Privacy Policy
Introduction
This policy explains what personal data Batra Kard collects, why we collect it, and how we use it. Batra Kard is operated by Level 1 Virtual Solutions Ltd, registered in England & Wales. We are registered with the Information Commissioner's Office (ICO) under registration number ZC136917.
We take your privacy seriously. We only collect what we need, we never sell your data, and we make it straightforward to access, correct, or delete it. This policy applies to all users of kard.batra.ai.
Questions? Contact us at [email protected].
Data We Collect
Account data
- Your email address
- A hashed password (we never store your password in plain text)
- Your name, job title, phone number, and website (as entered on your card)
- A profile photo, if you choose to upload one
- Your chosen card theme and slug (the short URL for your public card)
Social sign-in data
If you sign in with Google, GitHub, Microsoft, or Apple, we receive a unique provider ID and, where the provider shares it, your email address and display name. We do not receive your password from these services.
Payment data
Billing is handled by Stripe. We store your Stripe customer ID and subscription status. We do not store card numbers, sort codes, or any raw payment details. Those remain on Stripe's servers.
Usage and technical data
- IP address (used for rate limiting and security, not profiling)
- Browser type and device type (from server logs, retained briefly)
- Pages visited within the app
Communications
When you contact support at [email protected], we retain the content of that correspondence to help resolve your query.
Why We Collect It
- To create and manage your account — so you can log in and manage your card
- To display your public digital business card — your name, title, contact details, and photo are shown to anyone who visits your card URL
- To process payments — to handle Pro subscriptions via Stripe
- To send transactional emails — account verification, password reset, payment receipts, and service notices
- To improve security — to detect and prevent fraud, abuse, and unauthorised access
- To comply with the law — including financial record-keeping requirements
We do not use your data for advertising, profiling, or automated decision-making.
Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Providing the service (account, card, login) | Contract (Article 6(1)(b)) |
| Processing payments | Contract (Article 6(1)(b)) |
| Transactional emails (verification, receipts) | Contract (Article 6(1)(b)) |
| Security monitoring and fraud prevention | Legitimate interests (Article 6(1)(f)) |
| Financial record-keeping | Legal obligation (Article 6(1)(c)) |
How Long We Keep Your Data
- Account and card data — retained while your account is open; deleted 30 days after a deletion request
- Payment records — retained for 7 years to meet HMRC financial record-keeping requirements
- Server logs — retained for up to 30 days, then deleted automatically
- Support emails — retained for up to 2 years, then deleted
You can schedule your account deletion at any time from the Account & Data section of your dashboard.
Who We Share Your Data With
We do not sell your data. We only share data with the third-party services needed to operate Batra Kard. All processors are contractually bound to handle your data in accordance with UK GDPR.
Stripe (payments)
We use Stripe to process subscription payments. Stripe receives your email address and billing details. Stripe is PCI-DSS Level 1 certified. See Stripe's privacy policy.
Brevo (transactional email)
We use Brevo to send transactional emails such as account verification and password resets. Brevo receives your email address and name for this purpose. See Brevo's privacy policy.
Cloudflare (CDN and DNS)
Web traffic to kard.batra.ai passes through Cloudflare's network for performance and security. Cloudflare may process IP addresses and request metadata as part of this service. See Cloudflare's privacy policy.
Hetzner (hosting)
Our servers run on Hetzner infrastructure hosted in the EU (Germany). Your data is stored on these servers and does not leave the EU/EEA. See Hetzner's privacy policy.
Your Rights Under UK GDPR
You can exercise most rights directly from your dashboard, or by emailing [email protected]. For full details visit our Your Data Rights page.
- Access — request a copy of the data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — request deletion of your account and data (30-day grace period applies)
- Portability — download your data in XLSX format from the dashboard
- Restriction — ask us to pause processing without deletion
- Object — object to processing based on legitimate interests
Cookies
We use only strictly necessary cookies to make the service work. We do not use analytics or advertising cookies. See our Cookie Policy for full details.
International Data Transfers
Your data is stored on servers in Germany (Hetzner) and remains within the EU/EEA. Stripe and Brevo may process data in the United States. Both operate under Standard Contractual Clauses (SCCs), which provide protection equivalent to UK GDPR.
Changes to This Policy
We may update this policy from time to time. When we make significant changes, we will notify you by email or via a notice on the dashboard. The "Last updated" date at the top will always show when it was last revised.
Contact Us
- Email: [email protected]
- Data Protection Officer: [email protected]
- Company: Level 1 Virtual Solutions Ltd (trading as Batra Kard), registered in England & Wales
- ICO Registration: ZC136917
If you are not satisfied with our response, you have the right to complain to the ICO: ico.org.uk/make-a-complaint · 0303 123 1113