The Privacy Policy for eCardWidget was last updated on April 29, 2024.
Your continued use of the Services constitutes your acceptance of the updated policies.
Here at eCardWidget, our goal is to empower you to easily build powerful solutions using the best ecard widget in the world! We do not sell or mine your data for any reason.
We collect the bare minimum of personal data necessary to create and administer accounts. The ecards you build and the entries you collect using eCardWidget are yours alone.
This Privacy Policy outlines how eCardWidget LLC ("eCardWidget", "we", "us", "our", or "eCardWidget.com"), including its sub-brands eCardRecognizer (eCardRecognizer.com) and ChurchInviter (ChurchInviter.com), collects, uses, and discloses personal information in connection with the eCardWidget platform and services. All references to eCardWidget in this document also apply to its sub-brands, eCardRecognizer and ChurchInviter, as they are part of the same legal entity and use the same software system, server, and infrastructure.
We are committed to protecting your privacy and ensuring the security of your personal information in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Information Protection and Electronic Documents Act (PIPEDA).
By using the eCardWidget platform, including its sub-brands eCardRecognizer and ChurchInviter, you agree to the terms outlined herein, including the Data Processing Agreement.
1. Global Scope and Applicability
1.1 Universal Sections
This Privacy Policy applies to all users of the eCardWidget platform, regardless of their location. The following sections outline our general practices for collecting, using, and protecting personal data.
1.2 Regional Specifications
In addition to the universal sections, this Privacy Policy includes specific clauses that address regional data protection requirements, such as:
GDPR-specific rights (e.g., data portability)
CCPA-specific disclosures
PIPEDA compliance (e.g., accuracy and individual access)
2. Roles and Responsibilities
2.1 Account Holders (Data Controllers)
Account Holders are the primary users of the eCardWidget platform and are considered data controllers. As an Account Holder, you are responsible for:
Determining the purposes and means of processing personal data collected through your use of the platform
Configuring and using the eCardWidget software in accordance with your own data processing instructions
Managing your account, creating, and customizing eCards
Obtaining consent from Directory Members and ensuring the accuracy, lawfulness, and compliance of the personal data you collect and process through the eCardWidget platform
Responding to data subject requests and ensuring compliance with applicable data protection laws
Indemnifying eCardWidget for any claims, damages, or losses arising from your misuse of the platform or failure to comply with applicable data protection laws
2.2 eCardWidget (Data Processor)
eCardWidget acts as a data processor on behalf of Account Holders. Our role is limited to providing the software platform, and we are not responsible for the actions or decisions of Account Holders in their capacity as data controllers. We process personal data in accordance with the configuration and usage of the eCardWidget platform by Account Holders and the terms of the Data Processing Agreement, which is incorporated into this Privacy Policy. Our responsibilities include:
Providing a self-service platform for Account Holders to configure and use in accordance with their data processing instructions
Implementing appropriate technical and organizational measures to ensure the security of personal data
Assisting Account Holders in fulfilling their obligations by providing necessary tools and functionalities within the platform
Notifying Account Holders of any data breaches or security incidents involving personal data processed by eCardWidget
2.3 Directory Members
Directory Members, also referred to as Employees, Team Members, or other roles depending on the Account Holder's use-case, are individuals added to an Account Holder's directory. They can be selected as recipients for eCards sent through the platform. Account Holders are responsible for obtaining consent from Directory Members and ensuring the accuracy of their personal data.
2.4 Senders
Senders are individuals who use the eCardWidget platform to send eCards. They may be Account Holders, Directory Members, or anyone with access to the eCard form. Senders provide their personal information, such as name and email address, when sending an eCard.
2.5 Recipients
Recipients are individuals who receive eCards sent through the eCardWidget platform. Their personal data, such as name and email address, is provided by the Sender. Recipients can block future eCards from an Account Holder via a link in the email they received.
3. Types of Data We Collect
3.1 Account Holder Data
We collect the following information from Account Holders: name, email address, password, organization details, IP address, billing information, and potentially other data via their own custom fields.
3.2 Directory Member Data
We collect the following information about Directory Members: names, email addresses, dates of birth, optional profile images, and any additional custom field data defined by the Account Holder.
3.3 Sender Data
We collect the following information from Senders: name, email address, IP address, optionally, billing information for paid eCards, and any additional custom field data defined by the Account Holder.
3.4 Recipient Data
We collect the following information about Recipients: names, email addresses, and any additional information provided by the Sender in the eCard.
3.5 Usage Data
We collect information about how and when Account Holders, Directory Members, and Senders use the eCardWidget platform, including IP addresses, browser types, operating systems, and actions taken within the application. This data helps us improve our services and maintain the security of the platform.
4. How We Use Your Data
We use the collected data for the following purposes:
To provide and maintain the eCardWidget platform and its functionalities for Account Holders, Directory Members, and Senders
To deliver eCards to Recipients on behalf of Senders
To process payments for paid services used by Account Holders and Senders
To communicate with Account Holders about our services, product updates, and relevant information, unless there is something urgent or required for Directory Members and Senders
To analyze and improve the performance and security of the eCardWidget platform
To comply with legal obligations and enforce our Terms of Service
Email List Opt-In
By creating an account, Account Holders agree to be added to our email list for promotional and informational purposes. We may use this email list to send Account Holders notifications about our services, product updates, and other information we believe may be relevant to them. You can unsubscribe via the link in the email or by contacting us. Please note that we do not send promotional emails to Directory Members, Senders, or Recipients.
5. Legal Bases for Processing (GDPR)
Under GDPR, we rely on the following legal bases for processing personal data:
Performance of a contract: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legitimate interests: Processing is necessary for the purposes of the legitimate interests pursued by eCardWidget or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Consent: The data subject has given consent to the processing of their personal data for one or more specific purposes.
Legal obligation: Processing is necessary for compliance with a legal obligation to which eCardWidget is subject.
6. Cookies and Tracking Technologies
eCardWidget uses various cookies and tracking technologies for Account Holders when they log into the eCard management system. These technologies include:
Cookie Name | Purpose | Expiry |
cfid | Maintains session state across page requests | Session |
cftoken | Security token used to prevent CSRF attacks | Session |
cfisloggedin | Indicates if the user is logged in to the platform | Session |
__utmb | Used by Google Analytics to determine new sessions/visits | 30 minutes |
__utmc | Set by Google Analytics to determine session status | Session |
__utmz | Stores the traffic source or campaign that explains how the user reached the site | 6 months |
__utmt | Used to throttle request rate for Google Analytics | 10 minutes |
_ga | Registers a unique ID used to generate statistical data on how the visitor uses the website | 2 years |
_ga_ID | Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit | 2 years |
utm_landingurl | Tracks landing pages | 2 days |
utm_referrer | Tracks user navigation from referral sites | 2 days |
intercom-session-ID | Used by Intercom for live chat capabilities | 1 week |
You can manage your cookie preferences through your browser settings. Please note that disabling cookies may limit the functionality of the eCardWidget management system.
7. Data Sharing and Disclosure
We may share personal data with trusted third-party Sub-Processors who assist us in operating the eCardWidget platform, conducting our business, or servicing you. These Sub-Processors are bound by the terms of their own privacy policies and terms of service, which we rely on to protect the personal data shared with them. We may also disclose personal data when required by law, to enforce our Terms of Service, or to protect the rights, property, or safety of eCardWidget, our users, or others.
Our Sub-Processors include:
Stripe (payment processing)
MailChimp (email marketing)
DigitalOcean (cloud hosting)
Google Analytics, Google Ads, & DoubleClick (website analytics and advertising)
Facebook Ads (advertising)
Zapier (data integration)
Intercom (customer support)
Inspectlet (website analytics)
Okta & Microsoft Azure Active Directory (Directory Member authentication)
For more information about how these Sub-Processors handle your personal data, please refer to their respective privacy policies linked above.
8. Data Retention
We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Sender and Recipient data is retained for 90 days by default for all Account Holders.
9. Your Rights and Choices
9.1 Universal Rights
Depending on your location and subject to applicable law, you may have certain rights regarding your personal data, such as the right to access, correct, delete, or object to the processing of your data. To exercise these rights or manage your preferences, please contact us using the information provided in the "Contact Us" section below.
9.2 GDPR-Specific Rights
If you are a resident of the European Economic Area (EEA), you have the following rights under GDPR:
Right to access your personal data
Right to rectify inaccurate personal data
Right to erase your personal data (right to be forgotten)
Right to restrict processing of your personal data
Right to data portability (we will provide a copy of your personal data upon request)
Right to object to processing of your personal data
Right to lodge a complaint with a supervisory authority
To exercise these rights, please contact our Data Protection Officer using the information provided in the "Contact Us" section below.
Data subjects in the EEA also have the right to lodge a complaint with their local data protection supervisory authority.
9.3 CCPA-Specific Rights
If you are a California resident, you have the following rights under CCPA:
Right to know about the personal information we collect, use, and disclose
Right to request deletion of your personal information
Right to non-discrimination for exercising your CCPA rights
Please note that eCardWidget does not sell personal information.
To exercise these rights, please submit a verifiable consumer request using the information provided in the "Contact Us" section below.
9.4 PIPEDA Compliance
We comply with the principles of PIPEDA by:
Obtaining consent for the collection, use, and disclosure of personal information: We obtain consent from Account Holders during the sign-up process and from Directory Members through the Account Holders.
Collecting personal information only for specified and legitimate purposes: We collect personal information solely for the purposes outlined in this Privacy Policy.
Limiting the collection of personal information to what is necessary for the specified purposes: We collect only the minimum amount of personal information required to provide the eCardWidget service and comply with legal obligations.
Using appropriate safeguards to protect personal information: We implement technical and organizational measures to ensure the security and confidentiality of personal data, as described in the "Data Security" section of this document.
Providing individuals with access to their personal information and the ability to correct inaccuracies: Account Holders can access and update their personal information through the eCardWidget platform. Directory Members, Senders, and Recipients can contact the relevant Account Holder to access or correct their personal data.
You may opt out of receiving promotional emails from us by following the unsubscribe instructions provided in those emails. Please note that opting out of promotional emails will not affect the delivery of transactional or account-related emails.
10. Data Security
We implement appropriate technical and organizational measures to protect the security and confidentiality of your personal data, including encryption of data in transit (using TLS 1.2+) and at rest (using AES-256), access controls, and regular security audits. We maintain a comprehensive information security program designed to protect your personal data from unauthorized access, disclosure, or misuse. While no method of transmission over the internet or electronic storage is completely secure, we are committed to implementing and maintaining robust security controls to safeguard your personal data.
11. International Data Transfers
eCardWidget is based in the United States, and the personal data we collect is processed and stored on servers located in New York, provided by DigitalOcean. By using the eCardWidget platform, you acknowledge and consent to the transfer, processing, and storage of your personal data in the United States.
12. Children's Privacy
The eCardWidget platform is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such data as soon as possible.
13. Updates to this Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices or legal requirements. The most current version will be posted on our website with the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal data.
14. Contact Us
For any inquiries, concerns, or requests regarding this Privacy Policy or our data practices, please don't hesitate to reach out to us:
Contact Information:
Email: [email protected]
Name: Tim Badolato
Company: eCardWidget LLC
Phone: (573) 746-2417