Privacy Policy

Last updated: July 15, 2026

MyVisito ("we", "us") is a digital business card service operated by EmodeFlow, LLC, a company registered in the United States. For the personal information described here, EmodeFlow, LLC is the data controller. This policy describes what information we collect when you use myvisito.com, app.myvisito.com, your workspace subdomain, and published cards, how we use it, who we share it with, and the choices and rights you have.

We collect only what we need to run the service. We do not sell your personal information, and we do not use it for third-party advertising.

Information we collect

  • Account information: your email address, name, and password (stored in hashed form), or your Google profile details when you sign in with Google.
  • Card content: everything you choose to place on your cards, such as your name, role, contact details, photos, logo, services, prices, and links. When you publish a card, that content becomes publicly visible at its web address; with the default public search setting it may also be indexed by search engines, and you can switch the card to private (not indexed) at publish time or anytime in the editor.
  • Workspace details: your workspace name and the web address (subdomain) you choose.
  • Usage and analytics: events on your own cards, such as views, contact saves, link taps, and shares, so we can show you how your card performs.
  • Copilot conversations: when you use the AI copilot, we store your chat with it, along with any images, PDFs, or links you attach, so the assistant works and you can return to a conversation.
  • Technical information: when you create an account we record your IP address, approximate location, and device and browser type, to protect the service against abuse.
  • Payment information: when you buy a plan, your payment is handled by Stripe. We receive billing details such as your name, email, country, and subscription status, but not your full card number.

Information from card visitors and leads

When you publish a card, people can view it, and some information is collected from those visitors.

Lead details: when a visitor leaves their details through a lead form on your card, those details (such as name, phone, email, and message) are collected for you, the card owner. For that lead information you are the data controller, and we process it on your behalf as your service provider. You are responsible for having a lawful basis to collect it and, where the law requires, for giving those visitors your own privacy notice.

Visitor analytics: when a published card is viewed, we record analytics events (such as a view, a QR scan, a saved contact, or a link tap) together with approximate location (country and city), device and browser type, and the referring website. We use this to give the card owner performance statistics and to protect the service. We do not use it to identify individual visitors or to serve advertising.

Card scanning: a card owner can scan a paper business card, and on some cards a visitor can choose to scan their own business card to hand over their details. In both cases the photo is processed by AI only to extract the contact details on it (such as name, phone, email, and social links) into the card owner's contacts. The card owner is the data controller for the scanned details, just like lead-form details, and we process them on the owner's behalf.

Buyers and purchases (Earn)

Card owners on selling plans can offer products for sale from their cards ("Earn"). If you buy from a seller, the seller is the merchant and the data controller for your purchase; we process your details on the seller's behalf as their service provider.

For each order we collect and store for the seller: your name, email, phone if you provide it, your shipping address for physical products, your answer to any question the seller added at checkout, and the product, amount, and status of the order. We use these details to deliver your purchase (your order page and order email) and to show the seller their orders and buyers.

The payment itself is handled by the seller's payment provider: the seller's own Stripe account, another provider the seller connected (such as PayPal, Cardcom, Tranzila, or UPay), or the seller's external payment link. Your full card number never reaches MyVisito.

If the seller connected external tools (such as an email marketing service, a CRM, or a spreadsheet), we pass your order details to those tools on the seller's instructions. The seller may also issue you an invoice through an invoicing service they connected.

Order records are kept for the seller and for fraud prevention, dispute handling, and legal compliance. To exercise your privacy rights over purchase information, contact the seller directly, or write to support@myvisito.com and we will route your request to them.

How we use your information

  • To create, host, and display your digital business cards (to perform our contract with you).
  • To generate and edit card content with AI when you ask the copilot to do so (to perform our contract with you).
  • To show analytics about cards, to keep the service secure, and to prevent fraud and abuse (our legitimate interest in running a safe, useful service).
  • To process payments and manage subscriptions (to perform our contract and meet legal and tax obligations).
  • To send you service emails such as verification codes and important account notices (to perform our contract), and, only with your consent where required, occasional product updates.
  • To respond when you contact support (our legitimate interest and, where relevant, our contract with you).
  • To comply with the law and enforce our terms (to meet a legal obligation and our legitimate interests).

AI processing

When you use the copilot, the text you provide and your card content, plus any images, PDFs, or links you attach, are sent to our AI provider only to produce the result you requested. This content is not used to train AI models.

We do not use the copilot to make decisions about you that produce legal or similarly significant effects without human involvement. Please do not paste other people’s sensitive personal information into the copilot unless you are permitted to.

Published content (cards and shop products) may be automatically scanned by AI to detect violations of our Terms of Use, such as illegal or harmful content. Flagged content is reviewed by a person before any final decision about your account.

Signing in with Google

If you choose to sign in with Google, we receive only your basic profile information: your name, email address, and profile picture. We use it solely to create and secure your account and to prefill your profile.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We do not share, sell, or use Google user data for advertising, and we do not use it to train AI models. You can disconnect Google from your account at any time, and you can request deletion of this data by contacting us.

Cookies

We use a small number of cookies and similar technologies to keep you signed in, remember preferences such as language, and, only with the relevant permission, measure usage. MyVisito does not use advertising cookies for its own advertising. A card owner may configure Google Analytics or Facebook Pixel on their public card; those tools remain off until the visitor separately allows card-owner tracking. Our Cookie Policy explains every category and how to change your choice.

How we share information

We do not sell your personal information. We share it only with the categories of service providers below, which run the service under our instructions and data-processing agreements, and only with what each needs to perform its role:

  • Cloud infrastructure providers: hosting the service and running its database, authentication, and file storage.
  • AI providers: processing your copilot and import requests, only to produce the result you asked for; never to train their models.
  • Email delivery providers: sending transactional emails such as verification codes and account notices.
  • Usage measurement: privacy-friendly, cookieless analytics of our own service (only if you accept measurement).
  • Fraud-prevention providers: turning an IP address into an approximate location, to protect against abuse.
  • Stripe: payment processing when you purchase a plan, and, if you sell through MyVisito, payments from your buyers through your own connected Stripe account.
  • Google: sign-in, if you choose to use it, and Google Tag Manager measurement tags (only if you accept measurement).
  • Tools you connect yourself, such as a CRM, an email marketing service, a spreadsheet, an automation service, a payment provider, or an invoicing service: we send lead and order details to them at your direction, and their own terms and privacy policies apply to them.

Legal disclosures and business transfers

We may disclose information if required by law, to respond to lawful requests, to protect the rights, safety, and security of our users and the service, or in connection with a merger, acquisition, or sale of assets, in which case we will take reasonable steps to ensure your information stays protected.

Where your information is processed

We and our providers process information in the United States and in other countries. When we transfer personal information out of the European Economic Area, the United Kingdom, or Israel, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, so that your information keeps a comparable level of protection.

Data retention and deletion

We keep your information for as long as your account is active. You can delete a card at any time, and you can permanently delete your entire account yourself from your account settings (Login and security > Delete account) on the web or in the mobile app. Deletion is immediate: your cards go offline, your data is removed, and any active subscription is cancelled immediately with no further charges. You can also request deletion by writing to support@myvisito.com.

Some information is kept longer where we must: billing and tax records are typically kept for around seven years, and limited information may remain to meet a legal obligation, resolve a dispute, or enforce our terms. After account deletion we retain a minimal record of the account (such as the account email and billing history) for fraud prevention, dispute handling and legal compliance. Uploaded images may remain in storage for a period even after the card that used them is deleted, and copies may persist in routine backups for a limited time. Lead details you collect are kept until you delete them.

Your privacy rights

Depending on where you live, you have rights over your personal information. We honor these rights for everyone where we can.

If you are in the EU/EEA or the UK, you have the right to access, correct, delete, or receive a copy of your personal information, to restrict or object to certain processing, and to withdraw consent at any time. You also have the right to complain to your local data protection authority.

If you are in California or another US state with privacy rights, you have the right to know what personal information we collect, to access and delete it, and to correct it. We do not sell or "share" personal information for cross-context advertising, so there is nothing to opt out of, and we honor recognized opt-out signals such as Global Privacy Control. We will not discriminate against you for exercising your rights, and you may use an authorized agent.

If you are in Israel, you have the right to review and correct information we hold about you under the Protection of Privacy Law.

To exercise any right, email support@myvisito.com from your account address. If you are a card visitor or a lead, the card owner is responsible for your information; you can contact them directly, or contact us and we will route your request to them.

Security

We protect your information with measures that include encryption in transit, encryption at rest through our infrastructure providers, isolation of every workspace from others at the database level, hashed passwords, and restricted access to production systems. Card payments are handled by Stripe, and we never store your full card number. No method of storage or transmission is completely secure, but we work to protect your information and to keep improving. You can read more on our Security page.

Data breaches

If a data breach affects your personal information, we will notify you and the relevant authorities where the law requires, and take reasonable steps to limit the impact.

Children

MyVisito is not directed at children under 16, and we do not knowingly collect their information. If you believe a child has given us personal information, contact us and we will delete it.

Changes and contact

If we make material changes to this policy we will take reasonable steps to let you know. For any question or request about your privacy, or to reach EmodeFlow, LLC as the data controller, write to support@myvisito.com.