Last updated: 22 March 2026
BestDigitalCard is committed to protecting your personal data in compliance with applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act) and Information Technology Act, 2000.
We implement the following technical and organizational measures:
| Measure | Details |
|---|---|
| Password Encryption | All passwords are hashed using bcrypt (one-way, irreversible) |
| Session Security | HTTP-only cookies, SameSite=Lax, secure flag on HTTPS, 2-hour expiry |
| CSRF Protection | Token-based cross-site request forgery prevention on all forms |
| Input Sanitization | All user input is sanitized to prevent SQL injection and XSS attacks |
| File Upload Security | Extension whitelist, MIME validation, magic byte verification, double-extension blocking |
| Rate Limiting | IP-based rate limiting on all public endpoints to prevent abuse |
| Payment Security | No card/bank data stored — handled entirely by PCI-DSS compliant Razorpay |
| IP Anonymization | Visitor IPs are stored as one-way SHA-256 hashes, not raw IPs |
| Data Cleanup | Analytics logs automatically purged after 90 days |
| Service | Purpose | Data Shared |
|---|---|---|
| Razorpay | Payment processing | Name, email, payment amount |
| SMTP (Email) | Transactional emails | Recipient email, name |
| Google Places API | Review card Place ID | Business place ID only |
We do not share data with advertising networks, social media platforms, or data analytics companies.
When you delete a card, all associated data is permanently removed:
Account deletion removes all cards and personal data. This action is irreversible.
In the event of a data breach, we will:
BestDigitalCard