Privacy Policy

Last updated: March 8, 2026

EasyPassy ("we", "us", "our") operates the website at easypassy.app and the EasyPassy digital business card service (the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

When you create a digital business card, we collect the information you enter, including:

  • First and last name
  • Email address
  • Phone number
  • Company name and job title
  • Social media profile links (LinkedIn, GitHub, Instagram, Twitter, Facebook, TikTok, website)
  • Contact photo and company logo images

1.2 Information from Third-Party Services

When you sign in with Google, we receive your Google profile information including your name, email address, and profile photo. This data is used to pre-fill your business card and authenticate your account.

1.3 Automatically Collected Information

We automatically collect certain information when you access our Service, including:

  • Device and browser type
  • IP address
  • Pages visited and features used
  • Date and time of access
  • Referring website or source

2. How We Use Your Information

We use the information we collect to:

  • Generate and deliver your digital business card for Apple Wallet
  • Create and manage your vCard (VCF) contact file for QR code sharing
  • Manage your account and authenticate your identity
  • Process payments and manage your subscription status
  • Send transactional emails (welcome emails, pass expiry reminders, payment confirmations)
  • Provide customer support
  • Improve and optimize our Service
  • Detect and prevent fraud or abuse

3. Third-Party Services

We use the following third-party services to operate our Service. Each has its own privacy policy governing the use of your information:

  • Google Firebase — Authentication (Google Sign-In), cloud database (Firestore), file storage (Cloud Storage), and web hosting. Your account data and business card information are stored in Firebase.
  • Stripe — Payment processing. When you make a purchase, your payment information is collected and processed directly by Stripe. We never receive, store, or have access to your full credit card number or payment details.
  • Resend — Transactional email delivery. We share your email address with Resend solely to deliver service-related emails (welcome messages, expiry reminders, payment receipts).
  • Google reCAPTCHA Enterprise — Fraud prevention and bot detection. reCAPTCHA may collect hardware and software information, such as device and application data, and send it to Google for analysis.
  • Google Analytics — Usage analytics to understand how our Service is used and to improve the user experience. This may involve cookies and tracking technologies.

4. How We Disclose Your Information

We do not sell, rent, or trade your personal information. We may disclose your information in the following circumstances:

  • Service providers: To the third-party services listed above, solely to provide and operate the Service.
  • QR code scanning: When someone scans your business card QR code, they receive your vCard file containing the contact information you chose to include on your card. This is the intended functionality of the Service.
  • Legal requirements: If required by law, regulation, legal process, or government request.
  • Safety and rights: To protect the safety, rights, or property of EasyPassy, our users, or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Storage and Security

Your data is stored on Google Firebase infrastructure, which provides encryption at rest and in transit. We implement industry-standard security measures including:

  • HTTPS/TLS encryption for all data in transit
  • Firebase Security Rules to restrict data access to authorized users
  • Secure authentication via Google Sign-In (OAuth 2.0)
  • Firebase App Check with reCAPTCHA Enterprise to prevent unauthorized API access
  • Content Security Policy (CSP) headers to prevent cross-site scripting attacks
  • Sensitive credentials stored in Google Cloud Secret Manager

While we take reasonable measures to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your account data and business card information for as long as your account is active or as needed to provide you the Service. If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal or legitimate business purposes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data and account.
  • Data portability: Request your data in a structured, commonly used format.
  • Opt-out: Unsubscribe from marketing communications at any time.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@easypassy.app.

8. Cookies and Tracking Technologies

We use the following cookies and tracking technologies:

  • Firebase Authentication: Session cookies to maintain your signed-in state.
  • Google Analytics: Cookies to collect anonymized usage data.
  • reCAPTCHA Enterprise: Tokens to verify legitimate traffic and prevent abuse.
  • Stripe: Cookies used during the checkout process for fraud prevention.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

9. Children's Privacy

Our Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child under 13, please contact us at support@easypassy.app.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States and European Union, where our third-party service providers (Google, Stripe, Resend) operate their infrastructure. These transfers are necessary to provide the Service and are conducted in accordance with applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by sending an email to the address associated with your account. Your continued use of the Service after such notification constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

support@easypassy.app