This Privacy Policy describes how noname.cards (“we”, “us”, “our”) collects, uses, shares, and safeguards personal data when you use our Site, dashboard, API, cards, and related services (collectively, the “Services”).
By creating an account, using our cards (virtual or physical), integrating our API/SDKs, or interacting with us, you acknowledge this Policy.
We provide multi‑currency virtual and physical cards, with top‑ups via crypto. We also offer team access controls, 3‑D Secure, Apple Pay / Google Pay provisioning, reporting exports, and an API for platforms/partners (including white‑label programs).
1. Who we are & scope
For this Policy, noname.cards refers to the service operated at https://noname.cards. This Policy applies to personal data processed in connection with our Services, including compliance onboarding, card issuance, payments, top‑ups, and partner integrations.
2. Data we collect
2.1. Data you provide
- Registration: name, email, password (hashed), optional messenger handles.
- Verification (AML/CTF): mobile number, ID document images/data, proof of address, source‑of‑funds documents; liveness checks and selfie images (biometrics processed by our verification vendor per your consent where required).
- Payments & top‑ups: bank details, payment references.
- Support & sales: messages, attachments, ticket metadata, call recordings where permitted.
-
2.2. Data we generate or collect automatically
- Account & transaction data: wallet balances, card metadata (BIN, last 4), merchants, timestamps, amounts, currency, card‑present/not‑present attributes, authorization/clearing outcomes, chargebacks and disputes.
- Crypto top‑ups: blockchain addresses you use, transaction hashes, network, amounts, risk scores from blockchain analytics providers.
- Device & usage: IP address, device IDs, OS, browser, language, time zone, login logs, app telemetry, API usage (keys, endpoints, rate/latency, error codes).
- Security & abuse: signals for fraud and compliance (velocity checks, sanctions screening hits, card network alerts, rule‑based/ML risk scores).
2.3. Data from third parties
Issuers, card program managers, card networks, acquirers, payment processors, banks, AML/CTF providers, sanctions/PEP lists, blockchain analytics, address verification, and publicly available sources (e.g., company registers).
3. Why we process data (purposes & legal bases)
We process personal data only where a lawful basis exists:
- Contract (Art. 6(1)(b) GDPR): provide the Services; onboard your account; issue and manage cards; process top‑ups, payments, refunds and chargebacks; enable Apple Pay / Google Pay; operate dashboards and APIs; provide support.
- Legal obligations (Art. 6(1)(c)): AML/CTF, sanctions screening, accounting/tax, court or supervisory requests.
- Legitimate interests (Art. 6(1)(f)): secure the platform; detect/prevent fraud and misuse; improve features and reliability; maintain logs; moderate abuse; protect our rights; B2B communications with existing customers. We balance these interests against your rights.
- Consent (Art. 6(1)(a)): cookies/analytics/marketing; liveness/biometric processing by verification vendors where required; certain optional integrations. You can withdraw consent at any time.
We do not use third‑party behavioral advertising cookies without your opt‑in.
4. Automated decisions & profiling
We use automated systems to assess risk (e.g., transaction scoring, sanctions screening). Decisions with legal or similarly significant effects are subject to human review and appeal.
5. Sharing & disclosures
We share data with:
- Card & payments infrastructure: issuers, program managers, card networks, processors, acquirers, 3‑D Secure providers, tokenization wallets (Apple/Google), and banks (SWIFT/SEPA/wire).
- Compliance & security: AML/CTF providers, sanctions/PEP screening, blockchain analytics, fraud prevention vendors.
- Hosting & tooling: cloud, storage, logging/monitoring, analytics (on a consent basis for analytics cookies).
- Corporate programs: white‑label/embedded partners and platforms you connect to; we process cardholder data under a data processing/addendum framework where applicable.
- Authorities: where required by law or to protect rights, safety, or the integrity of the Services.
- Business transfers: as part of a merger, acquisition, financing, or sale of assets, subject to safeguards.
We do not sell personal data.
6. International data transfers
We may transfer data outside your jurisdiction. Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses) and assess local laws. Copies of relevant safeguards can be requested.
7. Security
We apply administrative, technical and organizational measures, including encryption in transit, access controls, network segregation, vulnerability management, and PCI‑DSS–aligned controls for card data handled by our program partners. Access to data is role‑based and logged.
8. Retention
We retain personal data for as long as needed for the purposes above:
- core account and transaction records: for the life of the account, then 5 years (or longer as required by AML/CTF or tax laws);
- support tickets and logs: typically 2–3 years;
- cookies/analytics: per your consent and cookie lifetimes.
9. Your rights
Subject to law, you may request access, rectification, erasure, restriction, portability, or object to certain processing. Where processing is based on consent, you may withdraw consent at any time. We will verify your identity and respond within statutory timeframes. You also have the right to lodge a complaint with a supervisory authority.
10. Children
The Services are for individuals 18+. We do not knowingly process children’s data.
11. Cookies
See our Cookie Policy for details and choices.
12. Changes
We will post updates to this Policy and indicate the “Last updated” date. Material changes may be notified via email or in‑product notice.
13. Contact
For privacy questions or to exercise your rights: info.nonfinance@gmail.com