Privacy Policy

CardIQ Privacy Policy

Last updated: June 7, 2026

CardIQ is designed to help companies manage digital identities, employee cards, and public QR profiles in a structured way, with reasonable privacy and security controls. This policy explains how we may handle company, employee, and service-related data.

1. Who we are

CardIQ is a smart business identity and digital card product by Barmageyat. CardIQ serves company admins, employees, and people who interact through public profiles or lead forms.

2. Data CardIQ may store

Depending on company configuration and service use, we may store the following types of data:

3. How we use data

We use data to operate CardIQ and provide its features to companies and employees, including:

4. Company control and offboarding

Company admins control employee data and digital cards within the company workspace. They can manage employee profiles, update published information, or deactivate an employee digital identity after offboarding or role changes, helping reduce use of outdated company-facing details.

5. Data isolation and access control

CardIQ is designed so each company’s data is scoped to that company, and access is controlled by role and permission. This helps ensure users only see data they are authorized to manage, such as their company workspace or assigned employee profiles.

6. Public profile visibility

Data shown on a public QR profile is visible to anyone who has the link or scans the QR code. Only data intentionally published on an employee public profile is visible publicly. Companies and employees should publish only information they want to share through the card or QR profile.

7. Uploads and images

Uploaded logos, images, and files are used for branding and profile/card display, such as company logos, employee photos, and design images. Companies and users should upload only files they have the right to use.

8. Data sharing and service providers

We do not sell personal data. Data may be processed by hosting, email, infrastructure, analytics, security, support, or other service providers as needed to operate and support CardIQ, using controls appropriate for the service.

9. Security controls

CardIQ uses reasonable security controls designed to help protect company and employee data. These controls may include role-based access control, CSRF protection, rate limiting for requests or login attempts, hashed API keys instead of plain-text secrets, protected uploads, audit logging, and continuous security review.

How Your Data Is Secured

10. AI-assisted security review

CardIQ may use AI-assisted tools to review source code and identify security improvement areas. These tools are used as part of continuous improvement with human review, and this does not mean the service is guaranteed to be free from all risk.

11. Data Retention and Deletion

CardIQ retains company, employee, lead, contact, audit, and usage data only as needed to provide the service, support security, maintain operational records, and meet customer or legal requirements. Company administrators may deactivate employee digital identities when employees leave. Customers may contact CardIQ/Barmageyat to request data review, correction, export, or deletion where applicable. Data requests are subject to operational, contractual, and legal requirements.

12. User rights and requests

Employees, users, or company admins may request access, correction, deactivation, or deletion of relevant data, subject to company admin controls and applicable legal, security, or retention requirements.

13. Contact

For privacy or data questions, customers can contact CardIQ / Barmageyat by email: info@barmageyat.net.