Last updated: June 15, 2026
Privacy Policy
This Privacy Policy is a product-specific draft for GitCard and should be reviewed by qualified legal counsel before production use.
This Privacy Policy explains how Gitcard collects, uses, discloses, and protects information when you use GitCard. In this Policy, "GitCard," "we," "us," and "our" refer to Gitcard.
GitCard includes developer portfolio profiles, cards, resume tools, source-code insights, recruiter search, recruiter workspace tools, messaging, AI resume features, and physical card ordering.
1. Information We Collect
- Account and profile information, such as name, email address, avatar, account type, login provider details, public profile settings, social links, GitHub or GitLab usernames, and account preferences.
- Authentication and OAuth information from providers such as GitHub and GitLab, including provider identifiers, connection status, usernames, profile data, repository or project metadata you authorize, and temporary access information needed to perform requested actions.
- Public profile, portfolio, and card content, including project descriptions, source-code metrics, public resume sections, profile cover images, card designs, QR links, templates, contact details, and public analysis pages.
- Dynamic QR information, including QR destination URLs, scan timestamps, scan counts, referrer origin, coarse device, browser, operating-system family, and optional country code. GitCard dynamic QR scan events do not store raw IP addresses or full user-agent strings.
- Resume and upload information, including resume drafts, imported PDF or DOCX files, extracted resume text, resume templates, AI analysis records, section-improvement prompts, generated suggestions, deterministic resume scores, and resume export activity.
- Recruiter workflow information, including searches, saved candidates, notes, statuses, tags, prepared invite drafts, requester-private analysis status, bookmarks, and candidate pipeline activity.
- Messaging and invitation information, including message threads, direct messages, read states, email notification metadata, GitHub Issue invite attempts, and the target public repository selected for an invite.
- Payment, subscription, and order information, including Stripe customer IDs, subscription IDs, subscription status, current period dates, cancellation status, invoices, payment events, card-order payment status, shipping details, quote data, Gelato order data, and print-file references.
- Device, log, and usage information, such as IP address, browser type, pages viewed, timestamps, session cookies, security logs, performance logs, error data, and feature interactions.
- Support and communication information, including messages you send to support, email preferences, notification metadata, and other information you choose to provide.
2. How We Use Information
- Provide, operate, secure, debug, and improve GitCard features.
- Create and manage accounts, authentication, sessions, account switching, and user settings.
- Publish public profile pages, selected source metrics, public analysis pages, card previews, and public resume sections according to your settings and feature choices.
- Run GitHub and GitLab sync, repository analysis, developer search, public developer analysis, and recruiter search features.
- Store and process resumes, imports, AI analysis, section-improvement requests, and resume exports.
- Process subscriptions, payments, invoices, trials, cancellations, physical card orders, print production, shipping, fraud prevention, and tax or accounting records.
- Provide dynamic QR redirects, owner-managed QR destination updates, basic ordered-card scan totals, and Pro QR analytics.
- Send service emails, account notices, message notifications, analysis completion notices, support replies, billing notices, and security communications.
- Enforce terms, prevent abuse, detect security incidents, comply with law, and protect GitCard, users, candidates, and third parties.
3. Public Information and Your Choices
GitCard is designed to help developers publish professional portfolio information. Depending on your settings and actions, public information may include your profile, avatar, cover image, selected repositories or projects, GitHub or GitLab metrics, resume sections, card preview content, public analysis pages, and contact or social links.
Dynamic QR redirect URLs are public by design because printed and shared QR codes need to resolve without sign-in, but destination editing and scan analytics are owner-controlled.
You can manage certain privacy settings in GitCard settings, including profile visibility, email visibility, resume visibility, GitHub metrics visibility, GitLab metrics visibility, and recruiter view preferences. Turning a setting off may hide information from future public views, but cached, indexed, exported, shared, printed, or third-party-copied content may persist outside GitCard's control.
4. AI Resume Features
If you use AI resume features, GitCard may process imported resume files, extracted resume text, resume drafts, prompts, model outputs, usage metadata, and estimated provider costs. AI features are available only when the required account entitlement and monthly AI credit checks pass.
GitCard may send relevant resume text, prompts, and context to configured AI providers such as OpenAI or Groq to provide extraction, analysis, scoring support, and section-improvement suggestions. Do not submit sensitive information to AI tools unless you want it processed for that feature.
5. Cookies and Similar Technologies
GitCard uses cookies, local storage, and similar technologies for authentication, session management, security, theme preferences, navigation, and application functionality. We may also use hosting, monitoring, or analytics tools if enabled to understand reliability and usage.
Your browser may let you block or delete cookies, but some GitCard features may not work correctly without session and security cookies.
6. How We Share Information
- Supabase provides authentication, database, storage, and session infrastructure.
- Stripe processes checkout, subscriptions, payment methods, invoices, billing portal sessions, payment events, and fraud-prevention signals.
- GitHub and GitLab provide OAuth login, source profile data, repository or project metadata, provider tokens for user-requested actions, and public developer data used in search and analysis.
- Gelato receives information needed to quote, produce, and ship physical card orders, including print files and shipping details.
- Resend sends transactional emails, notifications, message alerts, and analysis completion notices.
- OpenAI and Groq may process AI prompts, resume text, model inputs, model outputs, and usage metadata for AI resume features.
- Hosting, monitoring, logging, and analytics providers, if enabled, may process technical logs, device information, performance data, and usage events.
- Legal, safety, and compliance recipients may receive information when needed to comply with law, respond to lawful requests, enforce our terms, prevent fraud or abuse, protect rights and safety, or complete a business transfer.
7. Payments and Billing
GitCard does not intend to store full payment card numbers. Payment methods, card details, invoices, and hosted billing management are handled by Stripe. GitCard stores payment and subscription metadata needed to identify your Stripe customer record, subscription status, plan entitlement, current period dates, cancellation status, and payment or checkout events.
If you buy printed cards, GitCard stores order and fulfillment metadata needed to validate payment, submit production orders, support customer service, and maintain required business records.
8. Data Retention
We retain information for as long as needed to provide GitCard, maintain accounts, support public profile and resume features, complete orders, maintain subscriptions, comply with legal and tax obligations, resolve disputes, enforce agreements, prevent abuse, and operate backups and security systems.
You may delete certain content or request account deletion, but some records may be retained where required for payment, order, security, legal, accounting, fraud-prevention, backup, or compliance purposes. Public content shared outside GitCard may not be removable by GitCard.
9. Security
GitCard uses technical and organizational safeguards intended to protect information, including access controls, server-side secrets, private storage for certain uploads, owner-scoped data access, webhook verification, and secure payment processing through Stripe.
No online service can guarantee perfect security. You are responsible for using strong passwords, protecting your login credentials, and keeping connected provider accounts secure.
10. Your Privacy Rights, Including California Rights
Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, objection, or information about certain disclosures. You may also have the right to opt out of certain processing if applicable law requires it.
California residents may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, if those laws apply to Gitcard. These rights may include the right to know what personal information is collected, used, disclosed, sold, or shared; the right to access or receive a copy of personal information; the right to delete personal information; the right to correct inaccurate personal information; the right to opt out of sale or sharing; the right to limit certain uses of sensitive personal information; and the right not to be discriminated against for exercising privacy rights.
Gitcard does not sell personal information for money. If we later engage in activity that is considered a sale or sharing of personal information under California law, we will provide any required notice and opt-out mechanism.
You may make a privacy request, or designate an authorized agent to make a California privacy request where permitted by law, by contacting [privacy email]. We may need to verify your identity and account ownership before fulfilling a request. Some requests may be limited by legal, security, payment, anti-fraud, public-interest, or technical reasons.
11. Children
GitCard is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to GitCard, contact [privacy email].
12. International Use
GitCard is operated for a US-first audience. If you use GitCard from outside the United States, your information may be processed in the United States and other countries where GitCard or its service providers operate. Those countries may have data-protection laws different from those in your location.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new last-updated date. If changes are material, we will provide notice as required by law or through the service.
14. Contact
Privacy requests and questions may be sent to [privacy email]. General support questions may be sent to [support email].