Back Home

Privacy Policy

This policy explains how ToCard collects, processes, stores, and protects data when you use account, generation, and export features.

1. Data We Collect

  • Account data: email and encrypted password hash.
  • Content data: source URL/topic and generated card content you save.
  • Operational data: request metadata, error logs, and abuse detection signals.

2. How We Use Data

  • Authenticate users and protect account sessions.
  • Generate and store knowledge cards requested by users.
  • Maintain service quality, debugging, security monitoring, and anti-abuse controls.

3. AI Processing

  • Generation requests are processed by model providers configured on our server.
  • Users do not select model providers directly; routing is server-side.
  • We minimize data exposure and only transmit data required for generation.

4. Retention & Deletion

  • Saved card content is retained until user deletion or account closure.
  • Operational logs are retained for limited periods for security and reliability.
  • Users may request deletion of account-associated data via support channels.

5. Security Controls

  • Passwords are stored using one-way hashing.
  • Session cookies are HttpOnly and scoped for security.
  • We apply access controls and monitoring for production systems.

6. Your Rights

  • Access, update, and delete your account data.
  • Request information on data processing.
  • Contact privacy channel for region-specific legal rights requests.