Privacy Policy

Last Updated: 01.10.2025

Your privacy is important to us. This Privacy Policy explains how Craftycards ("we," "us," or "our") collects, uses, and protects your personal information when you use our website and services. We are based in Austria and comply with the EU General Data Protection Regulation (GDPR), which provides a high standard of data protection for all our users.

1. Data Controller

The data controller responsible for your personal information is Craftycards, owned by Patrick Wild.

Our full legal details and contact information are provided in our Imprint, which serves as the central point of contact for all legal and data protection inquiries. You can reach us at the email address listed there.

2. Information We Collect and Why

We only collect information that is necessary to provide and improve our Service. Here’s what we collect and the legal basis for it:

A. Information You Provide Directly

  • User Content: The names, dates, or other text you enter to create your place cards.
    • Purpose: To generate your Digital Product. We do not use this data for any other purpose.
    • Legal Basis: Performance of a contract.
  • Account and Purchase Data: Your email address and confirmation of payment.
    • Purpose: To create and manage your account, deliver your order, and for essential communications.
    • Legal Basis: Performance of a contract.
  • Communications: Any information you send us when you contact customer support.
    • Purpose: To respond to your inquiries and assist you.
    • Legal Basis: Legitimate interest.

B. Information Collected Automatically

  • Technical and Usage Data: Your IP address, browser type, device information, and pages visited.
    • Purpose: To secure our Service, analyze performance, and improve user experience. This data is often aggregated or anonymized.
    • Legal Basis: Legitimate interest.

3. Data Sharing and Third Parties

We do not sell your personal data. We only share it with trusted partners who help us operate our Service:

  • Payments via Paddle (Merchant of Record): We use Paddle.com as our online reseller and Merchant of Record. When you make a purchase, certain personal data (e.g., name, email, billing address, payment method details, device/IP for fraud prevention) is shared with Paddle to process your order, calculate and collect taxes where applicable, provide receipts, and handle billing support. Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and our legitimate interests in secure payment processing and fraud prevention (Art. 6(1)(f) GDPR). Paddle acts as an independent data controller for this transaction data. We do not see or store your full payment card details. For more information, see Paddle’s privacy notice at paddle.com/legal/privacy and support at paddle.com/support.
  • Infrastructure Providers (e.g., Hosting, Cloud Services): To host our website and store data securely.
  • Analytics Tools: We may use privacy-focused analytics tools to understand how our site is used.

4. Data Retention

We keep your personal data only for as long as necessary. Account information is retained as long as your account is active. Data related to financial transactions is kept for the period required by Austrian law (e.g., for tax purposes). User Content (the names on the cards) is processed to create your file and not used for any other purpose.

5. Your Data Protection Rights

A. Your Rights Under GDPR (For All Users)

You have the right to access, rectify, or erase your personal data, restrict or object to processing, and request data portability. To exercise these rights, please contact us at the email address above.

B. Your Rights Under U.S. Privacy Laws

While we are an Austrian company, we extend privacy rights to our U.S. customers. Depending on your state of residence (e.g., California), you may have rights such as the right to know what personal information is collected and the right to request deletion. We do not "sell" or "share" your personal information as defined by laws like the CCPA/CPRA. You can exercise your rights by contacting us.

If you have unresolved concerns, you have the right to lodge a complaint with a data protection authority, such as the Austrian Data Protection Authority (Datenschutzbehörde).

6. Data Security

We implement strong technical and organizational measures to protect your data, including HTTPS encryption and secure server infrastructure. However, no method of transmission over the Internet is 100% secure.

7. International Data Transfers

Your data may be processed on servers located outside of your country of residence. As an EU-based company, we ensure that all data transfers comply with GDPR requirements, for instance, by using Standard Contractual Clauses to safeguard your information.

8. Cookies

We use essential cookies required for the website's functionality (e.g., to keep you logged in). For any non-essential cookies (like analytics), we will ask for your consent. You can manage cookies through your browser settings.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the "Last Updated" date. For significant changes, we will provide a more prominent notice.