Privacy Policy

handshake.cards is a personal-data-light digital business card service. The website is operated as a sole-proprietorship project by John Tarantino, reachable at support@handshake.cards.

We only collect what’s required to run your card and the features you opt into. Specifically:

• Account email — when you sign up, so we can authenticate you on return visits.
• Card content — name, title, organization, phone number, email, social handles, location, tagline, custom links, and the profile photo you upload. You enter this; we display it on your public card page.
• Card view counts — an aggregate counter of how many times your public card has been viewed. We don’t record who viewed it.
• Connections you capture — if you turn on “lead capture”, the name / email / phone / note someone submits via your card lands in your Connections list. We store it only for you.
• Scanned business cards (premium) — the photo you take of a paper business card, plus the extracted fields. The photo is processed by our AI vendor (see below) then discarded; the extracted fields are stored as a Connection.

We do not collect device identifiers, run cross-site tracking pixels, sell to ad networks, or use IDFA. The iOS app does not include any third-party analytics SDKs.

Card content, account email, view counts, and Connections are stored in Supabase (Postgres + Storage), hosted on AWS in the United States. Profile photos and scanned-card images sit in Supabase Storage buckets.

The website and APIs run on Vercel (US regions). Authentication emails are sent via Resend. Stripe processes premium subscription payments — we never see your card number.

Your public card content is, by definition, public — anyone with your card’s URL can see it. Beyond that, we share data only with the processors required to make the product run:

• Supabase — database + file storage host
• Vercel — application + API host
• Resend — transactional email (auth + account)
• Anthropic — AI processing for the business card OCR (premium scan) and AI follow-up drafts. We send only the data needed for each request; Anthropic’s zero-retention policy applies.
• Stripe — premium subscription billing
• Apple / Google — when you save your card to Apple Wallet or Google Wallet, your public card content is delivered to the wallet vendor for inclusion in the pass. We don’t transmit anything you wouldn’t already share on a paper business card.

We do not sell user data. We do not share data with advertisers. We do not have an ad network.

We use a small number of strictly-necessary cookies for authentication (Supabase) and Stripe checkout. No tracking cookies, no analytics cookies, no ad cookies. Sign out of your account to remove the auth cookie.

You can:

• See your data — your entire card is editable at /admin once you sign in.
• Edit or delete — change anything you’ve entered, or remove your card entirely (Admin → Settings → Delete card).
• Request account deletion — email support@handshake.cards and your auth account, card, Connections, and uploaded images will be removed within seven days.
• Export — email us and we’ll send you a JSON dump of everything we have on you.

Residents of the EU, UK, and California have additional rights under GDPR, UK GDPR, and CCPA respectively (right to access, rectify, restrict, object, port, and erase). We honor all of them — same email contact above.

handshake.cards is not intended for children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has signed up, email us and we’ll delete the account.

Data in transit is encrypted via TLS 1.2+. Data at rest is encrypted by our processors (Supabase, Vercel, Resend). Authentication uses email magic-link or password (your choice), with passwords hashed by Supabase Auth. We don’t store passwords in plaintext.

If we materially change what we collect or who we share with, we’ll update the effective date at the top of this page and email registered users beforehand. Continued use after the update means you accept the new terms; if you don’t, delete your card.

Questions, deletion requests, or anything else: support@handshake.cards.