Identli

Privacy Policy

Last updated: May 2026

Identli ("Identli", "we", "us") provides a digital identity platform — profile pages, NFC business cards, QR codes, short links, and an optional AI assistant — available at identli.me and through any custom domain you configure. This policy explains what data we collect when you use Identli, why we collect it, and the choices you have.

1. Information you give us

When you create an account we collect your email address, a chosen username (which becomes your public profile URL, e.g.identli.me/yourname), a password (stored only as a one-way hash — we never see your plain-text password), and any profile content you publish: display name, bio, avatar image, links, social handles, contact details, theme settings, blocks, and similar.

If you choose Sign in with Google, we use Google OAuth and receive only your basic Google profile information — your name, email address, and profile picture — via the OpenID Connectopenid,email, andprofilescopes. We use this only to create and secure your Identli account and to pre-fill your display name and avatar. We do not request access to Gmail, Google Drive, Contacts, Calendar, or any other Google service or restricted data.

If you order a physical NFC card we collect a shipping address and, where you upload one, your custom card design file. Payment information for orders and subscriptions (card number, expiry, billing address) is collected and processed directly by Stripe — Identli never stores full card details on our servers.

If you enable the AI assistant on your profile, you provide the assistant's persona, role, FAQ content, and lead-capture settings. Conversations between your visitors and the assistant (including any contact details a visitor chooses to share) are stored so you can review them in your inbox.

2. Information we collect automatically

To make analytics work and to keep your profile safe, we record basic technical data when someone interacts with your Identli profile, NFC card, QR code, or short link. This includes:

  • Event type (NFC tap, QR scan, profile view, block click, short-link click)
  • Timestamp
  • Truncated IP address and approximate location (city / country level)
  • User-agent string (browser and operating system)
  • Referrer URL, where available

We do not use third-party advertising trackers or cross-site cookies. Analytics are first-party only and visible to you in your dashboard.

3. How we use your information

  • To provide the service: render your public profile, route NFC and QR taps, deliver short links.
  • To authenticate you and protect your account.
  • To process orders and subscription payments.
  • To ship NFC cards you order to the address you provided.
  • To show you analytics about traffic to your profile and links.
  • To send transactional email — password resets, email verification, new-lead notifications, new-conversation notifications. We do not send marketing email without your opt-in.
  • To power the AI assistant when you have enabled it.
  • To detect abuse, enforce our terms, and meet legal obligations.

4. Third parties who process data for us

We use a small, deliberate set of vendors to run the service. Each is bound by a data-processing agreement and only handles the data they need for their function.

  • Stripe — payment processing for subscriptions and one-off orders.
  • Google — optional OAuth sign-in.
  • Services-Hub (operated by Mahzaib Mirza Ventures) — transactional email delivery and media storage (avatars, card designs, QR logos). Media files are served from Google Cloud Storage via the assets.cdn.filesafe.space CDN.
  • Anthropic — Claude API powers the AI assistant. Conversation content is sent to Anthropic on a per-message basis to generate replies; per Anthropic's policies, this content is not used to train their models.
  • Hosting infrastructure — our application servers, database, and Redis cache run on cloud infrastructure inside data centers operated by our hosting provider.

We do not sell your personal information. We do not share it with advertisers.

Google sign-in & Limited Use

Identli's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we request only the basic openid, email, and profile scopes; we use that data only to provide the sign-in and account features described in this policy; we do not transfer it to others except as necessary to provide those features, to comply with applicable law, or as part of a merger or acquisition; we do not use it for advertising; and we do not allow humans to read it except with your consent, for security, to comply with the law, or where the data is aggregated and anonymized.

5. Cookies and session data

Identli uses cookies and similar storage only for things that keep the service working: an authentication session cookie when you sign into the dashboard, your access and refresh tokens stored in your browser's local storage, a CSRF token, and short-lived preference flags (e.g. dark mode). We do not set analytics or advertising cookies.

6. Data retention

We keep account data for as long as your account is active. Analytics events are retained while they remain useful for your dashboard. Stripe retains payment records as required by their own policies and applicable law. AI conversations remain in your inbox until you delete them or close your account. When you delete your account, your profile and all associated content (blocks, QR codes, short links, NFC card configurations, conversations, leads) are permanently removed from our active systems. Encrypted backups may retain a copy for up to 30 days before they roll off.

7. Your rights

You can access, edit, or download most of your data directly from your dashboard. You can permanently delete your account from Settings → Danger Zone at any time. If you would like a full export of everything we hold about you, email support@identli.me and we will respond within 30 days.

Depending on where you live you may also have additional rights under laws such as the EU General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), including the right to object to or restrict certain processing. The same email address handles those requests.

8. Security

Passwords are stored using bcrypt hashing. All traffic to and from Identli is encrypted with TLS. Access to production systems is restricted to a small number of operators using multi-factor authentication. No system is perfectly secure — if we ever discover a breach that affects you, we will notify you promptly and explain what happened.

9. Children

Identli is not intended for use by anyone under 13 (or under the minimum age of digital consent in your country, where that is higher). If we learn that we have collected data from a child, we will delete it.

10. International transfers

Identli is operated by a Pakistan-based team and our service providers (Stripe, Google, Anthropic, Services-Hub) operate globally. By using Identli you understand that your data may be processed in countries outside of the one you live in.

11. Changes to this policy

We will update the "Last updated" date at the top of this page whenever this policy changes. For material changes that meaningfully affect you, we will email you and post a notice in your dashboard before the new version takes effect.

12. Contact

Questions or requests about this policy: support@identli.me.