Home · Privacy Policy

Privacy Policy

Last updated: April 5, 2026

Jurisdictions & compliance frameworks

Cardexio operates under two entities to serve customers globally with appropriate local protections:

  • EU & UK customers: data is hosted in the EU (Supabase eu-west-1, Ireland). Processing complies with the GDPR (Regulation EU 2016/679) and the UK Data Protection Act 2018. Cardexio EU acts as the data controller for these users.
  • US & Americas customers: served by Cardexio Inc. (New Mexico, USA). Compliance with the California Consumer Privacy Act (CCPA) and applicable US state privacy laws. Where required, GDPR-equivalent protections are extended.
  • Cross-border transfers: we do not transfer EU personal data to the US without explicit user consent or a valid lawful basis under GDPR Chapter V.

For data subject requests (access, rectification, erasure, portability, objection): privacy@cardexio.com.

1. Introduction

Cardexio is a service provided by Arkodigital LLC ("we", "us", or "our"). We respect your privacy and are committed to protecting the personal data you share with us. This Privacy Policy explains what data we collect, how we use it, and what rights you have.

2. Data Controller

Arkodigital LLC
1209 Mountain Road PL NE, STE N
Albuquerque, NM 87110, USA
Email: hello@cardexio.com

3. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, and password (stored as a secure hash)
  • Business card & contact data: names, phone numbers, email addresses, job titles, and company names extracted from scanned business cards
  • Workspace data: team members, roles, and workspace settings
  • Usage data: log files, IP address, device type, browser, and app version
  • Support data: messages you send us for support or feedback

4. How We Use Your Data

We use your data to:

  • Provide, operate, and improve the Cardexio service
  • Process business card scans and organize your contacts
  • Enable CRM integrations (Pipedrive, Zoho) when you connect them
  • Send transactional emails (e.g., account confirmation, password reset)
  • Respond to your support requests
  • Ensure security and prevent fraud
  • Comply with applicable legal obligations

5. Legal Basis for Processing

We process your data on the following legal bases:

  • Contract performance: to deliver the service you signed up for
  • Legitimate interests: to improve our service, ensure security, and prevent abuse
  • Consent: for optional features such as marketing communications (you may withdraw consent at any time)
  • Legal obligation: when required by applicable law

6. Data Retention

We retain your data for as long as your account is active or as needed to provide our services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the data we hold about you
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your data ("right to be forgotten")
  • Portability: receive your data in a structured, machine-readable format
  • Objection: object to processing based on legitimate interests
  • Withdrawal of consent: withdraw consent at any time for consent-based processing

To exercise any of these rights, contact us at hello@cardexio.com.

8. Cookies

We use essential session cookies to keep you logged in and maintain your preferences. We do not use third-party advertising cookies. You can disable cookies in your browser settings, but this may affect service functionality.

9. Third-Party Services

We use the following third-party providers who may process your data on our behalf:

  • Supabase — database and authentication hosting (servers in the US/EU)
  • Pipedrive — CRM integration (only if you connect your Pipedrive account)
  • Zoho CRM — CRM integration (only if you connect your Zoho account)

CRM integrations only activate when you explicitly connect your account. We do not sell your data to third parties.

10. Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS), encrypted storage of sensitive tokens, and role-based access controls. No system is 100% secure; if you suspect a security issue, please contact us immediately at dev@cardexio.com.

11. Policy Changes

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via in-app notification or email. The "Last updated" date at the top of this page will always reflect the most recent version.

12. Contact

For any privacy-related questions or requests: hello@cardexio.com
Arkodigital LLC · 1209 Mountain Road PL NE, STE N · Albuquerque, NM 87110, USA

We use cookies to understand how you use Cardexio and improve the product. Read our privacy policy.