CardIQ Privacy Policy
Last updated: June 7, 2026
CardIQ is designed to help companies manage digital identities, employee cards, and public QR profiles in a structured way, with reasonable privacy and security controls. This policy explains how we may handle company, employee, and service-related data.
1. Who we are
CardIQ is a smart business identity and digital card product by Barmageyat. CardIQ serves company admins, employees, and people who interact through public profiles or lead forms.
2. Data CardIQ may store
Depending on company configuration and service use, we may store the following types of data:
- Company details such as company name, branding details, plan, settings, and company admin information.
- Employee profile details such as name, job title, department, email, phone, photo, social links, and active/deactivated status.
- QR, vCard, and public profile link data used to display or share digital card information.
- Leads or messages submitted from employee public profile contact forms when the company enables this feature.
- Company contacts and data managed through CardIQ lead or contact features.
- API usage data and operational metadata such as request time, related company, request status, or similar information needed for operations and security.
- Audit logs and important activity records that support review, accountability, investigation, and security improvement.
- Uploaded files such as company logos, employee photos, and images used for branding or card display.
3. How we use data
We use data to operate CardIQ and provide its features to companies and employees, including:
- Creating and managing digital business cards and employee public profiles.
- Supporting employee identity verification and helping companies manage official digital identities.
- Generating QR profile links and vCards, and enabling contact-detail downloads.
- Operating lead capture and contact messages from public profiles when enabled.
- Managing company contacts and lead-related data.
- Providing email signatures, templates, branding, and analytics available under the company plan.
- Applying security and audit controls, preventing misuse, troubleshooting, and supporting customers.
4. Company control and offboarding
Company admins control employee data and digital cards within the company workspace. They can manage employee profiles, update published information, or deactivate an employee digital identity after offboarding or role changes, helping reduce use of outdated company-facing details.
5. Data isolation and access control
CardIQ is designed so each company’s data is scoped to that company, and access is controlled by role and permission. This helps ensure users only see data they are authorized to manage, such as their company workspace or assigned employee profiles.
6. Public profile visibility
Data shown on a public QR profile is visible to anyone who has the link or scans the QR code. Only data intentionally published on an employee public profile is visible publicly. Companies and employees should publish only information they want to share through the card or QR profile.
7. Uploads and images
Uploaded logos, images, and files are used for branding and profile/card display, such as company logos, employee photos, and design images. Companies and users should upload only files they have the right to use.
8. Data sharing and service providers
We do not sell personal data. Data may be processed by hosting, email, infrastructure, analytics, security, support, or other service providers as needed to operate and support CardIQ, using controls appropriate for the service.
9. Security controls
CardIQ uses reasonable security controls designed to help protect company and employee data. These controls may include role-based access control, CSRF protection, rate limiting for requests or login attempts, hashed API keys instead of plain-text secrets, protected uploads, audit logging, and continuous security review.
10. AI-assisted security review
CardIQ may use AI-assisted tools to review source code and identify security improvement areas. These tools are used as part of continuous improvement with human review, and this does not mean the service is guaranteed to be free from all risk.
11. Data Retention and Deletion
CardIQ retains company, employee, lead, contact, audit, and usage data only as needed to provide the service, support security, maintain operational records, and meet customer or legal requirements. Company administrators may deactivate employee digital identities when employees leave. Customers may contact CardIQ/Barmageyat to request data review, correction, export, or deletion where applicable. Data requests are subject to operational, contractual, and legal requirements.
12. User rights and requests
Employees, users, or company admins may request access, correction, deactivation, or deletion of relevant data, subject to company admin controls and applicable legal, security, or retention requirements.
13. Contact
For privacy or data questions, customers can contact CardIQ / Barmageyat by email: info@barmageyat.net.