This Privacy Policy explains how Linecard ("Linecard," "we," "us," or "our") collects, uses, discloses, and protects personal data when you access our website at linecard.co, use our software-as-a-service platform at app.linecard.co, or otherwise interact with us (collectively, the "Service").
Linecard provides commission reconciliation, deduction recovery, and buyer intelligence software to food broker agencies. This policy applies to personal data we process as a controller in connection with the Service. Where we process personal data on behalf of our business customers as a processor, that processing is governed by our Terms of Service and, where applicable, a Data Processing Agreement with the customer.
1. Summary
This summary is provided for convenience and does not replace the full policy below.
- Who we are: Linecard, a B2B SaaS provider for food broker agencies.
- What we collect: Account information, billing metadata, content you upload to the Service, usage and device data, and support communications.
- Why we collect it: To provide and operate the Service, process payments, communicate with you, improve our product, and meet legal obligations.
- Who we share it with: Sub-processors that help us run the Service (payment processor, hosting, AI provider, email, analytics), and authorities where legally required. We do not sell personal data.
- Your rights: Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to processing. Contact privacy@linecard.co to exercise them.
- Where data is held: Primarily in the United States and the European Union, with appropriate safeguards for international transfers.
2. Scope and Roles
2.1 Service Visitors and Account Holders
For visitors to linecard.co and individuals who create or administer Linecard accounts (such as agency owners and administrators), Linecard acts as a data controller under the EU and UK General Data Protection Regulation ("GDPR" and "UK GDPR") and as a business under the California Consumer Privacy Act, as amended ("CCPA").
2.2 Customer Data
When our business customers upload data to the Service in the course of using it — including commission statements, deduction records, and buyer contact records — Linecard acts as a data processor (or service provider under the CCPA) on behalf of the customer, which is the controller of that data. Customers are responsible for the lawfulness of the data they upload, for providing notice to data subjects where required, and for responding to data subject requests relating to that data. This Privacy Policy describes our practices as a processor in Section 9.
2.3 Out of Scope
This policy does not cover:
- third-party websites, products, or services that you may access through links in the Service;
- the handling of payment card details, which is performed by our payment processor (see Section 5); or
- data processed under a separate written agreement that expressly supersedes this policy.
3. Personal Data We Collect
3.1 Information You Provide
Account information. When you register, we collect your name, business email address, password (stored only in hashed form), company name, role or job title, and, optionally, phone number.
Subscription and billing information. When you subscribe, our payment processor collects billing name, billing address, country, tax identification number (where applicable), and payment method details. We receive a limited subset of this information — including plan, subscription status, billing country, last four digits of the payment card, and transaction identifiers — to manage your subscription. We do not store full payment card numbers, security codes, or bank account details.
Customer Data. When you use the Service, you upload or generate content that may include personal data of your employees, contractors, manufacturer contacts, and buyer contacts. We process this data on your behalf in accordance with Section 9.
Support and communications. When you contact us by email, in-app chat, or any other channel, we collect the contents of your communication and any information you choose to provide.
Marketing and event interactions. If you subscribe to our mailing list, request a demo, or attend an event we host or sponsor, we collect the information you provide for that purpose.
3.2 Information Collected Automatically
Usage data. Pages visited, features used, actions taken in the Service, referring URLs, search terms entered within the Service, and session timestamps.
Device and connection data. IP address, browser type and version, operating system, device identifiers, language settings, time zone, and approximate geographic location derived from IP address.
Cookies and similar technologies. See Section 11.
Log data. Server logs, error reports, and security event records generated by our infrastructure.
3.3 Information from Third Parties
Sub-processors. We receive operational data from our hosting, analytics, and payment providers as described in Section 6.
Public sources. For business development, we may collect publicly available information about prospective customers from sources such as company websites, LinkedIn, and trade publications.
Single sign-on providers. If you authenticate using a third-party identity provider, we receive the identity attributes that provider shares with us in accordance with your authorization.
3.4 Sensitive Personal Data
We do not request, and the Service is not designed to receive, special categories of personal data under GDPR (such as health, biometric, or genetic data) or sensitive personal information under the CCPA. You should not upload such data to the Service.
4. How We Use Personal Data
We use personal data for the following purposes:
- To provide the Service: create and authenticate accounts; deliver platform functionality; process and reconcile commission statements; generate analytics, reports, and notifications; and provide customer support.
- To process subscriptions: manage plans, billing, renewals, cancellations, and tax compliance through our payment processor.
- To communicate with you: send transactional messages relating to your account, billing, security, and the Service; respond to inquiries; and, with consent or where permitted, send product updates and marketing communications.
- To improve the Service: analyze usage to understand how customers use features, identify bugs, develop new functionality, and measure the effectiveness of communications.
- To ensure security and prevent abuse: monitor for fraudulent, unauthorized, or unlawful activity; investigate security incidents; enforce our Terms of Service; and protect the rights, property, and safety of Linecard, our customers, and others.
- To comply with legal obligations: meet tax, accounting, anti-money-laundering, and other regulatory requirements; respond to lawful requests from authorities; and establish, exercise, or defend legal claims.
We will not use personal data for any materially different purpose without providing you with notice and, where required, obtaining your consent.
5. Legal Bases for Processing (EEA, UK, and Switzerland)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 GDPR:
| Purpose | Legal basis |
|---|---|
| Providing and operating the Service to account holders | Performance of a contract (Art. 6(1)(b)) |
| Processing subscription payments | Performance of a contract (Art. 6(1)(b)) |
| Improving the Service, product analytics, security monitoring | Legitimate interests (Art. 6(1)(f)) |
| Sending marketing communications | Consent (Art. 6(1)(a)) or legitimate interests where permitted |
| Complying with tax, accounting, and other legal obligations | Legal obligation (Art. 6(1)(c)) |
| Establishing, exercising, or defending legal claims | Legitimate interests (Art. 6(1)(f)) |
Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. You may request further information about this assessment by contacting privacy@linecard.co.
Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
6. How We Share Personal Data
We share personal data only as described below. We do not sell personal data, and we do not share personal data for cross-context behavioral advertising.
6.1 Sub-processors
We share personal data with the following categories of sub-processors, each bound by written agreements requiring them to process data only on our instructions and to maintain appropriate security:
| Sub-processor | Function | Location of processing |
|---|---|---|
| Paddle.com Market Ltd | Merchant of Record, payment processing, billing, tax remittance | United Kingdom, European Union |
| Supabase, Inc. | Database, authentication, and storage hosting | United States, European Union |
| Vercel Inc. | Application hosting and content delivery | United States, European Union |
| Anthropic, PBC | AI processing for reconciliation and extraction features | United States |
| Email and analytics providers (transactional email, product analytics) | Transactional email delivery, usage analytics | United States, European Union |
A current list of sub-processors and their roles is maintained at linecard.co/sub-processors. We will provide reasonable advance notice of changes to enable customers to object to the appointment of a new sub-processor where required by a Data Processing Agreement.
6.2 Business Transfers
If Linecard is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal data may be transferred as part of that transaction. We will require any acquirer to honor this Privacy Policy in respect of transferred data, and we will notify affected individuals where required by law.
6.3 Legal and Safety Disclosures
We may disclose personal data when we believe in good faith that disclosure is necessary to:
- comply with a legal obligation, court order, or lawful request from a government authority;
- enforce our Terms of Service or other agreements;
- detect, prevent, or address fraud, security, or technical issues; or
- protect the rights, property, or safety of Linecard, our customers, or others.
Where legally permitted, we will give affected customers reasonable advance notice of compelled disclosures so they may seek a protective order.
6.4 With Your Direction or Consent
We may share personal data with third parties at your direction or with your consent — for example, when you authorize a third-party integration to access your account.
6.5 Aggregated and De-identified Information
We may share aggregated or de-identified information that cannot reasonably be used to identify you for any lawful purpose, including marketing, research, and product improvement.
7. International Data Transfers
Linecard operates from Pakistan, and our sub-processors operate primarily in the United States, the United Kingdom, and the European Union. When personal data is transferred from the EEA, UK, or Switzerland to a country that has not received an adequacy decision from the relevant authority, we rely on appropriate safeguards, including:
- the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, supplemented where appropriate by technical and organizational measures;
- adequacy decisions where applicable to the receiving country; and
- other lawful transfer mechanisms as they become available.
You may request a copy of the safeguards in place for a specific transfer by contacting privacy@linecard.co.
8. Data Retention
We retain personal data only as long as necessary for the purposes set out in this policy or as required by law.
| Category | Retention period |
|---|---|
| Account data (active accounts) | While the account is active |
| Account data (closed accounts) | Up to 90 days after account closure, then deleted or anonymized |
| Customer Data | For the duration of the subscription; available for export for 30 days after termination, then deleted |
| Billing and transaction records | As required by applicable tax and accounting laws (typically 7 years) |
| Support communications | Up to 3 years from the date of the communication |
| Marketing data | Until you unsubscribe or object, plus a reasonable suppression period |
| Security and audit logs | Up to 2 years, longer where required for incident investigation or legal proceedings |
We may retain personal data for longer periods where required by law or where reasonably necessary to establish, exercise, or defend legal claims.
9. Customer Data Processed on Behalf of Customers
When you upload content to the Service in the course of using it, you act as the controller of any personal data contained in that content, and Linecard acts as a processor. In that capacity:
- we process Customer Data only on the documented instructions of the customer, which are set out in our Terms of Service, in any Data Processing Agreement, and in the customer's use of the Service;
- we apply the security measures described in Section 12;
- we engage sub-processors as described in Section 6.1, subject to the safeguards required by applicable law;
- we assist customers, taking into account the nature of the processing, in responding to requests from data subjects and in meeting their own obligations relating to security, breach notification, and data protection impact assessments;
- on termination or expiry of the subscription, we make Customer Data available for export for the period described in Section 8 and then delete it, unless retention is required by law; and
- we make available the information reasonably necessary to demonstrate compliance with our processor obligations.
If you are a data subject whose personal data has been uploaded to the Service by one of our customers (for example, as a buyer contact in a CRM), please contact that customer directly to exercise your rights. We will refer such requests to the relevant customer and support them in responding.
10. Your Privacy Rights
Depending on where you live, you may have some or all of the following rights in relation to your personal data:
- Access — request confirmation of whether we process your personal data and a copy of that data;
- Rectification — request correction of inaccurate or incomplete data;
- Erasure — request deletion of personal data in certain circumstances;
- Restriction — request that we limit how we process your data in certain circumstances;
- Objection — object to processing carried out on the basis of legitimate interests or for direct marketing;
- Portability — receive personal data you have provided in a structured, commonly used, machine-readable format and request transmission to another controller;
- Withdrawal of consent — where processing is based on consent;
- Non-discrimination — under the CCPA, the right not to receive discriminatory treatment for exercising your privacy rights; and
- Complaint — lodge a complaint with the supervisory authority in your jurisdiction. EEA residents can identify their authority at edpb.europa.eu; UK residents may contact the Information Commissioner's Office at ico.org.uk.
10.1 How to Exercise Your Rights
To make a request, email privacy@linecard.co from the address associated with your account or include sufficient information for us to verify your identity. We will respond within the timeframes required by applicable law (typically 30 days under GDPR, 45 days under the CCPA), and we may extend that period where permitted.
We may decline a request, in whole or in part, where an exception applies under applicable law — for example, where granting the request would adversely affect the rights of others or where retention is required by law. We will explain the reason for any refusal.
10.2 Authorized Agents
California residents may designate an authorized agent to make a request on their behalf. We will require verification of the agent's authority and of the resident's identity.
10.3 Shine the Light
California residents may request information about our disclosure of personal information to third parties for those parties' direct marketing purposes in the preceding calendar year. We do not currently make such disclosures.
11. Cookies and Tracking Technologies
11.1 What We Use
We and our service providers use the following categories of cookies and similar technologies:
- Strictly necessary cookies — required for the Service to function, including authentication and security. These cannot be disabled.
- Functional cookies — remember your preferences and settings.
- Analytics cookies — help us understand how visitors and users interact with the Service so we can improve it.
We do not use advertising cookies, and we do not allow third parties to use the Service for cross-context behavioral advertising.
11.2 Your Choices
You can manage non-essential cookies through the cookie preferences available on linecard.co or through your browser settings. Disabling strictly necessary cookies will prevent parts of the Service from working correctly.
11.3 Do Not Track
Because there is no industry standard for interpreting "Do Not Track" signals, we do not currently respond to them. We honor the Global Privacy Control (GPC) signal as an opt-out of sale and sharing where applicable, even though we do not sell or share personal data as those terms are defined under the CCPA.
12. Security
We maintain administrative, technical, and physical safeguards designed to protect personal data, including:
- encryption of data in transit using TLS;
- encryption of data at rest;
- role-based access controls and the principle of least privilege;
- multi-factor authentication for administrative access;
- audit logging and monitoring;
- regular review of access rights and security configurations;
- vendor security assessments for sub-processors handling personal data; and
- a documented incident response process.
No security program can guarantee absolute security. You are responsible for safeguarding your account credentials and for notifying us at security@linecard.co of any suspected unauthorized access or use.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals, in accordance with applicable law.
13. Children's Privacy
The Service is a business-to-business product intended for use by professionals aged 18 or older. We do not direct the Service to children, and we do not knowingly collect personal data from anyone under 16 (or under the higher minimum age established by local law). If you believe we have collected personal data from a child, please contact privacy@linecard.co so we can take appropriate action.
14. Automated Decision-Making
The Service uses automated processing, including artificial intelligence, to assist with tasks such as extracting data from commission statements and identifying potentially recoverable deductions. These outputs are intended as decision support and are presented to users for review; they do not produce legal or similarly significant effects on individuals without human involvement. You are responsible for verifying outputs before acting on them.
We do not engage in automated decision-making that produces legal or similarly significant effects on data subjects within the meaning of Article 22 GDPR.
15. Marketing Communications
We send marketing communications only where permitted by law. You can opt out at any time by using the unsubscribe link in the message, by updating your communication preferences in your account, or by contacting privacy@linecard.co. Transactional messages relating to your account, billing, and security are not marketing and will continue to be sent for as long as the Service is provided.
16. Third-Party Services and Links
The Service may contain links to third-party websites, plugins, or applications. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy notices of any third-party services you use.
17. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by email to the account's primary contact address and by in-app notification at least 14 days before the changes take effect, and we will update the "Last updated" date at the top of this policy. Non-material changes may take effect immediately upon posting.
Your continued use of the Service after the effective date constitutes acceptance of the updated policy. If you do not agree with a change, you may close your account in accordance with our Terms of Service.
18. How to Contact Us
For privacy-related questions, requests, or complaints:
Security security@linecard.co
General support@linecard.co
Legal legal@linecard.co
Linecard linecard.co
If you are located in the EEA or the UK and have an unresolved concern, you also have the right to lodge a complaint with your local data protection authority.