Skip to content
Virtual Business CardGet Yours

Policy

RockyChimp Digital Cards Privacy Policy

Effective date: 4 May 2026. This policy explains how RockyChimp handles personal data for the digital business card service.

1. Who We Are

RockyChimp provides websites, digital business cards, QR codes, NFC tap cards, and related digital services for small businesses and individuals.

For this service, "RockyChimp", "we", "us", and "our" means RockyChimp. Contact email, postal address, and ICO registration details should be added before publication where applicable.

2. What This Policy Covers

  • People who ask about or buy a RockyChimp digital card.
  • People who have a digital card hosted by us.
  • People who use a RockyChimp account or dashboard.
  • People who appear on a card managed by a business or team customer.
  • People who scan, tap, view, or submit information through a card.
  • People who contact RockyChimp for support or sales.

3. Personal Data We May Collect

We try to collect only the information needed to provide the service.

  • Contact details such as name, email address, phone number, job title, business name, website, and social links.
  • Card content such as profile photos, biography text, public links, colours, themes, and custom domains.
  • Account details such as login email, password authentication data, role, and access permissions.
  • Billing and order details such as plan, setup fee, physical product order, payment status, and invoices.
  • Support messages and enquiries.
  • Technical data such as IP address, browser, device type, page requested, timestamps, and security logs.
  • Basic card analytics such as card views, QR scans, NFC taps, vCard downloads, and link clicks.
  • Lead capture details if enabled, such as name, email address, phone number, company, message, consent choices, and the card or business the lead relates to.

4. Public Card Information

Digital business cards are designed to be public. If a customer chooses to publish personal details on a card, those details may be seen by anyone with the card link, QR code, NFC card, or custom domain.

Public card details may also be indexed by search engines unless search indexing is blocked or limited.

Customers should only publish information they are happy to make public and should have permission before publishing details about employees, team members, contractors, or other individuals.

5. How We Use Personal Data

  • Create, host, and maintain digital business cards.
  • Provide QR codes, NFC redirects, vCard downloads, and custom domain mapping.
  • Provide customer support and respond to enquiries.
  • Manage accounts, permissions, billing, and subscriptions.
  • Supply physical NFC products, replacement cards, and custom 3D printed items.
  • Provide basic analytics to card owners or business customers.
  • Detect misuse, prevent fraud, secure the service, and troubleshoot issues.
  • Process leads submitted through card forms where enabled.
  • Comply with legal, tax, accounting, and regulatory obligations.

6. Lawful Bases

Where we rely on legitimate interests, we balance our interests against the rights and freedoms of the people whose data we process.

  • Contract: to provide the digital card service, customer accounts, support, billing, and physical products.
  • Legitimate interests: to secure the service, provide basic analytics, improve our service, respond to business enquiries, and manage customer relationships.
  • Consent: where a visitor chooses to submit a lead form, opts into marketing, or where consent is otherwise required.
  • Legal obligation: for tax, accounting, legal claims, regulatory compliance, and fraud prevention.

7. Lead Capture

Some cards may include a lead capture or contact form. If a visitor submits a form, their details may be sent to the card owner or business customer so they can respond.

If the form includes a marketing opt-in, marketing messages should only be sent in line with the visitor's consent and applicable direct marketing rules.

We recommend that business customers do not use lead data for unrelated purposes without a clear lawful basis.

8. Cookies And Analytics

We may use essential cookies or similar technologies to keep the service secure, support login sessions, and operate the website.

We may also collect basic server-side analytics such as page views, taps, link clicks, and vCard downloads. Where possible, we keep analytics privacy-light and avoid invasive tracking.

If we introduce non-essential cookies, third-party analytics, advertising pixels, or similar tracking technologies, we will update our cookie notice and ask for consent where required.

9. Sharing Personal Data

We do not sell personal data.

  • Hosting and infrastructure providers.
  • Database providers.
  • Payment processors.
  • Email or messaging providers.
  • Domain, DNS, and security providers.
  • Professional advisers such as accountants or legal advisers.
  • Business customers or card owners where a visitor submits a lead form for them.
  • Regulators, courts, law enforcement, or authorities where required.

10. International Transfers

Some suppliers may process data outside the United Kingdom. Where this happens, we aim to use suppliers that provide appropriate safeguards, such as UK-approved transfer mechanisms or equivalent contractual protections.

11. Retention

  • Active customer/card data: while the account or card is active.
  • Cancelled card data: normally deleted or anonymised within the chosen retention period unless needed for legal or accounting reasons.
  • Billing and invoice records: up to 6 years where required for tax/accounting.
  • Security logs: typically 90 to 180 days.
  • Raw analytics events: typically 90 to 180 days, with aggregated statistics kept longer.
  • Lead data: normally controlled by the card owner/business customer, with deletion recommended when no longer needed.

12. Security

No online service can be guaranteed to be completely secure, but we aim to reduce risk and respond promptly to issues.

  • HTTPS.
  • Access controls.
  • Password hashing or secure authentication.
  • Secure cookies where used.
  • Role-based access where appropriate.
  • Database access controls.
  • Backups.
  • Monitoring and logging.
  • Regular software updates.
  • Limiting access to people who need it.

13. Your Rights

To exercise rights, contact RockyChimp at the published privacy contact address. If the data relates to a card managed by one of our business customers, we may need to involve that customer.

  • Access personal data.
  • Correct inaccurate data.
  • Request deletion.
  • Restrict processing.
  • Object to processing.
  • Request data portability.
  • Withdraw consent where processing is based on consent.
  • Complain to the Information Commissioner's Office.

14. Children's Data

This service is intended for adults and businesses. It is not intended for children.

15. Changes To This Policy

We may update this policy from time to time. The latest version will be published on our website.

16. Contact

Questions about this policy can be sent to the published RockyChimp privacy contact email.