Last updated: 19 April 2026
CardScan is operated by Nörtti Paikalle Oy, Finland. We are the data controller for personal data collected about our users (account and billing data). For personal data contained in business card images you upload, you are the data controller and we act as your data processor.
We collect the minimum data necessary to operate the service:
Business card images are transmitted to the Anthropic API for processing and are not stored on our servers. Anthropic's data handling is governed by their privacy policy. Extracted contact data is returned to your browser only — we do not log or store it.
We process your account and billing data on the basis of contractual necessity (to provide the service you have signed up for). We do not process your personal data for any purpose beyond operating the service.
We use your data only to provide and bill for the service, and to send password reset emails when requested. We do not sell, share, or use your data for advertising or profiling.
We use a single session cookie to keep you logged in. No third-party tracking cookies are used.
Account data is retained until you request deletion. You may request full deletion by contacting us, after which your account and all associated data will be removed within 30 days.
Under the GDPR and applicable data protection law you have the right to:
To exercise any of these rights, contact us at the support address in your profile. You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi) if you believe we have handled your data unlawfully.
We may update this policy at any time. The date at the top of this page reflects the most recent revision.