START CREATING
HOME GALLERY FAQ SEND A CARD FOR BUSINESSES CONTACT START CREATING

Legal

Privacy Policy

Effective date: March 25, 2026  ·  Mail A Card  ·  Goderich, ON, Canada

Mail A Card ("we", "us", or "our") operates mailacard.ca. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and your rights with respect to that information. By using our website or placing an order you agree to the practices described in this policy.

We are committed to complying with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

1. Information We Collect

Information you provide directly

  • Sender details — your name, email address, and return address when you create a card.
  • Recipient details — the name and mailing address of the person you want to send a card to.
  • Card content — the photo you upload and the message you write.
  • Contact form — your name, email, and message when you reach out to us.
  • Payment information — payment is processed entirely by Stripe, Inc. We never see or store your full card number, CVV, or banking details. See Section 4 for more.

Information collected automatically

  • Usage data — pages visited, time on site, browser type, and general location, collected through Google Analytics (see Section 5).
  • Log data — standard web server logs including your IP address and the pages you requested, retained for security and debugging purposes.

2. How We Use Your Information

  • To fulfill your postcard order — print, address, and mail your card.
  • To communicate with you about your order status.
  • To respond to contact form enquiries.
  • To improve our website and understand how visitors use it.
  • To detect and prevent fraud or abuse.
  • To comply with legal obligations.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3. Sharing Your Information

We share your information only where necessary to operate the service:

  • Canada Post — your recipient's name and mailing address are used solely to print and deliver your postcard.
  • Stripe, Inc. — payment processing. Stripe is PCI-DSS Level 1 certified. See Section 4.
  • Google LLC — anonymised analytics data via Google Analytics. See Section 5.
  • Web hosting provider — our hosting company stores website data, including uploaded images, on servers in Canada or the United States.
  • Legal requirements — we may disclose information if required by law or to protect the rights and safety of Mail A Card or others.

4. Payment Processing (Stripe)

All payment transactions are handled by Stripe, Inc.. When you pay for an order, you are entering your payment details directly into Stripe's secure, PCI-compliant environment. Mail A Card does not receive, process, or store your credit card number, CVV, or bank account details.

Stripe's privacy policy is available at stripe.com/en-ca/privacy.

5. Google Analytics

We use Google Analytics 4 to understand how visitors use our website. Google Analytics uses cookies and collects anonymised usage data, which is transmitted to and stored by Google on servers in the United States. We have enabled IP anonymisation. Google may also transfer this data to third parties where required by law or where third parties process the data on Google's behalf.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on. Google's privacy policy is available at policies.google.com/privacy.

6. Cookies

We use the following types of cookies:

  • Session cookies — used for form security (CSRF tokens) and to temporarily store your order progress. These expire when you close your browser.
  • Analytics cookies — set by Google Analytics to distinguish unique visitors and sessions. These persist for up to 2 years but are anonymised.

You can disable cookies in your browser settings, however this may affect site functionality such as the order form.

7. Data Retention

  • Order data — retained for a minimum of 7 years to meet Canadian accounting and tax obligations.
  • Uploaded card images — retained until the order is complete and archived, then may be deleted at our discretion.
  • Contact enquiries — retained for up to 2 years, then deleted.
  • Server logs — retained for up to 90 days.

8. Data Security

We use reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorised access, use, or disclosure. These include encrypted HTTPS connections, access-controlled admin areas, and secure file storage. No method of transmission over the Internet is completely secure, and we cannot guarantee absolute security.

9. Children's Privacy

Our service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Your Rights

Under PIPEDA you have the right to:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Withdraw consent to our use of your information (subject to legal or contractual restrictions).
  • Lodge a complaint with the Office of the Privacy Commissioner of Canada.

To exercise any of these rights, contact us at sales@mailacard.ca.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. We encourage you to review this policy periodically. Continued use of the website after changes are posted constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your information, please contact us:

Mail A Card
Goderich, ON, Canada
sales@mailacard.ca