Privacy Notice

Last updated: 2026-05-19

This notice describes how Namecard.ai (“we,” “our”) processes personal data when you upload a business card to namecard.ai during COMPUTEX 2026 and related events. We provide it at the point of collection per GDPR Art. 13, the California CCPA notice-at-collection requirement, and Taiwan PDPA Art. 8.

1. What we collect

  • The business-card image you upload, and the OCR-extracted text (name, title, company, email, phone, website, country).
  • A random session identifier we generate in your browser, and a random persistent device identifier stored in your browser’s localStorage so we can recognise the same browser across visits. You can opt out at any time by clearing your browser’s site data for this domain, or by using your browser’s private / incognito mode. No login required.
  • For your own card only: company website data we look up to build your profile.
  • Analytics signals. Chat messages with our AI assistant, in-page clicks (chip, link and bolded-keyword taps), your browser’s reported language, device type, browser family, page referrer, and the UTM tags that brought you to the site. We read your country from the network header your CDN provides; we do not store your IP address.
  • Conversation extracts. When you mention information about yourself in chat (e.g. “I’m Aiden from Phison, looking for OEM partners”), we may automatically extract the self-described details you volunteered (name, company, role, industry, what you offer, what you’re looking for, email) into a structured record for aggregate analysis. We only extract what you volunteer about yourself; we never infer about third parties, and these extracts are never shared with other users or exhibitors.

2. Purposes of processing

  • Self cards — to generate your COMPUTEX route, exhibitor matches, and profile mirror.
  • Contact cards — to save the card to your private contacts list (visible only via your session URL).
  • Product analytics — to understand which search queries, exhibitors, pavilions and chips are useful so we can improve the matchmaker. We filter out our own staff and automated bot traffic before analysis.
  • Service operation: rate-limiting, abuse prevention, error logging.

Contact cards are not auto-included in our match pool, are not auto-emailed to the subject, and are not visible to other users. We do not use analytics signals for advertising or third-party profiling, and we do not set advertising cookies.

3. Legal bases

  • EEA / UK (GDPR) — legitimate interest in providing a business-networking service. You can object at any time.
  • California (CCPA/CPRA) — service provision; B2B exemption no longer applies, so California subjects have full rights.
  • Taiwan (PDPA) — Art. 19(1)(7) self-disclosure for self cards; legitimate b2b interest for contact cards.
  • Other jurisdictions — equivalent legitimate-interest or contract-performance bases.

4. Retention

Cards, conversation logs, interaction events, session metadata, conversation extracts, and all derived analytics data are retained for up to 24 months from collection, after which they are deleted unless you have requested earlier deletion.

Error and debug logs may inadvertently capture pieces of user-submitted content; we retain these no longer than necessary to investigate the issue, and in any case no longer than 90 days.

5. Your rights

You have the right to access, correct, delete, port, restrict, or object to processing of your personal data. To exercise any of these rights:

Email privacy@namecard.ai. We respond within 30 days.

If you uploaded a contact card and the subject (the person on the card) wants it removed, the same email applies.

6. Sharing

We do not sell personal data. We use the following processors strictly to operate the service:

  • Vercel (US) — hosting + edge functions.
  • Neon (US) — Postgres database.
  • Microsoft Azure (US) — Azure OpenAI Service for the chat assistant, response generation, and conversation extraction.
  • OpenAI / Anthropic / Google — additional LLM / OCR providers used as needed for specific operations such as business-card image processing.

7. Contact

Data controller contact: privacy@namecard.ai (routes to tech@namecard.ai, monitored throughout COMPUTEX).