Last updated: 25 May 2026
Privacy Policy
This privacy policy describes how Unboring Card processes personal data. It is a draft for the described service and should be legally reviewed before publication.
1. Controller
The controller responsible for data processing on this website is Oliver Lauckner, Am Stichkanal 45, 14167 Berlin, Germany.
Contact: info@invofox.de
2. What Unboring Card does
Unboring Card lets registered users create a personal Hero Page, add images, contact details, highlights, projects, and other profile content, and publish or unpublish it with a switch.
Users can also design a personal business card and order it through the shop. Payments are processed via Stripe; cards are shipped to the delivery address provided by the user.
3. Data we process
During registration and use, we process in particular names, email addresses, password hashes, verification status, session and security data, cookie settings, and the contents of the Hero Page and card design.
For card orders, we process order data, product and pricing information, invoice and payment status, Stripe references, delivery address, email address, optional customer notes, and the card design snapshot required for production.
If a Hero Page is published, the profile content released by the user is available at the public URL. If the Hero Page is set to private, it is no longer publicly reachable through the profile route.
4. Purposes and legal bases
We process data to provide the account, editor, publishable Hero Page, card designer, shop, payment processing, order fulfillment, communication, and technical security.
Processing takes place, where required, for contract performance or pre-contractual steps, to comply with legal obligations, on the basis of legitimate interests in secure and stable operation, or on the basis of consent, for example for optional analytics and insight features.
5. Hosting, database, and payments
The website is hosted by Vercel. Technically necessary access data may be processed, for example IP address, access time, requested resources, browser and device information, and technical logs.
Application data is stored in a Supabase Postgres database. This includes account data, Hero Page content, card designs, orders, and cookie settings.
Payments are processed via Stripe. The data required for payment, fraud prevention, invoicing, and payment confirmation is transmitted to or processed by Stripe. Payment data such as complete credit card numbers is not stored by us.
6. Card production and shipping
For producing and delivering ordered business cards, the necessary data may be shared with print, production, or shipping providers. This includes name, delivery address, order details, and the final card design.
This data is processed only as far as necessary for production, delivery, support, invoicing, and statutory retention.
7. Cookies, local storage, and optional insights
We use technically necessary cookies and comparable technologies so that login, security, language settings, and cookie choices work. Where access to device information is strictly necessary, it is used for the service requested by the user.
Optional analytics and insight data is collected only after opt-in. The aim is to provide card owners with anonymized or aggregated indications of how often their Hero profile was visited. Where data must be technically processed before anonymization, we limit it to the necessary minimum.
Consent can be changed at any time with future effect via the cookie settings or account settings.
8. Recipients and international transfers
Recipients of personal data may include hosting, database, payment, production, shipping, and technical service providers. Where required, these providers are engaged as processors or independent controllers.
For providers based outside the EU or EEA, we seek appropriate safeguards, such as adequacy decisions, standard contractual clauses, or comparable protection mechanisms.
9. Retention period
We store personal data only for as long as it is required for the purposes described above. Account, Hero Page, and card design data is generally stored until the account is deleted or changed by the user.
Order, payment, and invoice data may be stored longer due to commercial and tax retention obligations. Security and server logs are retained only for a limited period unless needed to investigate abuse or disruptions.
10. Rights of data subjects
Data subjects have the right, within the statutory requirements, to access, rectification, erasure, restriction of processing, data portability, and objection to certain processing.
Where processing is based on consent, consent can be withdrawn at any time with future effect. There is also a right to lodge a complaint with a data protection supervisory authority.
11. Security and changes
We use technical and organizational measures to protect data against loss, misuse, and unauthorized access. These include encrypted connections, access-restricted systems, and password hashing.
This privacy policy may be updated if features, service providers, or legal requirements change.