Effective date: March 17, 2026
HuddleCard ("we", "us", "our") operates huddlecard.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.
By using the Service, you consent to the practices described in this policy. If you do not agree with this policy, please do not use the Service.
We use the information we collect to:
We do not use your personal information for advertising, profiling, or automated decision-making. We do not sell your personal information to any third party.
We share your information with the following third-party processors, solely to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing & billing | Email, company name, subscription data |
| Slack | Workspace integration | User profiles (name, email, avatar), card notification content |
| Cloudinary | Media storage & image processing | Uploaded images and media files |
| Mailgun | Transactional email delivery | Recipient email addresses, email content (including card messages compiled into delivered cards) |
| Sentry | Error tracking & monitoring | Error logs and request metadata (no personal content) |
| Giphy | GIF search & embedding in cards | Search queries entered when browsing GIFs |
| Unsplash | Stock photo search for card images | Search queries entered when browsing photos |
| Google Fonts | Web font delivery | IP address and page URL (standard browser request) |
| CDN providers (cdnjs, unpkg, jsDelivr, MaxCDN) | Hosting open-source JavaScript and CSS libraries | IP address and page URL (standard browser request) |
Each provider processes data in accordance with their own privacy policies. We maintain agreements with these providers to ensure your data is handled securely and only for the purposes described above.
We use the following types of cookies:
We do not use any analytics cookies or third-party tracking cookies. You can configure your browser to refuse all cookies, though some features of the Service may not function properly without essential cookies.
We retain your personal information for as long as your account is active or as needed to provide the Service. If you or your company administrator removes a team member, we delete that person's profile data and card content. Full account closure (deletion of all company data) is handled upon request — contact us at info@huddlecard.com. In all cases, we may retain billing records for the period required by applicable tax and accounting regulations.
Card content (messages and media) is retained for the lifetime of the card unless deleted by the card creator or a group administrator.
We implement industry-standard security measures to protect your information, including:
No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we take reasonable and appropriate steps to protect the personal information we process.
In the event of a data breach that affects your personal information, we will notify affected users and, where required, the relevant supervisory authorities, within the timeframes mandated by applicable law (72 hours under GDPR). Notification will include a description of the breach, the types of data affected, and the steps we are taking in response.
You may at any time:
If you are located in the European Economic Area or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) and the UK GDPR, including:
Our legal bases for processing your data are: (a) performance of our contract with you (providing the Service), (b) your consent (where applicable), and (c) our legitimate interests (service improvement, security, and error monitoring).
To exercise any of these rights, contact us at info@huddlecard.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.
If you are a California resident, under the California Consumer Privacy Act (CCPA) you have the right to:
To make a request, contact us at info@huddlecard.com.
If your organization requires a Data Processing Agreement (DPA) to comply with GDPR or other data protection regulations, we are happy to provide one. Please contact us at info@huddlecard.com to request a DPA.
The Service is designed for use by businesses and organizations and is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16, we will promptly delete it. If you believe a child has provided us with personal information, please contact us.
HuddleCard is based in the United States. If you are accessing the Service from outside the United States, your information will be transferred to and processed in the United States, where our servers and service providers are located.
For transfers of personal data from the EEA or UK to the United States, we rely on the EU-U.S. Data Privacy Framework where applicable, or Standard Contractual Clauses (SCCs) approved by the European Commission, to provide appropriate safeguards for your data. You may request a copy of the relevant transfer mechanisms by contacting us.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a security concern, contact us at: