Privacy Policy

Information We Collect

Account Information:

When you create an account, we collect your email address and optional display name. We use your email to send login codes (one-time passwords) and communicate about your orders.

Mailing Addresses:

When you place an order, we collect your return address and the destination addresses for your postcards. These are stored in your address book and attached to order records.

Postcard Content:

We store the images you upload for your postcards, thumbnail versions of those images, and the back text you compose (including messages, fonts, and any link URLs). This content is stored in our database to fulfill your orders and allow you to reuse designs.

Order History:

We retain records of your orders including status, dates, and associated postcard and address information.

Blog Posts:

If you create blog posts, we store the post title, content, and your display name as the author.

QR Code & Open Tracking:

If you enable scan tracking on an order, we generate a unique QR code for each sent card. When a recipient scans the QR code, we log the IP address and timestamp of the scan. This allows you to see whether your postcards were received. You can choose to disable this feature per order.

Analytics:

We collect basic analytics on page visits including: hashed IP address, approximate location (city, country, and state derived from a local geolocation database — your IP is not sent to any third party for this purpose), device type, browser, screen dimensions, and page load performance metrics. Full IP addresses are deleted within 24 hours; hashed IPs are retained for aggregate analytics.

Security & Bot Detection:

On the login page, we collect interaction signals (such as mouse movement counts and touch events) to distinguish real users from automated bots. This data is used solely for abuse prevention.

Cookies:

We use a single authentication cookie (auth_token) to keep you signed in. It expires after 30 days. We do not use advertising or third-party tracking cookies.

How We Use Your Information

• To authenticate your account and keep you signed in
• To process and fulfill your postcard orders
• To let you manage your address book and reuse postcard designs
• To provide scan/open tracking when you enable it
• To maintain basic website analytics and security
• To comply with sales tax and financial record-keeping requirements

Data Sharing with Third Parties

We do not sell or rent your personal information. We share data with third parties only as necessary to operate the service:

• PostGrid (postcard printing and mailing): receives sender and recipient addresses and the postcard PDF to print and mail your orders
• Resend (email delivery): receives your email address to deliver login codes and order notifications

Data Retention

• Account information: retained until you request deletion
• Mailing addresses on completed orders: retained for up to 12 months for sales tax compliance, then deleted
• Address book entries: retained until you remove them or delete your account
• Postcard images and content: retained until you delete them or delete your account
• Order history: retained for up to 12 months for tax and accounting purposes
• Full IP addresses: deleted within 24 hours
• Hashed IP addresses and analytics: retained for aggregate reporting
• QR scan logs: retained as long as the associated order exists

Your Rights

You can delete your postcards, addresses, and blog posts from within the app. To request full account deletion or a copy of your data, contact us at support@postcardshark.com. We will respond within 30 days. Note that some data may be retained as required by law (e.g., addresses on completed orders for tax purposes).

Contact Us

If you have any questions about this privacy policy or our data practices, please reach out to us at support@postcardshark.com.

Last updated: February 2026