Updated 07/14/2023
BADCAFE LLC (“CardScan.ai”, “we”, “us”) are committed to protecting your privacy.
You and your data are not our product. Our business is helping you and your business, not your data. We do not sell your data.
We may use your data for quality improvement ("QI") and quality assessment ("QA") as defined by HIPAA. We may use your data to improve the machine learning algorithms ("IML") used by CardScan.ai’s products.
If you do not wish your data to be used for QI, QA or IML, we recommend you use the on-device or on-premise version of our product. This will ensure that no PHI is ever transmitted to us.
All of the above applies to your end user’s data.
This CardScan.ai Privacy Policy (“Privacy Policy”) has been created in order to demonstrate and inform you of our firm commitment to privacy and to outline how we deal with and use any personal data you provide (or we collect) while visiting an CardScan.ai website (the “Site”) or when using any CardScan.ai products, services or offerings (the “Services”). If you do not agree with any portion of this Privacy Policy, you should not use the Site or the Services. This Privacy Policy is only applicable to CardScan.ai’s Site and Services, and not to any other third-party websites or services that you may be able to access from the Site or Services, each of which may have data collection and use practices and policies that differ materially from this Privacy Policy.
This Privacy Notice is incorporated into CardScan.ai’s Website Terms of Service available here, which also applies when you use our Site. By using the Site, you agree to the terms in this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, you are not authorized to provide us with your or any other person’s personal information or otherwise interact or use the Site.
Unless otherwise defined herein, the Capitalized words in this Privacy Policy shall have the meaning provided in the Terms of Service.
Registration. When registering to use the Services, you will be required to provide personal information, such as your (1) contact information (e.g., your name, company name, email address and phone number), and (2) financial and payment information. If you do not provide the requested personal information, you may not be able to access or use the features of the Site.
Purchases. When paying for Services, you may be required to provide information related to your financial qualifications and billing information, including your billing name, address and credit card number.
Protected Health Information. When using the Services, you may send or receive or otherwise handle Protected Health Information (“PHI”). Any information that we collect that constitutes PHI as defined by HIPAA, is subject to HIPAA and HITECH, and shall be governed by CardScan.ai’s Business Associate Agreement (“BAA”), and incorporated in its entirety by this reference.
Website Use. We collect information about how you use the Services, including our websites and the use of our Services that may be hosted on our customers websites. We may collect such information by using commonly-used information-gathering tools, third party services, and cookies or similar technologies, and our servers may collect additional information when you are logged into the Site or using the Services. Such information may be anonymous or it may be associated with you or your company. We may also collect information that your browser or device typically sends to our servers when you use our website. For example, your browser may provide your IP address, which may tell us generally where you are located, your MAC address, and the type of browser and device you are using, or other information such as the actions you take on the Site, or the page that led you to our website. More information about the use of cookies and similar technologies is provided below.
All the information described in Section 1 (Information Collection) we collect, including, without limitation, the above information and all other data and information we collect or which is collected on our behalf from you or your users, will collectively be referred to as “User Data”.
User Data is used to provide the Services, and to provide account access, service notifications, and for other purposes related to use of the Services and related offerings, and otherwise administering and operating the Site and our Services. For purchases, we review the financial qualifications of organizations and use your and your company’s data to collect and make payments related to the Services. We may also use User Data for marketing purposes, to operate and improve our Services, and to create new offerings. Information about your website use may be used to provide personalized information about available Services and other offerings from CardScan.ai and our partners.
CardScan.ai uses cookies to make interactions within the Site easier and they allow us to provide more meaningful communications. When you visit the Site, CardScan.ai’s servers send a cookie to your computer. CardScan.ai uses cookies that are session-based and persistent-based. Session based cookies exist only during one session and disappear from your computer when you close your browser software or turn off your computer. Session cookies are required to use the Services and allow CardScan.ai to identify you when you are logged into the Services or accessing the Services and to process your online transactions and requests. Persistent cookies remain on your computer after you close your browser or turn off your computer. Persistent cookies are secured using standard encryption and are used to identify browsers that have previously visited the Site. When you purchase Services or provide us with personal information, a unique identifier is assigned to you. This unique identifier is associated with a persistent cookie that CardScan.ai places on your Web browser. CardScan.ai is sensitive about the security and confidentiality of the information stored in persistent cookies. If you disable your web browser’s ability to accept cookies, you may be able to navigate the CardScan.ai Site, but you will not be able to use some or all of the Services. We may use information from cookies in combination with User Data to provide you with information about CardScan.ai and offerings from CardScan.ai and our partners.
We use web beacons alone or in conjunction with cookies to compile information about your usage of the Site and interaction with Services and emails from CardScan.ai. Web beacons are electronic transmissions that can recognize certain types of information on your computer, such as cookies, or when you viewed a particular web page. We use the information from web beacons to operate and improve the Site, Services, and our email communications, and to provide you with information about CardScan.ai and our Services and our partner’s services. We collect Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, CardScan.ai uses IP addresses to monitor the geographic regions from which users navigate the Site.
We may engage third parties to track and analyze usage and statistical information from users who visit the Site. CardScan.ai may also use other third-party cookies to track the performance of advertisements. The information provided to third parties does not include personal information, but this information may be re-associated with personal information after CardScan.ai receives it. CardScan.ai may also contract with third-party advertising networks that collect IP addresses and other website navigational information on the Site and within emails and on third-party websites. Ad networks follow your online activities over time by collecting website navigational information through automated means, including through the use of cookies. They use this information to provide advertisements about products and services tailored to your interests. You may see these advertisements on other websites. This process also helps us manage and track the effectiveness of our marketing efforts.
Service Providers. CardScan.ai works with other companies that help us run our business. Such companies, including service providers, provide services such as delivering customer support, processing credit card payments, and sending emails on our behalf. Some service providers will have access to your personal information in order to provide services to us, or to you on our behalf, but we do not permit them to use your information for their own purposes outside that service. In addition, we may partner with other companies to jointly offer products or services. If you purchase or express interest in such a jointly offered product or service, we may share User Data collected in connection with your purchase or expression of interest with those partners. We do not control our business partners’ use of User Data, and their use of such information will be in accordance with their own policies. If you do not wish for your information to be shared in this manner, you should not purchase or inquire about such jointly offered products or services. Service providers who manage credit card processing will store, retain, and use billing information for the purpose of credit card processing on our behalf. Additionally, we use a third party service provider for our web-based data storage services, including Amazon Web Services, Inc. (“AWS”), or similar services. Therefore, you must also agree to the terms of the AWS privacy and customer agreement available at AWS Customer Agreement and AWS Service Terms, or terms and conditions from other third-party providers, each of which may be updated from time to time. CardScan.ai may also use third-party services that log your actions on our website or on our business partners’ or customers’ websites, which may be used to improve the user experience with regards to our Services, including but not limited to services provided by LogRocket. For more information about the types of information LogRocket collects and how your information may be used with regards to CardScan.ai’s use of such services, please see LogRocket’s privacy policy here. If you don’t wish to let third-party services collect this information for CardScan.ai please notify CardScan.ai using the contact information provided below.
Required by Law. CardScan.ai may use or disclose User Data if required by law or if CardScan.ai believes that use or disclosure is necessary to protect or defend the rights or property of CardScan.ai the Site, or the users of the Site, or to comply with a judicial proceeding, court order, or other legal process.
No other Uses. Except as provided for in this Privacy Policy, we do not share, sell, rent, or trade any information provided with third parties for promotional purposes.
We hold your data in our possession with the same degree of care that a reasonable and careful company would exercise with similar data of its own. We implement reasonable security and administrative precautions to ensure a commercially reasonable level of system availability and data protection and recovery. You are solely responsible for determining which of your files should be backed up and for backing up your data or your customers’ or users’ data. You must determine your own data backup and retention requirements based on your own needs and any applicable laws and regulations. You acknowledge that no backup solution is completely failsafe, and you will be solely responsible for implementing any other backup or redundant systems you deem appropriate or necessary given your circumstances, and we will not be liable for any loss of your, your users’, or any other third-party’s data. Upon termination of our services to you we are not responsible for maintaining any data, and may delete your files without notice.
The Site and Services are hosted in the United States but User Data may be accessible by us, or on our behalf, from outside the United States. The Site and Services are not intended to be used by users outside the United States. If you use the Site or Services from any other region, you acknowledge that if you transfer your personal data to us, it will be transferred or accessible in the United States and such data transfer will be subject to the applicable laws and venue terms in accordance with CardScan.ai’s Website Terms of Service. By providing your personal data you hereby consent to: the use of your personal data for the uses identified above in accordance with the Privacy Policy; and the transfer of your personal data to the United States.
In order to accommodate changes in our business or corporate structure, we may sell all or portions of our company or certain assets, or acquire other companies or assets, including through reorganizations, mergers, or acquisitions, that may involve information collected through this Site, including User Data. In such a case you hereby authorize the transfer of User Data pursuant to such an occurrence.
The Site and Services are authorized for use only for adults 18 years of age or older, and are intended for general audiences. The Site and Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information without parental consent, please contact us. If we become aware that a child under 13 has provided us with personal information without parental consent, we take steps to remove such information and terminate the child's account.
Location Data. While using an CardScan.ai Application (“App”) or the CardScan.ai Software Development Kit (SDK) in your own application on your smart phone or other device, location data may be collected through your phone or applicable device. In such a case we may use that information to provide the services available through the App or SDK, and to improve the App or SDK, and its available features. Depending on your device you may or may not have the option of turning off location data through your device settings. To provide the App and SDK CardScan.ai may utilize third-party infrastructure service providers (“Infrastructure Providers”) or partner with third party vendors to provide you with features, products, or services (“Third Party Partners”). Infrastructure Providers and Third Party Partners may use Cookies and other technology to collect information regarding your interaction with CardScan.ai, your use of the App, your use of the SDK, your use of Third-Party Partner and Infrastructure Provider websites or services, and your location. We may transfer information to Infrastructure Providers who support our business, such as those providing technical infrastructure services, analyzing how our products and services are used, measuring the effectiveness of ads and services, providing customer service, and to facilitate payments. We may also transfer information to Third Party Partners who offer you additional services or features through an App or SDK. When using Apps you may be able to disable cookies, to configure your settings to notify you when you receive a cookie, or to opt not to accept cookies, or you may be able to choose an option not to allow your location to be shared through the App or SDK. If you choose to disable cookies or location services, certain functionality of a website, App, or SDK, may not be available to you. Please ensure you understand how your device works and to configure your settings as you desire.
Data, SDK and App Use. If you use an App or SDK, you agree that we, our Infrastructure Providers, or our Third Party Partners may collect the following information as a result of your use of an App: technical data and related information, including but not limited to technical information about your device, system and application software and peripherals. When using an App or SDK, you may be asked to provide certain personal information, including your name, email address, date of birth, phone number, and credit card or insurance information. Additional data may be requested and your submission of such data is your authorization for the use of that data by CardScan.ai, Infrastructure Providers, and Third Party Partners. Should you want to transmit or access data regarding a dependent, you must have legal authority to receive this information. You agree that the information you provide is true, complete, current, and accurate and that you will maintain and update this personal information as necessary. If you choose not to provide certain information, you may not be able to use an App or SDK, or the functionality available to you may be limited.
Notifications and Alerts. When using an App or SDK, you may receive notifications, alerts, emails, and other electronic communications from CardScan.ai or sent on CardScan.ai’s behalf or by a Third Party Partner or Infrastructure Provider. We may need to provide you with certain communications, such as service announcements or administrative messages. You agree to the receipt of these communications. Any notices, agreements, disclosures or other communications that we send to you electronically will satisfy any legal notification requirements, including that the communication be in writing. CardScan.ai, or a Third Party Partner or an Infrastructure Provider, may send you communications to inform you about products, services, or new features that you may be interested in. You may opt out of receiving such communications through either going to your account settings and adjusting your communication preferences or by following directions to opt out or unsubscribe contained in the communication.
When you are signed in to the App, or SDK, you may additionally receive a message asking if you would like to allow push notifications. Push notifications are a way for an application to deliver information, including alerts, sounds, and icon badges, to your mobile device. Push notifications can be delivered whether or not you are currently signed in and/or using the application and whether or not your device is in locked and/or in sleep mode. If you do not wish for others to view your notifications, including but not limited to push notifications, you should adjust the privacy settings on your device to disable such notifications. If you do not wish to receive push notifications from us, click "Don't Allow" or a similar button, when prompted. If you allow push notifications from us but later decide you no longer want to receive them, you can adjust your settings options, or turn them off through your device notifications settings.
We support the right of visitors to choose. You have the right to opt-out of receiving any promotional materials about CardScan.ai or its partners whenever you are asked to provide personal information on this Site. If you do not opt-out at that time, but later decide that you do not wish to receive future communications of this nature, you can contact us at legal@cardscan.ai or at the address provided below, with a request that you no longer want to receive information relating to this Site. If you receive Services or use the Site you agree to receive correspondence, including emails, related to those Services or use of the Site related to your use of or CardScan.ai’s administration of the Site or applicable Services.
The following sections supplement our Privacy Policy with respect to our individual clients who have California or Nevada addresses, and supersedes anything to the contrary in the above Privacy Policy with respect to those clients only.
Special notice to residents of California
In accordance with California law, we will not share information we collect about California residents with nonaffiliated third parties except as permitted by law, such as with the consent of the customer, to service the customer's accounts, or to fulfill on rewards or benefits. We will also limit the sharing of information about you with our affiliates to the extent required by applicable California law.
Do Not Track Policy We do not engage in the collection of personal information about your online activities over time and across third-party Websites or online services and do not allow third parties to collect personal information about your online activities over time and across third-party web sites when you use our online services. We do not respond to Web browser “do not track signals.”
For Nevada residents only
We are providing you this notice pursuant to state law. You may be placed on our internal Do Not Call List by following the directions set forth above. Nevada law requires that we also provide you with the following contact information:
Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Phone number: 702-486-3132; e-mail: BCPINFO@ag.state.nv.us
This Site may provide links to other websites. When you click on one of these links, you will be transferred out of our Site and connected to the website of the organization or company that you selected. If you choose to visit other websites, you do so at your own risk, and we shall not be responsible for the privacy practices or content of those other websites, or for the services provided through such websites. It is your responsibility to review the privacy and other policies at those websites to confirm that you understand and agree with their policies.
CardScan.ai use various safeguards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet or via mobile device, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially reasonable measures to protect your personal information, we cannot guarantee its absolute security.
CardScan.ai is committed to ensuring that individuals have the right to access the personal information we hold about them. If you wish to access, update, or correct your personal information maintained by us, you may contact us at privacy@cardscan.ai. Upon receiving such a request, we will take appropriate steps to provide you with the requested information, update our records, or correct any inaccuracies. In certain situations, and as permitted by law, we may decline to provide access to some or all of the personal information we hold, but will provide reasons for doing so.
CardScan.ai endeavors to ensure that the personal information we retain about you is accurate, complete, and up-to-date. However, the accuracy of this information largely depends on the details you provide. We've provided a dashboard where you can review and update your personal information as needed. We encourage you to regularly check and correct any discrepancies in your personal data through this dashboard. By ensuring your data is accurate and current, you help us provide you with the best service possible.
We are committed to ensuring the security and privacy of your data. To this end, we conduct quarterly privacy review meetings to assess, refine, and improve our privacy practices continually. These reviews help us identify any areas of concern or enhancement and take corrective actions promptly. If there are discrepancies or breaches, we take immediate measures to address them. For any concerns or complaints about our privacy practices, please contact us at legal@cardscan.ai. We are dedicated to resolving any issues diligently and in a timely manner.
We reserve the right to change, update or modify this Privacy Policy. Any such change, update, or modification will be effective immediately upon posting on the Site. It is your responsibility to review this Privacy Policy from time to time to ensure that you continue to agree with all of its terms. Please check our website for the most up to date Privacy Policy. Your continued use of our Services (including our Site) after our Privacy Policy has changed shall indicate your acceptance of any updated terms.
Questions regarding this Privacy Policy, your account, or the information practices of CardScan.ai should be directed to privacy@cardscan.ai.