qardo Back to site

Legal

Privacy Policy

Effective date: April 20, 2026 | Version: 1.0 public release

This notice explains what qardo is designed to collect and how it is used across hosted, beta, and self-hosted deployments. A deployment operator may publish stricter or more specific terms for its own instance.

Data we handle

  • Account data, such as email address, profile settings, birthday or display-name fields you choose to add, authentication state, verification state, and password-reset state.
  • Card data, such as card names, barcode values, notes, tags, category labels, images, expiry metadata, and import/export metadata.
  • Sync and recovery data, such as encrypted card payloads, sync cursors, registered sync-device records, recovery-kit state, share-link metadata, group membership, family or household role state, and audit records.
  • Billing and entitlement data where a hosted operator enables paid plans.
  • Support and contact data you choose to send, such as feedback text and contact email.
  • Technical data, such as URL, user agent, stack trace, component source, breadcrumbs, timestamp, and other diagnostics included in production error reports.
  • Usage analytics where configured by the operator. qardo uses self-hosted analytics when enabled and provides an in-app opt-out for that analytics layer.

Local-only and synced data

Local-only cards stay in the current browser or device storage and are not automatically uploaded to an account. Clearing browser storage, changing browsers, losing a device, or uninstalling the app may permanently remove local-only records. Synced account data is sent to the configured backend so account features, recovery, sharing, and multi-device access can work.

How we use data

qardo uses data to provide wallet features, authenticate users, secure accounts, operate sync and recovery, deliver support, process enabled billing features, investigate incidents, maintain service reliability, and improve product quality. Card data is not intended for third-party advertising or sale.

Analytics and error reporting

Where usage analytics are configured, they are intended to minimize personal data collection and can be disabled from the app settings. Product error reporting can also be disabled from the app settings on the current browser or device. When enabled in supported deployments, error reports may send technical diagnostics to the configured qardo API endpoint so maintainers can diagnose crashes and failed flows. Error reports can include the page URL, browser user agent, stack trace, component name, recent navigation breadcrumbs, and timestamps.

Sharing and processors

qardo may share data with processors that help operate the service, such as hosting, email delivery, analytics, error reporting, and payment providers, where those features are enabled. qardo may also disclose information when required by law, to enforce terms, prevent abuse, or protect users and the service.

Retention and deletion

Active account data is retained while needed to operate account features. Hidden cards, scheduled deletion records, sync metadata, recovery metadata, share-link history, and audit records may be retained while needed to operate restore, sync, recovery, security, or cleanup flows. Account deletion schedules supported hosted-account records for removal after the configured recovery window and clears browser-local data on the device where deletion completes.

Device features, biometrics, and location

Biometric unlock uses browser and device security APIs where available; qardo does not receive the biometric itself or store a reusable biometric template. Nearby card suggestions use live device location only after opt-in and process it on the device for that feature where possible. Saved card location hints stay with the card record according to the storage mode you choose.

Deployment-gated household groups, minors, and household controls

If family or household features are enabled, group organizers may invite members, assign roles, and manage shared cards subject to deployment rules. Adults are responsible for obtaining any guardian consent or other permission required before creating, managing, or sharing data for a child account or minor household member.

International transfers and children

Hosted infrastructure and processors may operate in countries other than yours, depending on the deployment. qardo is not intended for children under the age required by applicable law to consent to data processing in their jurisdiction.

Changes and contact

qardo may update this notice as features, operators, or legal requirements change. For project-level questions, use the public qardo repository issue tracker or the support channel published by your deployment operator.