Last updated: July 1, 2026
My Card Post, LLC (“Company,” “we,” “us,” “our”) operates the website www.mycardpost.com and our iOS and Android applications (the “Platform”). This Privacy Policy explains what personal information we collect, how we use and share it, your rights, and how we protect it. It applies to users in the United States and Canada.
By using the Platform you acknowledge this Privacy Policy. Where required by law, we rely on your consent or another lawful basis as described below.
Table of Contents
You provide:
Collected automatically:
Payment data: Subscription payments are collected and processed directly by Stripe. Marketplace payments are processed by PayPal. We do not collect or store full card numbers.
2.1. To promote trust and safety, we offer optional identity verification through Persona Identities, Inc. (“Persona”).
2.2. Persona performs the verification end to end. Persona collects and processes any government-issued ID, photo/selfie, and biometric identifiers (such as facial geometry) directly, under Persona’s own privacy policy and terms.
2.3. What the Company receives. We receive only a verification result (verified / not verified) and basic status information. We do not collect, view, or store your government ID or biometric data, and we do not sell it.
2.4. Your rights and choices regarding biometric and ID data — including consent and deletion — are governed primarily by Persona’s policies. We encourage you to review them before verifying.
We use information to:
Legal bases (where required, e.g., Canada/Quebec): performance of our contract with you, your consent (e.g., marketing), our legitimate interests (security, fraud prevention, product improvement, marketplace integrity), and legal obligations.
Between users: Shipping address is shared with the counterparty after payment. Public profile, messages to recipients, public reviews, listings, Feed posts, and Leaderboard data are visible as designed by the Platform.
Service providers: We share information with third-party providers who help us operate the Platform, limited to what they need to perform their services. These include:
Change of ownership: In the event of a merger, acquisition, or sale of assets, your information may transfer to the acquiring entity. We will notify you of any such change.
Legal and protective disclosures: We may disclose information to comply with applicable law, respond to legal process, enforce our Terms of Service, investigate potential violations, prevent fraud, or protect the rights and safety of our users and the public.
We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes. We may use cookies and pixels from third-party analytics and advertising providers (including Meta) on our Platform; you can opt out as described in Section 7.
Depending on your state of residence, you may have the right to:
How to exercise your rights: Submit a request to privacy@mycardpost.com. We will verify your identity before responding and will respond within the timeframe required by your state’s law (generally 45 days, extendable once). An authorized agent may submit a request on your behalf with appropriate documentation.
California “Shine the Light”: California residents may request information about any disclosures of personal information to third parties for their own direct marketing purposes during the prior calendar year.
Global Privacy Control: We honor Global Privacy Control (GPC) opt-out signals as required by California law. Because we do not sell or share personal information for targeted advertising, a GPC signal will be noted but has no additional practical effect beyond our standard practices.
6.1. PIPEDA. Canadian users may access and request correction of their personal information and may withdraw consent subject to legal and contractual limits. We collect, use, and disclose personal information for the purposes described in this policy and obtain consent as required.
6.2. Quebec (Law 25). If you reside in Quebec, additional rights apply, including data portability and rights regarding automated decision-making. Our Privacy Officer is reachable at privacy@mycardpost.com. We will report confidentiality incidents as required by law.
6.3. CASL. We send commercial electronic messages to Canadian users only with consent and always include sender identification and an unsubscribe mechanism.
We use cookies and similar technologies for essential functionality, analytics, and advertising. These include:
You can control cookies through your browser settings. Where required by law, we present a consent notice. We honor Global Privacy Control (GPC) opt-out signals as required by California law.
We use industry-standard measures to protect your personal information, including restricting staff access on a need-to-know basis and relying on certified third-party processors (Stripe, PayPal) for sensitive payment data so we do not store card details ourselves. No method of electronic transmission or storage is 100% secure.
In the event of a data breach affecting your personal information, we will notify affected users and applicable regulators as required by US state and Canadian law.
| Data type | Retention | Reason |
|---|---|---|
| Account and profile data | Deleted within 72 hours of a verified Account Deletion Request, subject to exceptions below | Operate the account |
| Transaction records (names, contact details, shipping addresses shared in completed deals) | Retained indefinitely | Support counterparty’s legitimate interests in completed transactions |
| Subscription and billing records | ~7 years | Tax and financial recordkeeping (held with Stripe) |
| Identity verification result (pass/fail) | Life of the account | Trust and safety |
| Private messages and shared images | Life of the account; accessible by MCP staff for integrity and safety purposes | Marketplace integrity and dispute resolution |
| Support communications | ~2–3 years | Service quality and dispute history |
| Logs, device, and analytics data | ~12–24 months | Security, fraud prevention, product improvement |
Account Deletion Requests. MCP accounts remain active on our free plan indefinitely unless you submit a verified Account Deletion Request to privacy@mycardpost.com. Canceling a paid subscription downgrades your account to the free plan and does not constitute account deletion. Upon receiving a verified request, we will permanently delete your account and associated personal information within 72 hours, except as described below.
Exceptions to deletion. We may retain or delay processing of your personal information where:
Our Platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies.
We do not permit individuals under 18 to register their own accounts. A parent or legal guardian may register and manage a parent-managed account for a minor as described in our Terms of Service. In that case, the parent provides consent for our collection and use of the minor’s information as described here and is responsible for the account. If you believe a minor has provided us information without parental involvement, contact us at privacy@mycardpost.com and we will investigate.
We will post updates to this policy here and update the “Last updated” date. Where required by law, we will notify you of material changes by email.
My Card Post, LLC
5760 Lindero Canyon Rd. #1124
Westlake Village, CA 91362
Privacy inquiries: privacy@mycardpost.com
Privacy Officer (Quebec Law 25): Privacy Officer, My Card Post, LLC — privacy@mycardpost.com