Moments ImprintedPrivacy Policy
Last updated: April 9, 2026
1. Introduction
Moments Imprinted ("we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our subscription-based greeting card service, including our website and related services (collectively, the "Service").
By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service. This Privacy Policy should be read in conjunction with our Terms of Service.
2. Information We Collect
We collect information that you provide directly to us, information collected automatically when you use the Service, and information from third-party sources.
2.1 Information You Provide
| Data Category | Examples |
|---|---|
| Account Information | Display name, email address, profile details provided via Manus OAuth |
| Mailing Addresses | Your return address for card envelopes, recipient addresses for card delivery |
| Recipient Information | Names, relationships, interests, hobbies, personality traits, age group, nicknames, and mailing addresses of your card recipients |
| Event Details | Event dates, card types, personalized messages, message tone preferences, delivery preferences |
| Payment Information | Processed securely through Stripe; we do not store full credit card numbers, CVVs, or card expiration dates |
| Imported Contacts | Contact data from vCard (.vcf) or CSV files you upload (Google Contacts, Apple Contacts) |
| Communications | Contact form submissions, support inquiries, feedback |
2.2 Information Collected Automatically
When you access the Service, we may automatically collect certain information, including your IP address, browser type, operating system, referring URLs, access times, and pages viewed. We use session cookies to maintain your login state and provide a seamless experience.
2.3 Information from Third Parties
When you log in through Manus OAuth, we receive your name, email address, and unique identifier from the authentication provider. When you complete a payment, Stripe may provide us with a customer identifier and transaction status (but never your full card details).
3. Recipient Data (Third-Party Personal Information)
Our Service requires you to provide personal information about third parties — the recipients of your greeting cards. This includes their names, mailing addresses, relationships to you, interests, and other details used to personalize card messages.
Your Responsibility: By providing recipient information, you represent and warrant that you have obtained any necessary consent from those individuals to share their personal information with us for the purpose of sending greeting cards on your behalf. You are solely responsible for ensuring that your use of the Service complies with applicable privacy laws regarding the collection and use of third-party personal information.
We use recipient data solely for the following purposes:
Printing and addressing greeting cards for delivery
Generating personalized AI card messages based on recipient details you provide
Sending automated reminders to you about upcoming events for those recipients
Preventing duplicate card designs for the same recipient
We do not contact your recipients directly (other than mailing the physical card), do not sell or share recipient data with third parties, and do not use recipient data for marketing purposes. Recipient data is anonymized immediately when you delete the recipient from your account or when your account is deleted, and permanently purged after a 90-day retention period.
4. How We Use Your Information
We use the information we collect for the following purposes:
To provide, operate, and maintain the Service, including printing and mailing greeting cards on your behalf
To process your subscription payments and per-card charges through our payment processor (Stripe)
To send you automated email notifications about upcoming events, card previews, editing deadlines, and order confirmations
To generate personalized card messages using AI based on the recipient information you provide
To auto-select appropriate card designs based on event type and recipient characteristics
To communicate with you about your account, respond to inquiries, and provide customer support
To send subscription renewal reminders one month before your annual renewal date
To improve, personalize, and expand the Service
To detect, prevent, and address technical issues or fraudulent activity
5. AI-Generated Content Disclosure
Our Service uses artificial intelligence (AI) to generate personalized greeting card messages and card design previews. When you create a card event, the following information may be sent to our AI service provider:
Card type (e.g., birthday, anniversary, holiday)
Recipient's first name, relationship to you, interests, personality traits, and age group
Your preferred message tone (formal, casual, humorous, poetic)
Previous messages sent to the same recipient (to avoid repetition)
AI-generated messages are provided as suggestions. You have the opportunity to review, edit, or regenerate any AI-generated content before it is printed. As described in our Terms of Service (Section 5.2), if you do not review or edit a card within the editing window, the AI-generated content is deemed accepted by you.
We do not use your personal data or card content to train AI models. AI-generated content is processed in real-time and is not retained by the AI service provider after generation.
6. Third-Party Services
We use the following third-party services to operate the Service. Each service has its own privacy policy governing the use of your information:
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, name, payment details |
| Manus OAuth | Authentication | Name, email, user ID |
| Amazon S3 / CloudFront | File storage & delivery | Card images, uploaded files |
| AI Language Model | Card message generation | Recipient details, card type, tone preference (see Section 5) |
We do not sell, trade, or rent your personal information to third parties. We share information with the services listed above only to the extent necessary to provide the Service.
7. Data Storage and Security
Your information is stored on secure servers with encryption in transit (TLS/SSL) and at rest. We implement industry-standard security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.
Specific security measures include:
All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
Payment information is handled exclusively by Stripe (PCI DSS Level 1 certified) and never touches our servers
Session tokens are signed with secure keys and expire automatically
Database access is restricted to authenticated application processes only
Card images and files are stored in encrypted cloud storage with access controls
While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
8. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Service. When you delete your account, we immediately anonymize your personal data (names, email addresses, physical addresses are replaced with placeholder values). Your anonymized account record is retained for a 90-day grace period, during which the data cannot be recovered but the record exists for payment dispute resolution and legal compliance. After 90 days, all remaining records are permanently and irreversibly deleted from our systems. We will also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion. Upon deletion: immediately anonymized, permanently purged after 90 days. |
| Recipient data | Until you delete the recipient or your account. Upon deletion: immediately anonymized, permanently purged after 90 days. |
| Event & card data | Until account deletion. Pending events are cancelled immediately; records permanently purged after 90 days. |
| Payment records | 7 years (legal/tax compliance) |
| Email notification logs | 1 year |
| ToS acceptance records | Duration of account plus 3 years |
| Contact form submissions | 1 year |
9. Your Rights
Depending on your location, you may have certain rights regarding your personal information:
Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete personal information.
Deletion: Request deletion of your personal information. You can delete your account directly from your Profile settings. Upon deletion, all personal data (names, email, addresses) is immediately anonymized. Active subscriptions and pending card events are cancelled. Your anonymized account record is retained for 90 days for dispute resolution, after which all data is permanently and irreversibly deleted.
Portability: Request a copy of your data in a structured, commonly used format.
Objection: Object to the processing of your personal information in certain circumstances.
Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us using the information provided in Section 14 below. We will respond to your request within 30 days.
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, completing a transaction).
Right to Opt-Out of Sale: We do not sell your personal information. We have not sold personal information in the preceding 12 months.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
Right to Correct: You may request that we correct inaccurate personal information that we maintain about you.
To submit a CCPA/CPRA request, please contact us at the email address listed in Section 14. We may need to verify your identity before processing your request.
11. Cookies and Tracking
We use essential cookies to maintain your authenticated session and ensure the Service functions properly. We do not use advertising or tracking cookies. Session cookies are automatically deleted when you close your browser or when your session expires.
Do Not Track
Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Since we do not use advertising or behavioral tracking cookies, we effectively honor DNT signals by default. Our Service does not track your browsing activity across third-party websites.
12. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that we have collected personal information from a minor, we will take steps to delete that information promptly. If you believe a minor has provided us with personal information, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify active subscribers by email at least 14 days before the changes take effect. We encourage you to review this Privacy Policy periodically for any changes.
Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of those changes.
14. Contact Us
If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us through our Contact page or by email at: