Legal

Privacy Policy

Last updated: April 13, 2025

We wrote this policy to be readable, not just legally defensible. If something is unclear, please email us at privacy@togathercards.com and we'll explain it plainly.

1. Who we are

Togather is a digital greeting card platform. When we say "Togather", "we", "us", or "our" in this policy, we mean the company that operates togathercards.com. This policy explains how we collect, use, and protect information about people who use our service — including card creators, signers, and recipients.

2. Information we collect

Account holders (card creators)

When you create an account, we collect:

Your name and email address (via Clerk, our authentication provider)
Your payment information — we don't store card numbers; Stripe handles all payment data
Your Stripe customer ID, used to link your account to your purchase history

Signers

When someone signs a card, they must be signed in with a Togather account. We collect the name and email address associated with their account. These are stored as a snapshot on the signature at the time of signing.

Recipients

Recipients open cards via a private delivery link. We may log their IP address and user agent when they view the card, for security and analytics purposes. Recipients don't need an account.

Content

We store the messages, photos, and notes that users submit as part of cards. This content is private until the card creator chooses to deliver it.

Usage data

We collect standard server logs including IP addresses, browser types, pages visited, and timestamps. We use this for debugging, security, and understanding how people use the product.

3. How we use your information

We use the information we collect to:

Provide and operate the Togather service
Process payments and manage your card balance
Send transactional emails — card notifications, delivery confirmations, and receipts
Respond to support requests
Detect and prevent fraud and abuse
Improve the product based on usage patterns

We do not sell your personal information. We do not use your information to serve third-party advertising.

4. How we share your information

We share your information only in these circumstances:

Service providers — we use Clerk (authentication), Stripe (payments), and AWS (file storage and infrastructure). Each processes data on our behalf under their own privacy policies.
Card delivery — when a card is delivered, the recipient can see the messages and names of everyone who signed. Recipients cannot see signers' email addresses.
Legal requirements — we may disclose information if required by law, subpoena, or to protect the rights and safety of Togather or its users.
Business transfers — if Togather is acquired or merges with another company, your information may be transferred as part of that transaction. We'll notify you before this happens.

5. Photos and uploaded content

Photos uploaded as part of card signatures or cover images are stored in AWS S3. They are private by default and accessible only to the card creator and, after delivery, the recipient.

We do not use uploaded photos for any purpose other than displaying them within the card experience.

6. Data retention

We retain your account information for as long as your account is active. If you delete your account, we delete your personal information within 30 days, except where we are required to retain it for legal or financial purposes (such as payment records, which we retain for 7 years).

Cards and their contents are retained indefinitely after purchase — they don't expire. If you want a specific card deleted, contact us and we'll remove it.

7. Cookies

We use cookies and similar technologies to keep you logged in and to understand how people use Togather. We do not use third-party advertising cookies.

You can control cookies through your browser settings. Disabling cookies may affect your ability to use parts of the service.

8. Your rights

Depending on where you live, you may have the right to:

Access the personal information we hold about you
Correct inaccurate information
Request deletion of your information
Object to or restrict how we process your information
Export your information in a portable format

To exercise any of these rights, email us at privacy@togathercards.com. We'll respond within 30 days.

If you're in the European Economic Area or the UK, you have the right to lodge a complaint with your local data protection authority.

9. Children's privacy

Togather is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have, we'll delete it promptly. If you believe a child has provided us with personal information, please contact us.

10. Security

We take reasonable technical and organisational measures to protect your information — including encryption in transit (TLS) and at rest, access controls, and regular security reviews.

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to privacy@togathercards.com.

11. Third-party services

Togather integrates with the following third-party services, each with their own privacy policies:

Clerk — authentication and user management
Stripe — payment processing
Amazon Web Services — file storage and infrastructure

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we'll notify you by email or by displaying a notice in the service before the changes take effect.

13. Contact us

Questions, concerns, or requests about your privacy can be sent to privacy@togathercards.com. We aim to respond within 5 business days.

Togather.

Loading…