Millions of cards listed·0% seller fees
CardSynced

Privacy Policy

Last Updated: 11 March 2026

Card Synced
Website: cardsynced.com
Privacy Email: privacy@cardsynced.com

This Privacy Policy explains how Card Synced collects, uses, stores, shares, and protects personal data when you use our marketplace, wallet, listings, support tools, dispute process, embedded checkout, embedded KYC, payout setup, and withdrawal features.

Card Synced is committed to handling personal data in accordance with the UK GDPR, the Data Protection Act 2018, and other applicable privacy laws.

1. Who We Are

Card Synced is the data controller for the personal data described in this Privacy Policy.

If you have questions, complaints, or data protection requests, contact us at privacy@cardsynced.com.

2. Personal Data We Collect

2.1 Account and Profile Data

  • name, display name, email address, login details, account role, and country;
  • billing, shipping, and contact information;
  • store profile, seller profile, and business information where relevant;
  • account status, suspension status, and internal risk or support notes.

2.2 Marketplace and Wallet Data

  • listings, inventory details, prices, order contents, shipment details, and tracking references;
  • wallet balances, wallet ledger entries, fee calculations, pending balances, reserved balances, and transaction history;
  • withdrawal requests, payout workflow states, and dispute outcomes;
  • support tickets, dispute submissions, admin responses, and on-platform messages.

2.3 Payment, Verification, and Payout Data

When you use embedded checkout, saved card features, identity verification, payout onboarding, or withdrawals, some information is collected directly by our service providers.

  • payment session IDs, payment IDs, member IDs, payment-method IDs, and checkout configuration IDs;
  • verification status, review outcomes, error codes, and connected-account identifiers;
  • masked payout-method information such as institution name, account reference, country, and payout-method IDs;
  • withdrawal IDs, transfer IDs, failure reasons, and webhook event data.

2.4 Technical and Usage Data

  • IP address, device type, browser, operating system, approximate location, timezone, and cookie identifiers;
  • session activity, page views, actions taken on the platform, and security or fraud signals;
  • analytics, diagnostics, performance logs, and support context.

3. How Payments, KYC, and Payout Data Are Handled

Card Synced uses a local internal ledger for platform wallet balances, dispute handling, and withdrawal approval. We also use Whop for parts of card checkout, saved payment methods, identity verification, payout method collection, connected-account management, and external withdrawals.

  • Full card details entered in embedded checkout are handled by Whop or its payment partners, not stored in full by Card Synced.
  • Identity documents and payout details entered through embedded KYC or payout forms are handled by Whop or its verification and payout partners.
  • Card Synced typically stores the order records, local wallet movements, masked payout references, status data, and provider IDs needed to operate the marketplace and reconcile payments.

4. Why We Use Your Personal Data

4.1 To Provide the Marketplace

  • create and manage accounts;
  • publish listings, process orders, arrange shipping, and operate the wallet ledger;
  • let users spend wallet balance on eligible purchases and approved redemptions where enabled;
  • process withdrawal requests and payout workflows.

Legal basis: performance of a contract.

4.2 To Run Verification, Compliance, and Fraud Controls

  • verify identity and eligibility;
  • screen for fraud, sanctions, abuse, chargeback risk, and suspicious behaviour;
  • review disputes, suspicious withdrawals, and policy breaches;
  • comply with legal, accounting, and anti-fraud obligations.

Legal basis: legal obligation and legitimate interests.

4.3 To Support and Improve the Platform

  • respond to tickets, complaints, and disputes;
  • monitor performance, fix bugs, improve security, and analyse usage patterns;
  • audit platform events and maintain financial reconciliation records.

Legal basis: legitimate interests and, where applicable, performance of a contract.

4.4 To Send Communications

  • transaction, account, verification, dispute, and withdrawal notifications;
  • service announcements and security notices;
  • marketing communications where you have consented or where we may lawfully send them.

Legal basis: performance of a contract, legitimate interests, and consent where required.

5. Who We Share Personal Data With

5.1 Service Providers

We share personal data with service providers that help us operate Card Synced, such as:

  • Whop for embedded checkout, saved payment methods, verification, payout setup, connected accounts, and withdrawals;
  • hosting, database, infrastructure, logging, and security providers;
  • email and communications providers;
  • analytics, monitoring, and customer support tooling providers.

5.2 Buyers, Sellers, Stores, and Other Users

We share limited personal data between transaction participants where necessary to complete an order, support delivery, investigate an issue, or enable an approved store or event redemption.

  • Sellers may receive the buyer's shipping name and address.
  • Buyers may see seller display names, profile information, and listing details.
  • Approved stores or event operators may receive limited wallet or verification data where the feature is enabled and necessary.

5.3 Legal, Regulatory, and Advisory Sharing

We may share personal data with regulators, law enforcement, courts, insurers, payment networks, auditors, professional advisers, or other third parties where required by law or reasonably necessary to protect our rights, users, or platform integrity.

6. International Transfers

Some of our service providers operate outside the UK. Where personal data is transferred internationally, we use appropriate safeguards such as adequacy decisions, contractual protections, or equivalent lawful transfer mechanisms.

7. Data Retention

We keep personal data only for as long as needed for the purposes described above, including:

  • account, order, wallet, withdrawal, and transaction records: typically up to 6 years after account closure or transaction completion;
  • support, disputes, fraud investigations, and audit records: typically up to 6 years after closure of the matter;
  • verification and payout compliance records: for as long as legally required or reasonably needed for compliance, usually up to 5 years after the relevant relationship or transaction ends;
  • marketing preferences: until you unsubscribe or we no longer need the record to honour your preference;
  • analytics and cookies: for shorter platform-operations periods depending on the tool and purpose.

We may retain data longer where there is an active dispute, legal hold, fraud investigation, enforcement need, or other legitimate requirement.

8. Your Rights

Subject to applicable law, you may have the right to:

  • access a copy of your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of data where we no longer have a lawful basis to keep it;
  • object to or restrict certain processing;
  • receive data portability where the right applies;
  • withdraw consent where processing depends on consent.

To exercise your rights, contact privacy@cardsynced.com. We may ask you to verify your identity before responding.

9. Security

We use technical and organisational measures designed to protect personal data, including access controls, authentication, monitoring, encrypted transport, and restricted operational access. No system is perfectly secure, so you should also protect your account credentials and notify us promptly of suspected compromise.

10. Cookies and Analytics

We use cookies and similar technologies for login sessions, security, preferences, analytics, and site performance. Where required by law, we ask for consent before placing non-essential cookies.

11. Complaints and Contact

If you have a privacy concern, please contact us first at privacy@cardsynced.com.

You also have the right to complain to the Information Commissioner's Office (ICO):

This Privacy Policy now reflects the current Card Synced marketplace flow, including Whop-based checkout, embedded verification, payout setup, and staff-approved withdrawals, but it should still be reviewed by qualified legal counsel before launch.