Privacy Policy

Effective date: Oct 11, 2021

Cardbox, a product of Cardbox, LLC., a Delaware limited liability corporation ("Cardbox", "we" or "us") understands that users of our services ("Service") care about their privacy and how their personal information is used and shared. As such, we at Cardbox have a firm commitment to the privacy and protection of our users. Cardbox is available at

By visiting our website, you are consenting to the practices described in this privacy policy. Please also visit our Terms of Service which establishes the use, disclaimers and limitations of liability governing the users of our website. Capitalized terms that are not defined in this document have been defined in our Terms of Service.

Limited Use

Cardbox's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Our use and transfer of data obtained via the Google API Service complies with the following:

  • Allowed Use: We are only allowed to use restricted scope data to provide or improve user-facing features that are prominent from Cardbox's user interface.
  • Allowed Transfer: We are only allowed to transfer restricted scope data to others if that transfer is (a) necessary to provide or improve user-facing features that are prominent from the requesting app's user interface, (b) to comply with applicable laws, or (c) a part of a merger, acquisition or sale of Cardbox assets. All other transfers or sales of user data are completely prohibited.
  • Prohibited Advertising: We are never allowed to use or transfer restricted scope data to serve users advertisements. This includes personalized, re-targeted and interest-based advertising.
  • Prohibited Human Interaction: We do not allow humans to read restricted scope user data. There are four limited exceptions to this rule: (a) when we obtain a user's consent to read specific messages (for example, for tech support), (b) it's necessary for security purposes (for example, investigating abuse), (c) to comply with applicable laws, and (d) we aggregate and anonymize the data and only use it for internal operations (for example, reporting aggregate statistics in an internal dashboard).

What data are you requesting, and why?

We collect and use your personal information to provide you with the expected features and functionality of the Service and respond to customer service requests. We retain your personal information only as long as reasonably necessary for the purposes described in this Privacy Policy. Please be aware that we may also be required to retain your personal information for legal and accounting reasons.

If you correspond with us by email, we may retain the content of your email messages and our responses so that we can provide you with better customer service. Cardbox uses several 3rd-party services to provide functionality, described below.


Trello, an Atlassian product, is available at With your express permission we collect identifiers related to your Trello account, necessary to access the Trello API service to provide functionality of Cardbox. By using Trello you agree to the Atlassian service agreements available at


Gmail, a Google service, is available at With your express permission, we collect identifiers and access tokens related to your Gmail account, necessary to access the Google API Service and provide functionality of Cardbox.

Other than identifiers, which are stored on our service, Google API Service data is retrieved in direct response to a user request and never stored in our application database. We reserve the right to implement temporary, short-term storage of Google API Service responses for improved performance, a technique known as "caching."

You can revoke our access to your Gmail account at any time, via your Google account settings panel. You can view Google's service agreements at


Stripe is the payment processor for the Cardbox service, available at We do not store credit card data but do store a reference ID which can be used to charge the payment source you provide to Stripe. You can view Stripe's legal service agreements at

Log data

When you use the Service, our servers automatically record certain information that your web browser sends. These server logs may include information such as your web request, Internet Protocol (IP) address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information. We use this information to analyze trends, to administer the website, to track averaged users' movements around the website and to gather demographic information about our user-base as a whole.

We maintain a secure operating environment

The security of your personal information is important to us. Cardbox uses appropriate administrative, technical, and physical security measures to protect your personal information from unauthorized access, use, alteration, and disclosure. On those pages where our users can register for our service and/or log-in, we encrypt the transmission of that information using secure socket layer technology (SSL). Our application database is encrypted at rest.

We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our web site, you can email us at