We need to talk about the elephant in the room.

You are scanning business cards that contain private contact info: emails, phone numbers, and job titles. It is completely normal (and smart) to ask: "Is this safe? Does the AI 'read' my contacts and sell them? Where does the data actually go?"

As business owners ourselves, we are paranoid about data privacy. That is why we didn't build CardSync on some cheap, unknown server in a basement. We built it entirely on Google’s secure infrastructure.

Here is exactly how we handle your data, the technology we use, and why it is safer in our cloud than in your pocket.

1. Where Does the Data Live? (The Infrastructure)

CardSync is built using Google Firebase, a premier app development platform trusted by major companies like The New York Times and Duolingo. We use Firebase Authentication to manage your login securely, and Cloud Firestore to store your data.

This means your contacts are protected by the same security standards Google uses for its own products:

• •Encryption at Rest: When your data sits in our database, it is automatically encrypted using AES-256 encryption standards. Even if someone managed to physically steal a hard drive from a Google Data Center, they would only see scrambled, unreadable code.
• •Encryption in Transit: When the data travels from your phone to our server, it moves through a secure HTTPS/TLS tunnel. It cannot be intercepted by someone sitting next to you on the coffee shop Wi-Fi.

The Bottom Line: We don't maintain physical servers in an office. We rely on Google's billion-dollar security team to keep the physical doors locked.

2. Does the AI "Learn" from My Contacts?

People worry that if they scan a client's card, the AI will "learn" that name and share it with someone else.

CardSync uses Enterprise-Grade Commercial APIs for its intelligence. There is a huge difference between the "free AI chatbots" you use for fun, like ChatGPT or Gemini, and the Commercial AI Models businesses use:

• •Data Isolation: When we send a business card image to the AI for processing, it is done via a secure, stateless API call. The AI looks at the image, extracts the text (Name, Email, Phone), and sends it back.
• •No Training: We use commercial agreements that ensure your data is not used to train public models.

Your data is used only to perform the task of extraction. It is not fed back into a "public brain" for the world to see.

3. Why Cloud is Safer Than "Local"

Some people ask, "Can I just keep the data on my phone?" You can, but that is actually the least secure place for it.

• •If you lose your phone: You lose 100% of your business leads.
• •If your phone breaks: Your data is gone forever.
• •If you leave a physical card in a hotel room: Anyone can pick it up and read it.

By using secure Cloud Storage, your data is decoupled from your physical device. If you drop your phone in the ocean, you can log into CardSync on your laptop 5 minutes later, and every single lead is still there, safe and sound.

4. You Own Your Data

We are in the business of selling software, not selling data.

• •✓ We do not sell your contacts to third-party brokers.
• •✓ We do not email your leads with our own marketing.
• •✓ You can export everything to Excel and delete your account at any time.

Security Overview

Summary: We use Google's Enterprise Infrastructure (Firebase), Automatic Encryption, and Private AI Processing to ensure that the only person who sees your leads is you.