Privacy Policy
Last updated: 12 June 2026
HALVE provides NFC digital business cards and hosted profile pages. This policy explains what personal data we collect, why we collect it, how long we keep it, and the rights you have under the EU General Data Protection Regulation (GDPR). Our data and database are hosted in the European Union.
1. Who we are (Data Controller)
HALVE is the controller of the personal data described below. You can contact us at the postal address or email below for any privacy question or to exercise your rights.
2. What data we collect and why
We practise data minimisation — we only collect what we need to run the service. Below is each category, why we process it, and the legal basis under GDPR Art. 6.
Account data
What: Email address, password (stored hashed by our auth provider), plan, and account creation date.
Why: To create and secure your account, authenticate you, and provide the service.
Legal basis: Contract (Art. 6(1)(b))
Profile / business-page content
What: Display name, bio, avatar and banner images, contact email and phone you choose to publish, links, and the media you upload.
Why: This is the content you publish on your public card/profile page. You can edit or remove it at any time.
Legal basis: Contract (Art. 6(1)(b))
Payment & order data
What: Customer email, order/SKU details, and Stripe customer / payment identifiers. Card numbers are handled directly by Stripe — we never see or store them.
Why: To process card purchases and subscriptions, issue invoices, and meet accounting obligations.
Legal basis: Contract & legal obligation (Art. 6(1)(b),(c))
Analytics on card taps
What: A salted, rotating one-way hash of the visitor's IP address (not reversible to an IP), coarse country, device type, and the referrer origin. We do not store raw IP addresses or full URLs.
Why: To give profile owners privacy-friendly, aggregate insight into how their card is used. No cross-site tracking or advertising.
Legal basis: Legitimate interests (Art. 6(1)(f))
Wallet passes
What: Apple/Google Wallet object identifiers and authentication tokens for digital cards you add to your phone.
Why: To issue and update your digital wallet card.
Legal basis: Contract (Art. 6(1)(b))
We do not sell your personal data, and we do not use advertising or third-party tracking cookies.
3. Cookies & similar technologies
We use a small number of strictly necessary cookies for sign-in, security and remembering your language. These do not require consent. Any non-essential storage (for example the installable web-app / offline service worker, classed as “functional”) is only enabled after you opt in via our cookie banner, and stays blocked until then. You can change your choice at any time: .
4. How long we keep your data
- Account & profile data — kept while your account is active. When you delete your account, it is erased immediately.
- Tap analytics — stored in pseudonymous form (the IP hash salt rotates daily) and automatically deleted after 18 months.
- Order & invoice records — retained for the period required by applicable tax and accounting law (typically up to 10 years), even after account deletion, under our legal obligation.
5. Who we share data with (Processors)
We share data only with vetted service providers acting on our instructions: our hosting and database provider (Supabase, EU region), our payment processor (Stripe), our transactional email provider, and Apple/Google for wallet passes. Each processes data solely to deliver their part of the service.
6. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict and port your data, and to object to processing based on legitimate interests.
- Access / portability — download a machine-readable copy of all your data from your account settings (“Your data & privacy → Download my data”).
- Erasure — permanently delete your account and personal data from the same settings page.
- Rectification — edit your email, profile and published details at any time.
- Objection / restriction — ask us to stop or limit processing based on legitimate interests, such as tap analytics.
Settings · For any other request, email us. You also have the right to lodge a complaint with your local data protection authority (in France, the CNIL). support@halve.cc.
7. Data security
Access to the database is restricted to our trusted server processes, and row-level security policies ensure accounts can only reach their own records. Connections are encrypted in transit and visitor IPs are hashed before storage.
8. Changes to this policy
We may update this policy from time to time. We will revise the “last updated” date above and, for material changes, notify you within the app.
9. Contact
For any privacy request or question, contact us by email or post using the details below.