Privacy Policy

Last updated: 1 May 2025

1. Introduction

This Privacy Policy explains how gocrd, operated by S Raja Murugan ("we", "us", "our"), collects, uses, and protects your personal information when you use our Service at gocrd.com. We are committed to protecting your privacy and handling your data responsibly.

2. Information We Collect

Information you provide:

  • Name and email address (on registration)
  • Financial transaction data you enter
  • Health records and medical information you enter
  • Reminders, projects, and other personal data you add
  • Family member profile information

Information collected automatically:

  • IP address and browser information (for security logging)
  • Usage patterns and feature access (for improving the Service)
  • Error logs (for debugging)

3. How We Use Your Information

  • To provide and operate the Service
  • To send transactional emails (verification, reminders, alerts)
  • To process subscription payments through Razorpay
  • To debug errors and improve the Service
  • To comply with legal obligations
  • To prevent fraud and ensure security

We do not sell, rent, or share your personal information with third parties for marketing purposes. Ever.

4. Vault Data and Encryption

Vault data (bank details, credit cards, sensitive documents) is encrypted using AES-256 in your browser before being transmitted to our servers. We do not have access to your vault data in plaintext. Your master PIN is your encryption key and is never stored by us.

This means we cannot recover your vault data if you forget your PIN. Please store your recovery information safely.

5. Data Storage and Security

Your data is stored on Supabase infrastructure (PostgreSQL database) hosted in Singapore. We implement Row Level Security (RLS) at the database level, ensuring that no user can access another user's data even in the event of an application error.

All connections to gocrd use HTTPS/TLS encryption. Backups are performed daily and retained for 7 days.

6. Third-Party Services

We use the following third-party services:

  • Supabase — Database, authentication, and file storage
  • Vercel — Website hosting and deployment
  • Razorpay — Payment processing (we never store your card details)
  • Resend — Transactional email delivery
  • Google Gemini API — AI document parsing (only when you explicitly use this feature)

7. Your Rights

You have the right to:

  • Access all data we hold about you
  • Export your data at any time (Export My Data feature)
  • Correct inaccurate data
  • Delete your account and all associated data
  • Withdraw consent for optional data processing

To exercise these rights, email us at hello@gocrd.com. We will respond within 7 business days.

8. Data Retention

We retain your data as long as your account is active. When you delete your account, your data is soft-deleted immediately and permanently purged within 30 days. Backup data is purged within 37 days.

9. Cookies

gocrd uses only essential cookies required for authentication (session tokens). We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

10. Children's Privacy

gocrd is not intended for children under 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us and we will delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email. Your continued use of the Service after changes constitutes acceptance of the updated Policy.

12. Contact Us

S Raja Murugan

33A/4, Henry Street, Nesamony Nagar

Nagercoil, Tamil Nadu — 629001, India

Email: hello@gocrd.com

Phone: +91 73068 12819

Terms of ServiceAboutHome