Legal
Privacy Policy
How Phase Systems collects, uses, and protects data for accounts, digital cards, leads, and analytics.
Last updated 16 May 2026
Overview
Phase Systems ("we", "us") provides software for digital business cards, team workspaces, lead capture, and analytics. This Privacy Policy explains what we collect, why we collect it, and the choices you have. It applies to visitors of our marketing site, account holders, and people who interact with published card pages.
Roles
For account and billing data, we act as a data controller. When you use lead forms and analytics on your cards, you decide what to collect from visitors — you are typically the controller for that visitor data, and we process it on your behalf as a processor to deliver the Service.
Information we collect
Account & authentication
- Email address, password hash, and profile details you provide.
- OAuth identifiers if you sign in with Apple or Google.
- Team membership, roles, and workspace configuration.
Card & profile content
- Names, job titles, photos, links, and branding you publish on digital cards.
- Public card URLs and NFC/QR configuration metadata.
Leads
- Information submitted through lead capture forms (e.g. name, email, phone, message) as configured by the card owner.
Analytics & technical data
- Engagement events such as profile views, taps, saves, and form submissions.
- Device/browser signals, timestamps, and referrer information needed to operate analytics.
- Server logs, cookies, and security-related data for authentication and abuse prevention.
Billing
- Subscription status and Stripe customer identifiers (payment card details are handled by Stripe, not stored by us).
How we use information
- Provide, secure, and improve the Service.
- Authenticate users and enforce team permissions.
- Deliver leads to the correct workspace inbox and display analytics to authorized users.
- Send transactional email (e.g. invitations, security, billing notices) via our email provider.
- Comply with law and respond to lawful requests.
We do not sell personal information.
Sharing & subprocessors
We use trusted providers to run the Service, including:
- Supabase — authentication, database, and storage.
- Stripe — subscription billing.
- Resend — transactional email delivery.
- Vercel — application hosting.
Providers process data under contractual obligations appropriate to their role. Public card pages are accessible to anyone with the link, as intended by the card owner.
Retention
We retain account and workspace data while your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and maintain backups. You may request deletion of your account by contacting us. Lead and analytics retention follows your plan and operational needs; you can export or delete leads from the dashboard where available.
Security
We use industry-standard measures including encryption in transit, access controls, and isolated production environments. No method of transmission or storage is completely secure; please use strong passwords and limit team access appropriately.
Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, or port personal data, and to object to certain processing. UK and EEA users may also lodge a complaint with a supervisory authority. To exercise rights, contact team@phasesystems.co.uk. We will verify requests before responding.
International transfers
Our infrastructure providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards such as standard contractual clauses.
Children
The Service is not directed to children under 16, and we do not knowingly collect their personal information.
Changes
We may update this policy. The "Last updated" date will change when we do. Material changes may be communicated in-product or by email.
Contact
Phase Systems — team@phasesystems.co.uk
See also our Terms of Service.
Questions? team@phasesystems.co.uk · Back to home