Politique de confidentialité

Effective date: 2026-04-17 · Last updated: 2026-04-17

SmartDealMind LLC ("we", "us", "our") operates SelahCard (the "Service"). This Politique de confidentialité explains what personal information we collect, how we use it, with whom we share it, and the rights you have regarding your data.

1. Who We Are (Data Controller)

SmartDealMind LLC, a Georgia limited liability company located at 4519 Woodruff Rd, Unit 4 #6356, Columbus, GA 31904, United States, is the "data controller" of the personal information collected through SelahCard. You can reach our privacy team at privacy@selahcard.com.

2. What Personal Information We Collect

Information You Provide

• Compte info: first name, last name, email address, and (for Google sign-in) your Google profile name & profile photo URL.
• Card info: any details you choose to put on your digital card — job title, phone number, photo, social media links, website, company name. This is what you want shared.
• Billing info: when you subscribe, we collect billing information through Stripe. Stripe collects your card number, expiration, CVC, and billing address. We do not receive or store your full card number; we only receive a tokenized reference and the last 4 digits for display.
• Communications: if you email us or use our contact forms, we keep the content for customer-service purposes.
• NFC/physical card shipping: if you order a physical NFC card, we collect your shipping address.

Information We Collect Automatically

• Card view analytics: when someone opens your digital card, we log the view timestamp, approximate country (from IP), device type (phone/tablet/desktop), and referrer. We use hashed-IP identifiers — we do not store full raw IP addresses linked to card views for longer than 30 days.
• Card click analytics: when a visitor taps a button on your card (Call, E-mail, Enregistrer le contact, social link), we log the action and timestamp so you can see engagement on your analytics tab. We do NOT log the identity of the visitor — only that an anonymous visitor performed that action.
• Marketing-site visits: when you browse selahcard.com itself (the marketing homepage, pricing page, etc.), we set an anonymous session cookie (selahcard_vs) and log page views for analytics purposes (which pages performed well, drop-off points, UTM attribution). The session cookie contains no personal information.
• Log data: our servers (Cloudflare) automatically log requests, including IP address, user-agent string, URL requested, and timestamp, for security, debugging, and rate-limiting.
• Essential cookies: we set a secure session cookie (selahcard_session for admins, selahcard_user_session for users) after you sign in. See Cookie Policy.

Marketing Communications (Opt-In)

During signup, we ask whether you'd like to receive product updates, tips, and occasional offers par email. If you opt in:

• We may send you periodic emails about new features, helpful tips, pricing updates, and product announcements.
• You can unsubscribe at any time via the "unsubscribe" link in every marketing email, or par replying to any email asking to be removed.
• Unsubscribing from marketing does NOT unsubscribe you from transactional emails (welcome, billing receipts, card-expiration notices) — those are required to provide the service.
• If you did not opt in or have unsubscribed, we will NOT send you marketing emails. Period.

We comply with the CAN-SPAM Act (US), CASL (Canada), and GDPR (EU) rules for commercial email. Every marketing email includes our physical address, a clear unsubscribe mechanism, and an accurate "From" identity.

Information We Do NOT Collect

• We do not collect precise geolocation (GPS).
• We do not use behavioural advertising cookies or third-party analytics cookies.
• We do not collect data from children under 13.
• We do not sell your personal information to anyone, ever.

3. How We Use Your Information

• Provide the Service: host your digital card, generate your QR code, send transactional emails (welcome, card-edit confirmations).
• Billing: process subscription payments, manage renewals, issue refunds.
• Card analytics: show you (the card owner) who viewed your card — aggregated counts, country, and device type. We never share your viewers' info with advertisers.
• Support: respond to your questions and diagnose issues.
• Security: detect fraud, abuse, and unauthorised access; enforce our Utilisation acceptable Policy.
• Mentions légales compliance: comply with law enforcement requests, tax obligations, and legal processes.
• Produit improvement: aggregated, de-identified usage data to improve the Service.

4. Mentions légales Bases for Processing (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process your personal information based on:

• Contract: to provide the Service you've signed up for (Art. 6(1)(b) GDPR).
• Legitimate interests: to operate, improve, and secure the Service; to prevent fraud (Art. 6(1)(f)). You can object to processing based on legitimate interests.
• Consent: for optional features like non-essential cookies, where we ask. You may withdraw consent at any time (Art. 6(1)(a)).
• Mentions légales obligation: to comply with tax, accounting, and law-enforcement obligations (Art. 6(1)(c)).

5. How We Share Your Information

We share your information only with the following categories of recipients, and only as needed to provide the Service:

We also may disclose information: (a) to comply with a legal obligation, court order, or valid government request; (b) to enforce our Terms, protect our rights, or investigate potential violations; (c) to protect the safety of our users or the public; and (d) in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.

We do not sell personal information within the meaning of the California Consumer Privacy Act (CCPA) or similar laws, and we do not share personal information with third parties for cross-context behavioural advertising.

6. Data Retention

• Active accounts: retained for as long as your account is active.
• Deleted accounts: removed from our live systems within 30 days of deletion request, except where we are required to retain data for legal or accounting purposes (e.g. tax records for 7 years).
• Server logs: typically retained for up to 90 days for security and diagnostic purposes.
• Card view analytics: raw analytics are aggregated or purged within 90 days; aggregate counts may be retained indefinitely.
• Backups: may persist in backup systems for up to 90 days before being overwritten.

7. Cookies & Similar Technologies

We use a small number of cookies; the details are in our Cookie Policy. In short: we use one essential session cookie after sign-in for authentication. We do not currently use any advertising, tracking, or third-party analytics cookies. If this ever changes, we'll update our Cookie Policy and, where required par law, ask for your consent first.

8. Your Rights

You have several rights over your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: ask us to correct inaccurate or incomplete information.
• Deletion: ask us to delete your personal information. You can delete your account at any time from your dashboard.
• Portability: request your information in a structured, machine-readable format.
• Restriction / objection: ask us to pause or stop processing your information in certain situations.
• Withdraw consent: where we rely on consent, you can withdraw it at any time (this won't affect processing already done).
• Complain: lodge a complaint with your local data-protection authority.

To exercise any of these rights, email us at privacy@selahcard.com. We will respond within 30 days (GDPR) or 45 days (CCPA), or let you know if we need more time. We will not discriminate against you for exercising your rights.

9. California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended par the California Privacy Rights Act:

• Right to know what personal information we collect, use, disclose, and sell.
• Right to delete personal information we collected from you.
• Right to correct inaccurate personal information.
• Right to opt out of sale/sharing — we do not sell or share personal information for targeted advertising, so there is nothing to opt out of.
• Right to limit use of sensitive personal information — we do not use sensitive personal information to infer characteristics.
• Right to non-discrimination for exercising your CCPA rights.

In the 12 months preceding the effective date, we may have collected the categories of personal information listed in Section 2 above. We collected it from you directly and automatically as described in Section 2, used it for the purposes described in Section 3, and disclosed it for business purposes to the recipients in Section 5.

To exercise your CCPA rights, email privacy@selahcard.com. We will verify your request par matching information you provide against what we have on file. You may designate an authorised agent; we may require written authorisation and identity verification.

10. EU / UK Residents (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, SmartDealMind LLC is the data controller of your personal information. We do not currently have an appointed EU representative; you may contact our privacy team at privacy@selahcard.com for any GDPR-related matter.

You have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu.

11. Children's Privacy

SelahCard is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe a child under 13 has provided us personal information, please email privacy@selahcard.com and we will take steps to delete it promptly.

12. International Data Transfers

We are located in the United States, and our primary sub-processors (Cloudflare, Stripe, Resend, Google) are also in the United States. If you access SelahCard from outside the US, your information will be transferred to and processed in the US, which may have different data-protection laws than your country.

When we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to the US, we rely on Standard Contractual Clauses (SCCs) approved par the European Commission, the Data Privacy Framework (where applicable), or other lawful transfer mechanisms.

13. Security

We take reasonable and appropriate measures to protect your personal information:

• All data is transmitted over HTTPS/TLS.
• Passwords (where used) are hashed with industry-standard algorithms — we never store plain-text passwords.
• Session tokens are cryptographically random and short-lived.
• Infrastructure runs on Cloudflare's global network with DDoS protection and WAF.
• Access to production systems is limited to a small number of authorised personnel.

However, no method of transmission or storage is 100% secure. In the event of a data breach affecting your personal information, we will notify you and the appropriate authorities as required par applicable law (e.g. within 72 hours under GDPR).

14. Changes to This Politique de confidentialité

We may update this Politique de confidentialité from time to time. When we make material changes, we will post the updated policy at https://selahcard.com/privacy and update the effective date. If the change is material, we will also notify you par email at least 14 days before the change takes effect.