Privacy policy

Last updated: 8 July 2026

This Privacy Policy explains how archii Ltd ("archii", "we", "us", "our") collects, uses, and protects your personal information when you use the archii SmartCard app, archii.co.uk, or card.archii.co.uk (the "Service").

archii Ltd is a company registered in England and Wales, based in Hove, East Sussex. We act as the data controller for personal data collected through the Service.

The short version: we collect the profile information you choose to share on your SmartCard, the email you sign up with, and basic technical data so the app can work. We don't sell your data. We never share it with advertisers. You can delete your account and all your data at any time from within the app.

1. Information we collect

Account information

  • Email address — required to create an account and sign in.

  • Sign in with Apple identifier — if you choose to sign in with Apple, we receive an anonymised Apple user ID and (optionally) your name and email.

  • Password — stored as a secure hash by Firebase Authentication (Google). We never see or store your plaintext password.

Profile content

Anything you add to your SmartCard profile: full name, job title, company, mobile number, website, address, birthday, avatar photo, and any social links you choose to display. You control which fields are visible to people who tap your card via the "hide field" toggles in the profile editor.

Card data

  • Card IDs associated with your account.

  • Link timestamps — when a card was activated to your profile.

  • Tap counts — how many times each of your cards has been tapped or scanned.

Support and feedback

If you send a support ticket, we store your message, email address, and basic device information (device model, OS version) so we can help you.

Technical data

  • Approximate device type and iOS version, used for debugging and support.

  • Firebase Authentication generates a stable user ID; this is only used internally to link your account to your data.

  • We do not collect precise location, contacts (unless you save someone else's card as a contact — that's done locally on your device), or advertising identifiers.

2. How we use your information

  • To create and manage your account.

  • To render your public SmartCard profile when someone taps or scans one of your cards.

  • To count taps for analytics that only you and archii admins can see.

  • To respond to your support tickets and other communications.

  • To detect and prevent abuse, fraud, or violations of our Terms of Service.

  • To comply with legal obligations.

3. Who can see your data

Your public profile

Anyone with the URL of your card (e.g. card.archii.co.uk/c/ABC123) can view the profile fields you have marked as visible. This is the whole point of a SmartCard — but you decide what appears.

archii team

A small number of archii staff have admin access for the purposes of platform operations (customer support, moderation, and abuse prevention). All admin actions are logged.

Service providers

We use the following processors on our behalf. All are contractually bound to protect your data and use it only to provide their services:

  • Firebase (Google LLC) — Authentication, Firestore database, Cloud Storage, and Hosting. Data is stored in europe-west regions where possible.

  • Vercel Inc. — Hosts the archii.co.uk and card.archii.co.uk web frontends.

  • Apple Inc. — Provides Sign in with Apple and App Store distribution.

We do not sell your data to advertisers. We do not use it to build profiles for marketing purposes across other services.

4. Cookies and similar technologies

The archii web pages use only strictly necessary local storage for keeping you signed in and for a lightweight rate-limiter on tap counting. We do not use marketing or analytics cookies.

5. How long we keep your data

  • Account data: until you delete your account.

  • Support tickets: up to 24 months after resolution, then deleted.

  • Admin action logs: retained indefinitely for security and auditing.

  • Deleted-account residue: we may retain minimal metadata (e.g. that a UID was deleted, without any personal fields) for up to 90 days to prevent replay attacks and support account recovery requests.

6. Your rights (UK GDPR)

Under UK data-protection law you have the right to:

  • Access the personal data we hold about you.

  • Correct inaccurate data — you can do this yourself in the profile editor.

  • Delete your account and data — via Profile → Delete my account in the SmartCard app.

  • Portability — request an export of your profile data.

  • Restrict or object to certain processing.

  • Withdraw consent at any time.

  • Complain to the UK Information Commissioner's Office (ico.org.uk).

7. How to delete your account

Open the SmartCard app, go to the Profile tab, tap Delete my account, and follow the two-step confirmation. This immediately:

  • Unlinks any archii cards from your account (they become blank cards, ready for a new owner).

  • Deletes your profile document, avatar image, and Sign in with Apple / email account.

If you cannot access the app for any reason, email us at support@archii.co.uk and we will delete your data within 30 days.

8. Children

archii is not intended for children under the age of 13. We do not knowingly collect data from children. If you believe a child has created an account, please contact us and we will remove it.

9. International transfers

Where data is transferred outside the UK / EEA (for example, some Firebase services), we rely on Standard Contractual Clauses and equivalent safeguards approved by the UK Information Commissioner's Office.

10. Security

We use industry-standard security measures including HTTPS everywhere, secure password hashing (via Firebase Authentication), and strict Firestore Security Rules that scope writes to the account owner and admins. No system is 100% secure — if you become aware of a vulnerability, please email security@archii.co.uk.

11. Changes to this policy

If we make material changes to how we handle your data, we will notify you by email (if you have an account) and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

12. Contact us

archii Ltd
Hove, East Sussex, United Kingdom
Data protection queries: privacy@archii.co.uk
General support: support@archii.co.uk