Skip to main contentSkip to footer
eCardWidget

eCardWidget LLC

Privacy Policy

Last Updated: May 7, 2026

Here at eCardWidget, our goal is to empower you to easily build powerful solutions using the best ecard widget in the world! We do not sell or mine your data for any reason.

We collect the bare minimum of personal data necessary to create and administer accounts. The ecards you build and the entries you collect using eCardWidget are yours alone.

This Privacy Policy outlines how eCardWidget LLC ("eCardWidget", "we", "us", "our"), including its sub-brands eCardRecognizer and ChurchInviter, collects, uses, and discloses personal information in connection with the eCardWidget platform. We are committed to protecting your privacy in compliance with applicable data protection laws, including GDPR, CCPA, and PIPEDA.

1. Global Scope and Applicability

1.1 Universal Sections

This Privacy Policy applies to all users of the eCardWidget platform, regardless of their location. The following sections outline our general practices for collecting, using, and protecting personal data.

1.2 Regional Specifications

In addition to the universal sections, this Privacy Policy includes specific clauses that address regional data protection requirements, such as:

  • GDPR-specific rights (e.g., data portability)
  • CCPA-specific disclosures
  • PIPEDA compliance (e.g., accuracy and individual access)

2. Roles and Responsibilities

2.1 Account Holders (Data Controllers)

Account Holders are the primary users of the eCardWidget platform and are considered data controllers. As an Account Holder, you are responsible for:

  • Determining the purposes and means of processing personal data collected through your use of the platform
  • Configuring and using the eCardWidget software in accordance with your own data processing instructions
  • Managing your account, creating, and customizing eCards
  • Obtaining consent from Directory Members and ensuring the accuracy, lawfulness, and compliance of the personal data you collect
  • Responding to data subject requests and ensuring compliance with applicable data protection laws
  • Indemnifying eCardWidget for any claims, damages, or losses arising from your misuse of the platform

2.2 eCardWidget (Data Processor)

eCardWidget acts as a data processor on behalf of Account Holders. Our responsibilities include:

  • Providing a self-service platform for Account Holders to configure and use
  • Implementing appropriate technical and organizational measures to ensure the security of personal data
  • Assisting Account Holders in fulfilling their obligations by providing necessary tools and functionalities
  • Notifying Account Holders of any data breaches or security incidents, generally within 72 hours of confirmation in line with applicable law

2.3 Directory Members

Directory Members, also referred to as Employees, Team Members, or other roles depending on the Account Holder's use-case, are individuals added to an Account Holder's directory. They can be selected as recipients for eCards sent through the platform. Account Holders are responsible for obtaining consent from Directory Members and ensuring the accuracy of their personal data.

2.4 Senders

Senders are individuals who use the eCardWidget platform to send eCards. They may be Account Holders, Directory Members, or anyone with access to the eCard form. Senders provide their personal information, such as name and email address, when sending an eCard.

2.5 Recipients

Recipients are individuals who receive eCards sent through the eCardWidget platform. Their personal data, such as name and email address, is provided by the Sender. Recipients can block future eCards from an Account Holder via a link in the email they received.

3. Types of Data We Collect

3.1 Account Holder Data

We collect the following information from Account Holders: name, email address, password, organization details, IP address, billing information, and potentially other data via their own custom fields.

3.2 Directory Member Data

We collect the following information about Directory Members: names, email addresses, dates of birth, optional profile images, and any additional custom field data defined by the Account Holder.

3.3 Sender Data

We collect the following information from Senders: name, email address, IP address, optionally billing information for paid eCards, and any additional custom field data defined by the Account Holder.

3.4 Recipient Data

We collect the following information about Recipients: names, email addresses, and any additional information provided by the Sender in the eCard.

3.5 Usage Data

We collect information about how and when Account Holders, Directory Members, and Senders use the eCardWidget platform, including IP addresses, browser types, operating systems, and actions taken within the application. This data helps us improve our services and maintain the security of the platform.

3.6 Health Information

eCardWidget is not intended to collect or store health-related data, including PHI. Please do not submit medical or clinical information through the platform.

4. How We Use Your Data

We use the collected data for the following purposes:

  • To provide and maintain the eCardWidget platform and its functionalities
  • To deliver eCards to Recipients on behalf of Senders
  • To process payments for paid services
  • To communicate with Account Holders about our services and product updates
  • To analyze and improve the performance and security of the eCardWidget platform
  • To comply with legal obligations and enforce our Terms of Service

Email List Opt-In

By creating an account, Account Holders agree to be added to our email list for promotional and informational purposes. You can unsubscribe via the link in the email or by contacting us. Directory Members, Senders, and Recipients do not receive promotional emails.

Artificial Intelligence and Machine Learning

Personal data submitted through the core eCardWidget platform (such as eCard content, recipient lists, and account data) is not used to train artificial intelligence or machine learning models. Customer support interactions conducted through AI-assisted support tools provided by our customer support sub-processor are processed by those tools as part of their normal operation; those interactions are governed by that sub-processor's privacy policy.

5. Legal Bases for Processing (GDPR)

Under GDPR, we rely on the following legal bases for processing personal data:

  • Performance of a contract: Processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests: Processing is necessary for the purposes of the legitimate interests pursued by eCardWidget or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
  • Consent: The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Legal obligation: Processing is necessary for compliance with a legal obligation to which eCardWidget is subject.

6. Cookies and Tracking Technologies

eCardWidget uses various cookies and tracking technologies for Account Holders when they log into the eCard management system:

Cookie NamePurposeExpiry
cfidMaintains session state across page requestsSession
cftokenSecurity token used to prevent CSRF attacksSession
cfisloggedinIndicates if the user is logged in to the platformSession
__utmbUsed by Google Analytics to determine new sessions/visits30 minutes
__utmcSet by Google Analytics to determine session statusSession
__utmzStores the traffic source or campaign that explains how the user reached the site6 months
__utmtUsed to throttle request rate for Google Analytics10 minutes
_gaRegisters a unique ID used to generate statistical data on how the visitor uses the website2 years
_ga_IDUsed by Google Analytics to collect data on number of visits and dates2 years
utm_landingurlTracks landing pages2 days
utm_referrerTracks user navigation from referral sites2 days
intercom-session-IDUsed by Intercom for live chat capabilities1 week

You can manage your cookie preferences through your browser settings. Please note that disabling cookies may limit the functionality of the eCardWidget management system.

7. Data Sharing and Disclosure

We may share personal data with trusted third-party Sub-Processors who assist us in operating the eCardWidget platform, conducting our business, or servicing you. These Sub-Processors are bound by the terms of their own privacy policies and terms of service. We may also disclose personal data when required by law or to protect the rights, property, or safety of eCardWidget, our users, or others.

SubprocessorPurposePrivacy PolicyPII Roles
StripePayment processingPrivacy PolicyAll Roles
MailChimpEmail marketingPrivacy PolicyAccount Holders
SendgridTransactional emailPrivacy PolicyAll Roles
PostmarkTransactional emailPrivacy PolicyAll Roles
SMTP2GOTransactional emailPrivacy PolicyAll Roles
DigitalOceanCloud infrastructure and storagePrivacy PolicyAll Roles
CloudflareContent delivery, network security, DNS, and edge servicesPrivacy PolicyAll Roles
Google AnalyticsWebsite analyticsPrivacy PolicyAccount Holders
Google AdsAdvertisingPrivacy PolicyAccount Holders
Facebook AdsAdvertisingPrivacy PolicyAccount Holders
ZapierData integrationPrivacy PolicyAll Roles
IntercomCustomer supportPrivacy PolicyAccount Holders
RollbarError trackingPrivacy PolicyAll Roles

In addition to the Sub-Processors listed above, Account Holders may enable optional integrations with third-party services they have configured using their own credentials or accounts (for example, single sign-on identity providers, gift card or rewards platforms, or custom email delivery providers). Data handling by those providers is governed by their own privacy policies, not by this Privacy Policy.

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Sender and Recipient data is retained for 90 days by default for all Account Holders.

Backups containing personal data may persist beyond active-system retention for up to 90 days through normal backup rotation; deleted data in backups is not actively used and is naturally rotated out.

9. Your Rights and Choices

9.1 Universal Rights

Depending on your location and subject to applicable law, you may have certain rights regarding your personal data, such as the right to access, correct, delete, or object to the processing of your data. To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

We will respond within the timeframe required by the applicable regulation — generally within one month for GDPR requests and within forty-five (45) days for CCPA requests, with the possibility of a one-time extension where permitted by law.

9.2 GDPR-Specific Rights (EEA Residents)

  • Right to access your personal data
  • Right to rectify inaccurate personal data
  • Right to erase your personal data (right to be forgotten)
  • Right to restrict processing of your personal data
  • Right to data portability (we will provide a copy of your personal data upon request)
  • Right to object to processing of your personal data
  • Right to lodge a complaint with a supervisory authority

9.3 CCPA-Specific Rights (California Residents)

  • Right to know about the personal information we collect, use, and disclose
  • Right to request deletion of your personal information
  • Right to non-discrimination for exercising your CCPA rights

Please note that eCardWidget does not sell or share personal information for cross-context behavioral advertising. If we ever change this practice, we will provide a clear opt-out mechanism in advance.

9.4 PIPEDA Compliance (Canada)

We comply with the principles of PIPEDA by:

  • Consent: Obtained from Account Holders during sign-up and from Directory Members through Account Holders.
  • Purpose limitation: Personal information collected solely for the purposes outlined in this Privacy Policy.
  • Collection minimization: Only the minimum amount of personal information required to provide the service.
  • Safeguards: Technical and organizational measures to ensure security and confidentiality.
  • Access and correction: Account Holders can access and update information through the platform; Directory Members, Senders, and Recipients can contact the relevant Account Holder.

10. Data Security

We implement appropriate technical and organizational measures to protect the security and confidentiality of your personal data, including encryption of data in transit (using TLS 1.2+) and at rest (using AES-256), access controls, and regular security audits. We maintain a comprehensive information security program designed to protect your personal data from unauthorized access, disclosure, or misuse. While no method of transmission over the internet or electronic storage is completely secure, we are committed to implementing and maintaining robust security controls to safeguard your personal data.

11. International Data Transfers

eCardWidget is based in the United States, and the personal data we collect is processed and stored on cloud infrastructure located in the United States. By using the eCardWidget platform, you acknowledge and consent to the transfer, processing, and storage of your personal data in the United States.

12. Children's Privacy

The eCardWidget platform is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such data as soon as possible.

13. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices or legal requirements. The most current version will be posted on our website with the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal data.

14. Contact Us

For any inquiries, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email[email protected]
NameTim Badolato
CompanyeCardWidget LLC
Phone(573) 746-2417

Accessibility Statement

We are committed to providing a website experience that is accessible to the widest possible audience and to continually improving accessibility and usability across our website and services.

Our goal is to support applicable accessibility standards, including the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA, through ongoing evaluation, testing, remediation, and improvement efforts.

Accessibility is an ongoing process. While we strive to make all pages and functionality accessible, some content or features may not yet fully conform to all accessibility standards at all times. We are continuously working to improve accessibility as technologies, standards, and user needs evolve.

This website may include tools and features intended to enhance accessibility and usability, such as options for text scaling, contrast adjustment, and reduced motion preferences. These tools are intended to assist users but may not address every accessibility need or work equally for all users or assistive technologies.

If you experience difficulty accessing any content, feature, or functionality on this website, or if you have specific accessibility questions or concerns, please contact us. We take accessibility feedback seriously and will make commercially reasonable efforts to address reported issues and provide requested information or services through an alternative method where appropriate.

Contact: [email protected]

Last Updated: May 2026