personal data of individuals in the EEA, UK, or Switzerland through our API may request a Data Processing Agreement (DPA) by contacting privacy@relationshipcards.com. The DPA establishes the respective roles and obligations of RelationshipCards.com and the API User under GDPR.

12. International Data Transfers

RelationshipCards.com is operated from the United States. If you access the Services from outside the United States, your personal information will be transferred to and processed in the United States.

For Users in the European Economic Area (EEA), United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, the transfer of your personal data to the United States is conducted under one or more of the following safeguards:

  • Standard Contractual Clauses (SCCs): We enter into EU-approved Standard Contractual Clauses with our service providers that process personal data outside the EEA.
  • Adequacy Decisions: Where applicable, transfers may be based on an adequacy decision by the European Commission.
  • Your Consent: By creating an account and using the Services, you consent to the transfer of your data to the United States for the purposes described in this Privacy Policy. You may withdraw this consent at any time by deleting your account.

For questions about international data transfers, contact privacy@relationshipcards.com.

13. Your Privacy Rights

Depending on where you live, you may have specific rights regarding your personal information. You do not need to know which law applies to you — we will honor valid requests from all users regardless of location.

13.1 Rights Available to All Users

All users of the Services may:

  • Access your personal information. Request a copy of the personal data we hold about you.
  • Correct inaccurate personal data. Update your information through your account settings or by contacting us.
  • Delete your personal data. Request that we delete your account and associated personal data, subject to legal record-keeping requirements (for example, payment records required by tax law).
  • Export your data in a portable format. Request a machine-readable copy (JSON format) of your personal data, including your account information, card history, and subscription history.
  • Opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email, through your account settings, or by emailing privacy@relationshipcards.com.

To exercise any of these rights, email privacy@relationshipcards.com or use the privacy request form at RelationshipCards.com/privacy-request. We will respond within 30 days. We may ask you to verify your identity before processing your request.

13.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"), provides you with the following additional rights:

Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it.

Right to Delete. You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (such as legal record-keeping obligations).

Right to Correct. You have the right to request correction of inaccurate personal information we maintain about you.

Right to Opt Out of Sale or Sharing. We do not sell your personal information to third parties. When we send marketing communications on behalf of our affiliates and partners, your personal information is never disclosed to those third parties — we do the sending using our own systems. Under the CCPA, this does not constitute a "sale" or "sharing" of personal information because no personal information is disclosed to any third party.

Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA rights.

Authorized Agents. You may designate an authorized agent to make requests on your behalf. The agent must provide written authorization signed by you and we may require you to verify your identity directly.

Verification. To protect your privacy, we verify your identity before fulfilling requests. We will ask you to confirm your email address and may ask additional verification questions.

Categories of Personal Information Collected (Preceding 12 Months):

| CCPA Category | Collected | Sold | Shared for Advertising | |---|---|---|---| | A. Identifiers (name, email, IP address, account name) | Yes | No | No | | B. California Customer Records (name, address, payment-related info) | Yes | No | No | | C. Protected Classification Characteristics (gender, DOB — optional) | Yes (optional) | No | No | | D. Commercial Information (purchase/subscription history) | Yes | No | No | | E. Biometric Information | No | No | No | | F. Internet or Electronic Network Activity (log data, pages visited) | Yes | No | No | | G. Geolocation Data (non-precise, derived from IP address or zip code) | Yes | No | No | | H. Sensory Data (audio, visual — card content only) | Yes | No | No | | I. Professional or Employment Information | No | No | No | | J. Non-Public Education Information | No | No | No | | K. Inferences | No | No | No | | L. Sensitive Personal Information | No | No | No |

13.3 Additional Rights for Residents of U.S. States with Privacy Laws

If you reside in a U.S. state with a comprehensive privacy law (including but not limited to Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Texas, Utah, and Virginia), you have rights that substantially overlap with those described in Section 13.1 and 13.2, including the right to access, correct, delete, and obtain a portable copy of your personal data, and the right to opt out of the sale of personal information and targeted advertising.

We do not sell personal information or engage in targeted advertising using third-party data. Therefore, these opt-out rights are already satisfied by our practices.

Global Privacy Control (GPC). We recognize and process GPC opt-out preference signals. If your browser transmits a GPC signal, we treat it as a valid opt-out request consistent with applicable state laws. The GPC signal applies to the specific browser or device from which it is sent.

13.4 Additional Rights for Users in the EEA, UK, and Switzerland (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) or the UK GDPR provides you with the following rights:

  • Right of Access: Obtain confirmation as to whether we process your personal data and a copy of it.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances (e.g., while we verify its accuracy).
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format (JSON) and transmit it to another controller.
  • Right to Object: Object to processing based on legitimate interests, including direct marketing. We will cease processing for direct marketing purposes immediately upon request.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Right to Lodge a Complaint: You may lodge a complaint with your local data protection authority. For the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. For EU member states, find your local authority at edpb.europa.eu.

To exercise any right, contact privacy@relationshipcards.com. We will respond within one month. This period may be extended by two additional months for complex requests, in which case we will notify you of the extension within the first month.

14. Email Communications

14.1 Transactional Emails

We send the following emails that are necessary for the operation of the Services. These are not marketing emails and you cannot opt out of receiving them while your account is active:

  • Account creation confirmation
  • Password reset requests
  • Payment receipts and subscription confirmations
  • Card delivery notifications (to senders)
  • Card delivery emails (to recipients)
  • Card expiration reminders (to recipients — one reminder per card)
  • Card viewed notifications (to senders)
  • Changes to our Terms of Service or Privacy Policy
  • Security alerts (unusual login activity, password changes)
  • Subscription renewal reminders (sent 14 days before renewal)

14.2 Marketing Emails

We may send marketing emails about new features, new card designs, new artist collaborations, promotional offers related to RelationshipCards.com, and products or services from our affiliates and partners that we think you may find useful.

Depending on your location, you will either be enrolled in marketing emails when you create an account (with the ability to opt out at any time), or you will be asked to opt in during registration. You may opt out at any time by:

  • Clicking the "Unsubscribe" link in any marketing email
  • Updating your email preferences in your account settings
  • Emailing privacy@relationshipcards.com

When we send marketing on behalf of affiliates and partners, your personal information is never disclosed to those third parties. We do the sending.

Opting out of marketing emails does not affect transactional emails.

14.3 Recipient Emails

Recipients receive only:

  • The card delivery email
  • One expiration reminder

Recipients are not added to any marketing list unless they specifically request it. Each recipient email includes a link to block future cards from our platform.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Send an email notification to all registered account holders describing the changes
  • Post a notice on the Site for at least 30 days
  • For material changes that expand the scope of data collection or sharing, provide at least 30 days' advance notice before the changes take effect

Your continued use of the Services after the updated Privacy Policy takes effect constitutes your acceptance of the changes. If you disagree with any changes, you may delete your account at any time.

Previous versions of this Privacy Policy are archived and available upon request at privacy@relationshipcards.com.

16. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at:

Email: privacy@relationshipcards.com Mail: 555NTSH LLC, Attn: Privacy Team, 15202 NW 147th Dr. Suite 1200, PMB #334, Alachua, FL 32615

We aim to respond to all privacy inquiries within 30 days. For GDPR-related requests, we will respond within one month as required by law.

For unresolved complaints regarding our privacy practices, you may contact:

  • California: The Office of the California Attorney General at oag.ca.gov
  • United Kingdom: The Information Commissioner's Office at ico.org.uk
  • European Union: Your local data protection authority, listed at edpb.europa.eu
  • Your state Attorney General: For residents of U.S. states with comprehensive privacy laws