Card/PagerLog in →

Privacy & Terms · Last updated May 30, 2026 · Subject to legal review prior to launch

The
fine print.

01 — Privacy

Privacy Policy

This policy explains what Cardpager collects, how we use it, and the rights you have. We process personal data in line with the General Data Protection Regulation (GDPR).

Data controller

Cardpager is operated by FEAD Mühendislik Ltd. Şti., a company registered in Türkiye. Cardpager is the data controller for the personal data described here. Privacy and data protection inquiries: [email protected].

What we collect

  • Account: email address, username, display name, and the photo, location, and public email you choose to add. Theme and color choices.
  • Content: the social links and blocks you add to your card.
  • Messages:the text of messages sent to you through the pager, plus the sender's IP address and a non-identifying device fingerprint, used to rate-limit and block abuse.
  • Network: the contact relationships your inbox creates and the requests you accept or ignore.
  • Stats: page views, link clicks, and pager interactions for your own dashboard.
  • Account history: a record of past usernames and email-change events for accountability.

How we use it

  • To provide your card, inbox, and dashboard.
  • To deliver messages and build your contact list.
  • To enforce rate limits and stop abuse.
  • To show you stats about your card's performance.
  • To send transactional emails you need to receive (sign-up confirmation, password reset, account changes).

Legal basis

We process most data under GDPR Article 6(1)(b) — performance of the contract you enter into when you create an account. IP and fingerprint logging for abuse prevention is processed under Article 6(1)(f) — legitimate interest in keeping the service safe.

Where data is processed

Personal data is processed within the European Economic Area (EEA). We rely on third-party providers for hosting infrastructure, database, image storage, email delivery, bot protection, and payment processing. Data is shared with these providers only as necessary to operate the service. A current list of providers is available on request.

Data retention

  • Messages: 7 days (free) or 30 days (Pro), then automatically deleted.
  • Stats: 90 days, then aggregated and the detailed records deleted.
  • Account data: kept while your account is active.
  • Deactivated account: your card is hidden but data is preserved until you log back in or request deletion.
  • Deleted account: Free accounts are purged 7 days after the deletion request. Pro accounts are purged at the end of the current paid subscription, unless you choose to forfeit the remaining time.

Your rights

Under GDPR you can access, correct, or delete your data; restrict or object to processing; and request a portable copy. Most of these are self-service from Settings: change email, change password, change username, deactivate, or permanently delete your account. For anything else, write to [email protected].

You also have the right to lodge a complaint with a data protection supervisory authority in the EU member state where you live, work, or where the alleged infringement occurred. A list of EU supervisory authorities is available at edpb.europa.eu.

Reporting illegal content

Under the EU Digital Services Act (Article 16), anyone may report a card or message used for illegal activity — including impersonation, harassment, fraud, CSAM, or spam. Email [email protected] with the username and a short description. We review every report and act under applicable law and our Acceptable Use rules below.

Law enforcement requests

We respond to valid legal requests from competent authorities. Disclosure is limited to the minimum data described in the request and required by law. Where lawful, we notify the affected user before disclosure.

Data breach

In the event of a breach affecting your rights and freedoms, we will notify the relevant supervisory authority within 72 hours, as required by GDPR Article 33.

Age

Cardpager is not intended for users under 16. By creating an account, you confirm you meet this minimum age.

Cookies

We use only essential cookies needed for sign-in and the bot protection challenge. We do not use cookies for advertising or cross-site tracking.

02 — Terms

Terms of Service

By creating an account or using Cardpager, you agree to these terms. If you do not agree, do not use the service.

Eligibility

You must be at least 16 years old to use Cardpager. By signing up you confirm that you meet this requirement.

Your account

  • You are responsible for keeping your account secure.
  • Usernames are first come, first served. You may change your username up to two times per 30 days; old URLs stop working immediately and the freed handle becomes available to others.
  • You may not impersonate another person, brand, or organisation.
  • One active account per person. Creating multiple accounts to circumvent bans, abuse free-tier limits, or impersonate others is prohibited.

Your content

You own the content you put on your card — links, blocks, text, photo. You are responsible for making sure it does not break any law or third-party rights.

You grant Cardpager a non-exclusive, worldwide, royalty-free licence to host, store, display, and transmit your content as necessary to operate the service. This licence ends when you delete the content or your account; we may keep limited backups for the technical retention periods listed in the privacy section.

Messages (Pager)

  • Messages can be sent anonymously by default. You can switch your pager to Members-only or Closed in Settings.
  • Senders are limited to one message per IP per minute. Anonymous senders are limited to three messages per IP per day.
  • Messages are kept for 7 days (free) or 30 days (Pro), then automatically deleted.
  • You can report or delete any message you receive. Reported messages may lead to bans on the sending device.

Free and Pro

  • The free plan is free forever.
  • Pro is billed annually at $36/year. There is no monthly option.
  • Pro renews automatically at the end of each 12-month period at the then-current price for new subscribers. We notify you by email at least 14 days before each renewal.
  • EU consumers: the service starts as soon as your subscription is activated. By confirming the purchase you waive the 14-day right of withdrawal under Article 16(m) of the EU Consumer Rights Directive. The waiver is recorded with a timestamp.
  • No refunds are issued for partial subscription periods.
  • You may cancel any time from Settings. Cancellation takes effect at the end of the current paid year, after which your account reverts to free.
  • Your subscription price is locked while your subscription is active. Price increases apply only to new subscribers with at least 30 days notice.

Account lifecycle

  • Deactivate hides your card from public view. Log in again to reactivate.
  • Delete permanently removes your account and all associated data. Free accounts are deleted 7 days after the request — you can cancel during that window. Pro accounts are scheduled to delete at the end of the current paid subscription, so you can use what you paid for. You may instead choose to delete immediately and forfeit the remaining time.

Termination

We may suspend or close accounts that violate these terms or the Acceptable Use rules below. No refund is issued for terminated accounts.

Limitation of liability

Cardpager is provided "as is", without warranty of any kind. To the maximum extent permitted by law, we are not liable for indirect, incidental, or consequential damages arising from your use of the service. Mandatory consumer rights in your country of residence are not affected.

Governing law

These terms are governed by the laws of the European Union. If you are a consumer resident in the EU, the mandatory consumer protection laws of your country of residence still apply.

Changes

We may update these terms from time to time. Material changes are announced on this page and, where required, by email. Continued use after the updated date is acceptance of the new terms.

Contact

Questions: [email protected].

03 — Acceptable Use

Acceptable Use

These rules apply to every account, every card, and every message sent through the pager. Violations lead to suspension, closure, or — for serious cases — a report to law enforcement.

Prohibited use

  • CSAM — child sexual abuse material. Zero tolerance. Reported to law enforcement immediately.
  • Harassment and threats — targeted abuse, threats of violence, sustained harassment.
  • Doxxing— publishing someone's private identifying information without consent.
  • Extortion or blackmail — demanding money or conduct under threat.
  • Fraud, phishing, scams — deception intended to obtain credentials, payment, or identity information.
  • Self-harm encouragement — content that promotes suicide, self-injury, or eating disorders.
  • Intellectual property infringement — copyright, trademark, or other IP violation.
  • Spam — unsolicited bulk messaging or automated sending.
  • Identity misrepresentation — pretending to be a person, brand, or institution you do not represent.
  • Illegal activity — any use that breaks applicable law.

Self-hosted embeds

Pro users can download an HTML bundle of their Cardpager card and deploy it on their own domain (e.g. alex.com). The card is rendered in the user's browser via our public embed loader, which fetches live card data from our servers. These rules apply to embeds:

  • No impersonation — your card profile (display name, title, bio, links) may not imitate banks, payment providers, government services, or major brands. Daily automated checks flag matches.
  • No phishing or credential harvesting — via link blocks, on your card, or anywhere your embed is deployed. Link URLs are checked against public phishing databases at save time and daily.
  • Ban kills the embed — if your account is banned for abuse, the public embed API returns 404 for your handle. Any external site serving your card renders blank immediately.
  • Your hosting, your responsibility — Cardpager does not host or provision SSL/CDN for your custom domain. You choose the host (Netlify, Vercel, Cloudflare Pages, etc.) and bear responsibility for any abuse complaints they receive.

Reporting abuse

Email [email protected] with the username and a short description. Verified complainants (companies, institutions, or individuals with proof of identity) should attach supporting documentation. Every report is reviewed and recorded.

Enforcement

  • Confirmed violations result in suspension or closure without refund.
  • CSAM violations are reported to the relevant authority without exception.
  • Repeated violations from the same device may lead to permanent exclusion.
  • All enforcement actions are logged with reason for audit and transparency, in line with EU DSA Article 17.

Appeals

If your account is suspended or closed and you believe it was a mistake, you may appeal within 30 days by emailing [email protected] from the verified email on the account. Include the username and your reasoning. We respond within 14 days. Successful appeals reinstate the account; unsuccessful appeals stand.