shidduchcard

Privacy Policy

Last updated June 9, 2026

This Privacy Policy explains how Shidduch Card (“Shidduch Card,” “we,” “us,” or “our”), operated by Jewgo LLC, collects, uses, shares, and protects personal information when you use our website, mobile applications, and related services (the “Service”). By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

1. Information we collect

Information you provide. When you create an account and build your profile, we collect:

  • Account information: your name and email address, used to create and secure your account.
  • Profile content: the information you choose to enter, which may include your display name, age or birth year, height, location, gender, marital status, community, religious background and outlook, languages, family information, education, occupation, current status and future plans, a personal description, interests, what you are looking for, and contact preferences. We store your birth year rather than a full date of birth.
  • Photos: images you upload to your profile.
  • References and contacts: details you add about people you list as references, which may include their name, relationship to you, phone number, email address, and notes. You are responsible for having an appropriate basis to provide this information (see our Terms of Use).
  • Sharing details: information about the access links you create, such as a recipient label, a private note, the visibility setting, an optional expiration, and an optional PIN (which is stored only as a secure hash, never in readable form).
  • Support and communications: messages you send us through our contact form or by email.

Information collected automatically. When someone opens one of your access links, we record limited activity so we can show you how your links are being used and protect the Service: a timestamp, a hashed (not raw) IP address, browser/user-agent type, and referrer. We also keep short-lived security and rate-limiting records. We do not store raw IP addresses, and we do not use advertising or analytics trackers.

2. Cookies and similar technologies

We use only strictly necessary cookies and local storage: a sign-in session cookie provided by our authentication provider; a short-lived, link-scoped cookie that confirms a viewer entered a correct PIN (it stores proof of access, not the PIN itself); and a local preference for light or dark mode. We do not use advertising or analytics cookies, and we do not track you across other websites.

3. How we use information

  • To provide, maintain, and operate the Service and your account.
  • To enable the private sharing you initiate through access links.
  • To send account- and service-related emails.
  • To secure the Service, prevent abuse, enforce limits, and maintain audit records.
  • To respond to your requests and provide support.
  • To comply with legal obligations and enforce our Terms of Use.

Where the EU/UK General Data Protection Regulation (GDPR) applies, we rely on the following legal bases: performance of a contract (to provide the Service you sign up for); legitimate interests (to secure the Service and prevent abuse); and consent where specifically requested. We do not collect special-category health data, and we do not engage in automated decision-making that produces legal effects.

4. How we share information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only as follows:

  • Service providers (subprocessors) who process data on our behalf under contract: our authentication provider (Clerk) stores your email and name to manage sign-in; our transactional email provider (Resend) delivers account emails; and our video delivery provider (Kinescope) hosts protected profile videos. Profile content and photos are stored on our own infrastructure, with encrypted backups held by a third-party storage provider.
  • Payment processors if you purchase the optional Premium subscription or make a donation: Stripe (web payments), and Apple App Store / Google Play with RevenueCat (in-app purchases). They receive what is needed to process the payment. We never receive or store your card details, only your subscription status.
  • People you choose when you create and send an access link, limited to the fields and photos that link permits.
  • Legal and safety reasons: to comply with law, respond to lawful requests, or protect the rights, safety, and security of our users, the public, or Shidduch Card.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Policy.

5. How we protect your information

Security is foundational to the Service. We encrypt sensitive profile content, references, your account email, and your photos at rest using AES-256-GCM, and we protect data in transit with TLS (HTTPS), enforced by HSTS. Our staff cannot read your personal information in our internal tools, which operate on identifiers only. Profile videos are protected with industry-standard DRM and a per-link watermark. Access links use unguessable tokens, can be PIN-protected (the PIN is hashed), and are rate-limited against guessing. Our databases and file storage are isolated from the public internet.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Our encryption uses keys we manage so we can operate the Service (for example, to render and serve your content) — it is strong encryption at rest and in transit, but it is not end-to-end encryption.

6. Sharing links: an important limitation

Revoking or expiring a link stops new visits and new photo loads. It cannot delete information a viewer has already opened, downloaded, screenshotted, or forwarded.

Please share only what you are comfortable being seen, and only with people you trust. Access links are served privately and are not indexed by search engines.

7. Data retention

We keep your profile and photos until you delete them, and your account information until you delete your account. Link view activity is retained so you can see who has opened your links, and is then pruned on a rolling basis; rate-limiting records are pruned automatically. When you delete a profile or account, we remove the associated photos and videos and anonymize the stored view activity. Residual copies may persist in our encrypted backups until those backups age out on a routine schedule, and they remain encrypted throughout.

8. Your privacy rights

Depending on where you live, you may have some or all of the following rights. We will respond to verified requests as required by applicable law and will not discriminate against you for exercising them.

EEA/UK (GDPR). You have the right to access, correct, delete, restrict, or object to the processing of your personal data, to data portability, and to withdraw consent where processing is based on consent. You may also lodge a complaint with your local supervisory authority. We aim to respond within one month.

California (CCPA/CPRA). You have the right to know and access the personal information we hold about you, to request its deletion, to correct inaccurate information, and to limit the use of sensitive personal information. We do not sell or share personal information, so no opt-out of sale/sharing is required. We aim to respond within 45 days.

You can exercise many of these rights directly: edit your profile at any time, and delete your profile or entire account from Settings in the app or on shidduchcard.com. For other requests, or to receive a copy of your data, contact us using the details in Section 12. We may need to verify your identity before acting on a request.

9. International data transfers

We and our service providers may process and store your information in the United States and other countries, which may have different data-protection laws than your own. Where required, we rely on appropriate safeguards, such as Standard Contractual Clauses, for international transfers.

10. Children’s privacy

The Service is intended for adults and is not directed to anyone under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided us personal information, please contact us and we will delete it.

11. Changes to this Policy

We may update this Privacy Policy from time to time. We will revise the “Last updated” date above and, for material changes, provide additional notice as required by law. Your continued use of the Service after an update means you accept the revised Policy.

12. Contact us

For privacy questions or to exercise your rights, contact us at shidduchcard@gmail.com or through our contact page. Our operating entity is Jewgo LLC.