Legal · Effective January 01, 2026

Privacy Policy

Last updated January 01, 2026

This Privacy Policy explains how Linecard ("Linecard," "we," "us," or "our") collects, uses, discloses, and protects personal data when you access our website at linecard.co, use our software-as-a-service platform at app.linecard.co, or otherwise interact with us (collectively, the "Service").

Linecard provides commission reconciliation, deduction recovery, and buyer intelligence software to food broker agencies. This policy applies to personal data we process as a controller in connection with the Service. Where we process personal data on behalf of our business customers as a processor, that processing is governed by our Terms of Service and, where applicable, a Data Processing Agreement with the customer.

If you do not agree with this Privacy Policy, please do not use the Service.

1. Summary

This summary is provided for convenience and does not replace the full policy below.

2. Scope and Roles

2.1 Service Visitors and Account Holders

For visitors to linecard.co and individuals who create or administer Linecard accounts (such as agency owners and administrators), Linecard acts as a data controller under the EU and UK General Data Protection Regulation ("GDPR" and "UK GDPR") and as a business under the California Consumer Privacy Act, as amended ("CCPA").

2.2 Customer Data

When our business customers upload data to the Service in the course of using it — including commission statements, deduction records, and buyer contact records — Linecard acts as a data processor (or service provider under the CCPA) on behalf of the customer, which is the controller of that data. Customers are responsible for the lawfulness of the data they upload, for providing notice to data subjects where required, and for responding to data subject requests relating to that data. This Privacy Policy describes our practices as a processor in Section 9.

2.3 Out of Scope

This policy does not cover:

3. Personal Data We Collect

3.1 Information You Provide

Account information. When you register, we collect your name, business email address, password (stored only in hashed form), company name, role or job title, and, optionally, phone number.

Subscription and billing information. When you subscribe, our payment processor collects billing name, billing address, country, tax identification number (where applicable), and payment method details. We receive a limited subset of this information — including plan, subscription status, billing country, last four digits of the payment card, and transaction identifiers — to manage your subscription. We do not store full payment card numbers, security codes, or bank account details.

Customer Data. When you use the Service, you upload or generate content that may include personal data of your employees, contractors, manufacturer contacts, and buyer contacts. We process this data on your behalf in accordance with Section 9.

Support and communications. When you contact us by email, in-app chat, or any other channel, we collect the contents of your communication and any information you choose to provide.

Marketing and event interactions. If you subscribe to our mailing list, request a demo, or attend an event we host or sponsor, we collect the information you provide for that purpose.

3.2 Information Collected Automatically

Usage data. Pages visited, features used, actions taken in the Service, referring URLs, search terms entered within the Service, and session timestamps.

Device and connection data. IP address, browser type and version, operating system, device identifiers, language settings, time zone, and approximate geographic location derived from IP address.

Cookies and similar technologies. See Section 11.

Log data. Server logs, error reports, and security event records generated by our infrastructure.

3.3 Information from Third Parties

Sub-processors. We receive operational data from our hosting, analytics, and payment providers as described in Section 6.

Public sources. For business development, we may collect publicly available information about prospective customers from sources such as company websites, LinkedIn, and trade publications.

Single sign-on providers. If you authenticate using a third-party identity provider, we receive the identity attributes that provider shares with us in accordance with your authorization.

3.4 Sensitive Personal Data

We do not request, and the Service is not designed to receive, special categories of personal data under GDPR (such as health, biometric, or genetic data) or sensitive personal information under the CCPA. You should not upload such data to the Service.

4. How We Use Personal Data

We use personal data for the following purposes:

We will not use personal data for any materially different purpose without providing you with notice and, where required, obtaining your consent.

5. Legal Bases for Processing (EEA, UK, and Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 GDPR:

PurposeLegal basis
Providing and operating the Service to account holdersPerformance of a contract (Art. 6(1)(b))
Processing subscription paymentsPerformance of a contract (Art. 6(1)(b))
Improving the Service, product analytics, security monitoringLegitimate interests (Art. 6(1)(f))
Sending marketing communicationsConsent (Art. 6(1)(a)) or legitimate interests where permitted
Complying with tax, accounting, and other legal obligationsLegal obligation (Art. 6(1)(c))
Establishing, exercising, or defending legal claimsLegitimate interests (Art. 6(1)(f))

Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. You may request further information about this assessment by contacting privacy@linecard.co.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

6. How We Share Personal Data

We share personal data only as described below. We do not sell personal data, and we do not share personal data for cross-context behavioral advertising.

6.1 Sub-processors

We share personal data with the following categories of sub-processors, each bound by written agreements requiring them to process data only on our instructions and to maintain appropriate security:

Sub-processorFunctionLocation of processing
Paddle.com Market LtdMerchant of Record, payment processing, billing, tax remittanceUnited Kingdom, European Union
Supabase, Inc.Database, authentication, and storage hostingUnited States, European Union
Vercel Inc.Application hosting and content deliveryUnited States, European Union
Anthropic, PBCAI processing for reconciliation and extraction featuresUnited States
Email and analytics providers (transactional email, product analytics)Transactional email delivery, usage analyticsUnited States, European Union

A current list of sub-processors and their roles is maintained at linecard.co/sub-processors. We will provide reasonable advance notice of changes to enable customers to object to the appointment of a new sub-processor where required by a Data Processing Agreement.

6.2 Business Transfers

If Linecard is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal data may be transferred as part of that transaction. We will require any acquirer to honor this Privacy Policy in respect of transferred data, and we will notify affected individuals where required by law.

6.3 Legal and Safety Disclosures

We may disclose personal data when we believe in good faith that disclosure is necessary to:

Where legally permitted, we will give affected customers reasonable advance notice of compelled disclosures so they may seek a protective order.

6.4 With Your Direction or Consent

We may share personal data with third parties at your direction or with your consent — for example, when you authorize a third-party integration to access your account.

6.5 Aggregated and De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you for any lawful purpose, including marketing, research, and product improvement.

7. International Data Transfers

Linecard operates from Pakistan, and our sub-processors operate primarily in the United States, the United Kingdom, and the European Union. When personal data is transferred from the EEA, UK, or Switzerland to a country that has not received an adequacy decision from the relevant authority, we rely on appropriate safeguards, including:

You may request a copy of the safeguards in place for a specific transfer by contacting privacy@linecard.co.

8. Data Retention

We retain personal data only as long as necessary for the purposes set out in this policy or as required by law.

CategoryRetention period
Account data (active accounts)While the account is active
Account data (closed accounts)Up to 90 days after account closure, then deleted or anonymized
Customer DataFor the duration of the subscription; available for export for 30 days after termination, then deleted
Billing and transaction recordsAs required by applicable tax and accounting laws (typically 7 years)
Support communicationsUp to 3 years from the date of the communication
Marketing dataUntil you unsubscribe or object, plus a reasonable suppression period
Security and audit logsUp to 2 years, longer where required for incident investigation or legal proceedings

We may retain personal data for longer periods where required by law or where reasonably necessary to establish, exercise, or defend legal claims.

9. Customer Data Processed on Behalf of Customers

When you upload content to the Service in the course of using it, you act as the controller of any personal data contained in that content, and Linecard acts as a processor. In that capacity:

If you are a data subject whose personal data has been uploaded to the Service by one of our customers (for example, as a buyer contact in a CRM), please contact that customer directly to exercise your rights. We will refer such requests to the relevant customer and support them in responding.

10. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights in relation to your personal data:

10.1 How to Exercise Your Rights

To make a request, email privacy@linecard.co from the address associated with your account or include sufficient information for us to verify your identity. We will respond within the timeframes required by applicable law (typically 30 days under GDPR, 45 days under the CCPA), and we may extend that period where permitted.

We may decline a request, in whole or in part, where an exception applies under applicable law — for example, where granting the request would adversely affect the rights of others or where retention is required by law. We will explain the reason for any refusal.

10.2 Authorized Agents

California residents may designate an authorized agent to make a request on their behalf. We will require verification of the agent's authority and of the resident's identity.

10.3 Shine the Light

California residents may request information about our disclosure of personal information to third parties for those parties' direct marketing purposes in the preceding calendar year. We do not currently make such disclosures.

11. Cookies and Tracking Technologies

11.1 What We Use

We and our service providers use the following categories of cookies and similar technologies:

We do not use advertising cookies, and we do not allow third parties to use the Service for cross-context behavioral advertising.

11.2 Your Choices

You can manage non-essential cookies through the cookie preferences available on linecard.co or through your browser settings. Disabling strictly necessary cookies will prevent parts of the Service from working correctly.

11.3 Do Not Track

Because there is no industry standard for interpreting "Do Not Track" signals, we do not currently respond to them. We honor the Global Privacy Control (GPC) signal as an opt-out of sale and sharing where applicable, even though we do not sell or share personal data as those terms are defined under the CCPA.

12. Security

We maintain administrative, technical, and physical safeguards designed to protect personal data, including:

No security program can guarantee absolute security. You are responsible for safeguarding your account credentials and for notifying us at security@linecard.co of any suspected unauthorized access or use.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals, in accordance with applicable law.

13. Children's Privacy

The Service is a business-to-business product intended for use by professionals aged 18 or older. We do not direct the Service to children, and we do not knowingly collect personal data from anyone under 16 (or under the higher minimum age established by local law). If you believe we have collected personal data from a child, please contact privacy@linecard.co so we can take appropriate action.

14. Automated Decision-Making

The Service uses automated processing, including artificial intelligence, to assist with tasks such as extracting data from commission statements and identifying potentially recoverable deductions. These outputs are intended as decision support and are presented to users for review; they do not produce legal or similarly significant effects on individuals without human involvement. You are responsible for verifying outputs before acting on them.

We do not engage in automated decision-making that produces legal or similarly significant effects on data subjects within the meaning of Article 22 GDPR.

15. Marketing Communications

We send marketing communications only where permitted by law. You can opt out at any time by using the unsubscribe link in the message, by updating your communication preferences in your account, or by contacting privacy@linecard.co. Transactional messages relating to your account, billing, and security are not marketing and will continue to be sent for as long as the Service is provided.

16. Third-Party Services and Links

The Service may contain links to third-party websites, plugins, or applications. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy notices of any third-party services you use.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by email to the account's primary contact address and by in-app notification at least 14 days before the changes take effect, and we will update the "Last updated" date at the top of this policy. Non-material changes may take effect immediately upon posting.

Your continued use of the Service after the effective date constitutes acceptance of the updated policy. If you do not agree with a change, you may close your account in accordance with our Terms of Service.

18. How to Contact Us

For privacy-related questions, requests, or complaints:

If you are located in the EEA or the UK and have an unresolved concern, you also have the right to lodge a complaint with your local data protection authority.