Privacy Policy
Last updated: July 1, 2026
What we collect
- Account: email address, vault name, hashed password (or OAuth identifier if you sign in with Google).
- Content: photographs of cards you upload and any text you attach.
- Messages: the direct messages you send other users.
- Usage: basic device, browser, and interaction data needed to run the Service.
How we use it
To operate the vault, run AI classification on uploaded images, deliver messages between users, prevent abuse, and improve the Service. We do not sell your personal data.
Sharing
Content in your public vault or on public shared links is visible to anyone with the link. Private vaults and direct messages are visible only to you and the users you share with. We use trusted sub-processors (hosting, database, AI inference, email) under contract and only for the purposes above.
Your rights
You can access, export, or delete your account and content at any time from Profile settings. For requests under GDPR, UK GDPR, or CCPA, email privacy@zard.app.
Security
We use industry-standard encryption in transit and at rest. No system is perfectly secure — please use a strong, unique password.
Children
ZARD is not directed to children under 13. If we learn we have collected data from a child under 13, we will delete it.
Contact
privacy@zard.app