ecard.to logoecard.to

Privacy policy

Effective date: 1 January 2025

Introduction

Our project aims to help people stay connected and celebrate special occasions with unique AI-generated postcards. This notice explains what information we collect, why we do so, and the rights you have.

The ecard.to service provider is committed to fair and transparent processing and handles personal data in line with applicable laws. Postcards and other data marked as non-public remain accessible only to the user who created them and are never displayed or reused elsewhere.

How the service works

ecard.to combines classic postcards with AI-assisted automation. The points below summarise the main menus so you always know how your data and creative assets are used.

Every option keeps celebrations personal while respecting privacy, whether you send instantly or rely on automated schedules.

  • Sending: choose between instant delivery, a future schedule, or the combined “send & schedule” button. Regular postcards deliver the image you currently see, while AI postcards regenerate a fresh illustration each time. For security and anti-spam reasons one message can target maximum 50 recipients.
  • AI postcard creation: describing your idea and generating an image costs 1 credit. You can top up credits in the account area whenever you need more.
  • AI prompt: this saved description contains everything needed to recreate your card. You can edit it, attach it to schedules, or trigger new sends so every delivery feels unique—perfect for loved ones because each send produces a brand-new variation.
  • Prompt text variations: wrapping a part of the desired postcard text in parentheses ( … ) tells the AI to paraphrase that message on every generation, so even the written greeting changes slightly.
  • Account: manage personal data, redeem coupons, add credits via USDC or USDT transfers on the Polygon network, or use trusted partners for card payments. Here you also find the basic referral option, the extended affiliate programme described in the affiliate policy (https://ecard.to/affiliate), payout history, the activity log, and tools to update or delete your information.

Data controller details

Controller: Sunshine Future Solutions Ltd.

You can reach the controller at the above contact for any questions about data protection.

  • Registered office: Costa Rica
  • Company ID: 3102887716
  • Contact: hello@card.to

Categories of personal data

During the use of ecard.to we process the following data:

  • Account information: name, email address, password (hashed), billing and credit data, preferred language, country, time zone, affiliate identifier and settings.
  • Service-related data: metadata of generated and sent postcards, schedules, coupon and credit history, and activity logs (e.g. logins, administrative actions).
  • User content: AI-generated postcards and prompts, descriptions provided by you, stored recipients, and any postcards you share publicly.
  • Technical data: IP address, browser and device information, cookies and local storage identifiers, system logs for abuse prevention.

Purpose and legal basis of processing

Depending on the activity we rely on your consent, the performance of our contract, compliance with legal obligations, or our legitimate interest in keeping the service secure and reliable.

  • Service delivery and improvement: managing registration, generating and sending postcards, scheduling, administering credits and coupons.
  • Communication: sending service notifications, transactional emails, incident reports, and customer support replies.
  • Security and fraud prevention: logging, detecting unauthorised use, protecting the integrity of our systems and data.
  • Anonymous statistics and product development: analysing aggregated, non-identifiable data to improve the service.

Data retention

We retain personal data for as long as it is necessary to provide the service, meet contractual or legal obligations, or resolve disputes. Dormant accounts are deleted within the retention periods prescribed by law.

You may delete your account and generated postcards at any time. Please note that postcards shared publicly before deletion may remain available because recipients or other users can store or redistribute them.

Your data protection rights

Under applicable data protection laws you have the following rights:

  • Right of access: obtain confirmation whether we process your personal data and request a copy.
  • Right to rectification: ask us to correct inaccurate or incomplete information.
  • Right to erasure: request deletion of your personal data in specific situations.
  • Right to restriction: ask us to limit processing under certain conditions.
  • Right to data portability: receive the data you provided in a structured, commonly used format.
  • Right to object: object to processing based on our legitimate interests.
  • Right to lodge a complaint: contact your local supervisory authority or the controller if you believe your rights have been infringed.

Updating and deleting your data

You can update your account information and request account deletion within the dashboard or by contacting support.

Content created by you that is not public is erased with the account. Postcards made public before deletion cannot be automatically removed because recipients may already have access to them.

Data sharing and processors

We do not sell personal data. We share it only with trusted processors to operate the service.

  • Infrastructure providers (hosting, email, logging) under data processing agreements and appropriate safeguards.
  • AI providers (e.g. OpenAI) for generating text and images; we transmit only the prompt information necessary for the requested output.
  • Authorities or courts when required to comply with legal obligations.

Data security

We maintain appropriate technical and organisational measures to protect data against unauthorised access, alteration or loss. Only authorised staff with a need-to-know access the systems.

Cookies and analytics

We use essential cookies and local storage (e.g. session, language preference). We currently do not deploy third-party marketing cookies.

Anonymous research use

We may use aggregated or anonymised data for statistical and research purposes to develop the service. Such information cannot be used to identify you.

Changes to this notice

We may update this privacy notice from time to time. Material changes will be communicated within the service or by email.

Contact and complaints

For questions, requests, or complaints about data processing, write to hello@card.to. We reply within the time limits set by law.

If you wish to file a complaint, you may contact the data protection authority responsible for your place of residence.