Privacy Policy

Effective as of: November 21, 2025

This Privacy Policy explains how Cardify, Inc. ("Cardify," "we," "us," or "our") collects, uses, shares, and protects personal information when you interact with our digital platforms, including our website https://cardify.net, and related services that link to this Privacy Policy (together, "Service").

We are committed to protecting your privacy and processing your information responsibly and transparently in accordance with applicable data protection laws.

1. Information We Collect

(a) Information You Provide to Us

We may collect personal information directly from you when you interact with the Service, such as when you create an account, purchase or redeem a Cardify NFT, or contact us. The personal information may include:

  • Contact details: name, email address, billing/shipping address, and phone number.
  • Account information: digital wallet address, username, login credentials, or similar identifiers.
  • Transactional information: details about NFT purchases, sales, or redemptions made through our Service, as recorded on the relevant blockchain.
  • Communications: information contained in messages, requests, or feedback you send us.
  • Verification information: any documentation or data provided for identity or age verification when required by law or policy (e.g., KYC checks in certain jurisdictions).

(b) Automatic Data Collection

When you visit or use Service, we automatically collect certain information, including:

  • Device and usage data: IP address, browser type, operating system, device identifiers, referring URLs, time spent on pages, and interactions with our Service.
  • Cookies and similar technologies: small data files that help us remember your preferences, understand activity on our site, maintain secure sessions, and improve performance. You can adjust cookie settings through your browser preferences.

(c) Information from Third Parties

We may receive limited information about you from:

  • Partners and custodians (e.g., Axel Mark Inc. and Yuyu-tei) for physical card verification and storage management.
  • Payment or blockchain providers necessary to process transactions, confirm ownership, or display NFTs.
  • Analytics or marketing service providers that assist us in understanding usage patterns or improving user experience.

We may combine this information with what we collect directly.

2. How We Use Personal Information

We use collected information to operate, secure, and improve the Service, including to:

  • Provide and operate the Service: to process NFT tokenization, purchases, and redemptions; and to maintain card custody records.
  • Communicate with you: to send purchase confirmations, system alerts, security notices, and respond to inquiries.
  • Ensure compliance and security: to prevent fraud, maintain blockchain integrity, fulfill contractual obligations, and meet legal or regulatory requirements.
  • Improve our services: to analyze trends and optimize the user experience.
  • Marketing communications: to provide information about updates, new features, or promotions, subject to your communication preferences. You may opt out at any time.
  • Research and development: to evaluate and improve our products, systems, and performance.

We may also create aggregated, anonymized, or de-identified data that no longer identifies individuals, which we may use for internal analytics or lawful business purposes.

3. How We Share Personal Information

We may share personal information only as necessary and in alignment with this Policy:

  • Custody and partner organizations: With our verified custodial partners (e.g., Axel Mark Inc., Yuyu-tei) to authenticate and manage physical Pokémon cards stored in vaults.
  • Service providers: With trusted vendors providing hosting, IT support, payment processing, analytics, customer support, or email delivery.
  • Blockchain networks: When you transact via our Service, wallet addresses and related data may be stored and viewable publicly on the blockchain. Cardify does not control or delete data recorded on public ledgers.
  • Professional advisors and regulators: As required for compliance, audits, dispute resolution, or as mandated by law.
  • Business transfers: In connection with a merger, acquisition, financing, or sale of business assets.

We do not sell or lease your personal information.

4. Your Choices and Rights

  • Access and updates: If you have an account, you may view or update certain information by logging into your profile.
  • Marketing opt-out: You can unsubscribe from marketing emails at any time using the link provided in the email or by contacting us at the address below. You will continue to receive essential transactional communications.
  • Cookies: You can adjust browser settings to decline cookies or alert you when cookies are set.
  • Legal rights: Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict our use of your personal data. Requests can be sent to privacy@cardify.net, and we will comply as required by applicable law.

5. Security

We employ reasonable technical and organizational safeguards designed to protect personal information against loss, unauthorized access, or misuse.

However, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security of your data on the internet or any blockchain network.

6. Data Retention and Transfers

Data retention depends on our business needs and legal requirements. We retain information only as long as reasonably necessary to provide the Service, maintain records for audit and compliance, and resolve disputes.

Your information may be processed and stored in jurisdictions outside your own, including the United States and Japan, where data protection laws may differ from those in your region.

7. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected such information, we will delete it promptly in accordance with applicable laws.

8. Third-Party Links and Services

Our Service may contain links to third-party websites or integrations (such as payment providers or NFT marketplaces) that we do not control. We are not responsible for their privacy practices, and we encourage you to review the privacy policies of those third parties before engaging with them.

9. International Legal Compliance and "Do Not Track"

Some browsers allow users to send "Do Not Track" ("DNT") signals. As described by the Future of Privacy Forum's All About DNT resource at https://fpf.org/thank-you-for-visiting-allaboutdnt-com/, there is no current industry standard for responding to these signals. Accordingly, Cardify does not respond to DNT requests at this time. You may manage tracking preferences through your browser or device settings.

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Updates will be posted on https://cardify.net with a new effective date. Significant changes will be announced via notice on our website or by email where appropriate. Your continued use of the Service constitutes acceptance of the revised Policy.