Legal

PRIVACY POLICY

Last updated: April 15, 2026

1. Introduction

Factcard (“we”, “us”, or “our”) operates the website factcard.me. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Data Controller: Factcard, operated by Namraks Consulting, Stockholm, Sweden. For privacy-related inquiries, contact us at support@factcard.me.

2. Information We Collect

Account Information

When you create an account, we collect your email address and authentication credentials. If you sign up with Google, we receive your name, email, and profile picture from Google.

Profile Data

You voluntarily provide profile information including your name, job title, location, skills, work experience, education, images, and links. This data is used to create your AI-discoverable professional page.

Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card number, CVV, or full billing details on our servers. We only receive a confirmation of payment status.

Usage Data

We collect anonymous analytics data through Vercel Analytics, including page views, referring sources, and general usage patterns. We also track view counts on published profiles.

3. How We Use Your Information

  • To create, maintain, and display your AI-discoverable professional profile
  • To process your payment through Stripe
  • To authenticate your account and protect your data
  • To generate structured data (Schema.org JSON-LD, llms.txt) that makes your profile discoverable by AI assistants
  • To submit your profile to search engines for indexing
  • To provide you with page view analytics on your dashboard
  • To improve our service and user experience

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

Contract Performance (Art. 6(1)(b))

Account creation, payment processing, profile publishing and hosting, structured data generation, search engine submission, and AI-powered features (profile import, chat preview). Processing is necessary to deliver the service you purchased.

Legitimate Interest (Art. 6(1)(f))

Analytics and service improvement. We have a legitimate interest in understanding how our service is used to improve functionality and user experience. Analytics data is anonymous and does not override your rights.

Legal Obligation (Art. 6(1)(c))

Retaining transaction records as required by Swedish accounting and tax law.

5. Public Profile Data

Important: When you publish your profile, the information you provide (name, title, skills, experience, education, images, and links) becomes publicly accessible. This is by design — the purpose of Factcard is to make your professional information discoverable by AI assistants and search engines. Your profile data is intentionally exposed via structured data endpoints (llms.txt, JSON-LD, markdown) so AI systems can read and cite it.

6. Third-Party Services

We use the following third-party services:

Firebase (Google) Authentication and database storage

Stripe Payment processing

Vercel Hosting, analytics, and performance monitoring

OpenAI AI-powered features such as profile import and chat preview

Each of these services has their own privacy policy. We recommend reviewing them for complete information on their data practices.

7. International Data Transfers

Your personal data is transferred to and processed in the United States by our third-party service providers. We ensure these transfers comply with GDPR through the following safeguards:

EU-US Data Privacy Framework

Firebase/Google, Stripe, and Vercel are certified under the EU-US Data Privacy Framework, providing an adequate level of data protection as recognized by the European Commission.

Standard Contractual Clauses (SCCs)

For transfers to OpenAI and as a supplementary safeguard for other providers, we rely on European Commission-approved Standard Contractual Clauses.

You may request a copy of the relevant transfer mechanisms by contacting us at support@factcard.me.

8. Cookies

We use a single httpOnly session cookie (__session) to keep you logged in. This cookie is essential for the service to function and expires after 14 days. We do not use tracking cookies or sell cookie data to third parties.

9. Data Retention

Your profile data is retained for as long as your account is active. Your account information is retained as long as your account exists.

Upon request for account deletion, your profile and personal data will be deleted within 30 days. Transaction records (payment date, amount, and billing details) are retained for 7 years as required by Swedish accounting law (Bokföringslagen).

You can request deletion at any time by contacting support@factcard.me.

10. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Update or correct your profile information at any time through the builder
  • Request deletion (erasure) of your account and data — upon deletion we will also request de-indexing of your profile from search engines and AI systems
  • Receive your personal data in a structured, commonly used, machine-readable format (data portability)
  • Object to processing of your personal data based on legitimate interest
  • Request restriction of processing of your personal data
  • Withdraw consent for data processing at any time, without affecting the lawfulness of processing carried out before withdrawal

To exercise any of these rights, contact us at support@factcard.me. We will respond within 30 days.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY). Website: imy.se, Email: imy@imy.se.

11. Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS), secure httpOnly cookies, and server-side authentication verification. However, no method of electronic transmission or storage is 100% secure.

12. Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@factcard.me.

Note: As a small-scale operation, we are not required to appoint a Data Protection Officer under GDPR Article 37. For all privacy matters, please contact support@factcard.me.