Last updated : 21 August 2025
This Privacy Policy explains how APH Services LLC (“Kardynal”, “we”, “us”, “our”) collects, uses, shares and safeguards personal data when you visit www.kardynal.ai, complete the card‑order form, fund your Kardynal closed‑loop MasterCard® or interact with our support team.
No mobile app or customer login exists today; all interactions take place by web form, email or phone.
• Personal-Data Controller
• What Personal Data We Collect
• Why We Process Your Data
• Legal Bases (EEA / UK)
• Cookies & Similar Technologies
• Who Else Receives Your Data
• Your Privacy Rights & How to Exercise Them
• Age Limitation
• International Data Transfers
• U.S. State Privacy Notice
• Data Security
• Data Retention
• Changes to this Policy
• Contact Us
The Service is provided by APH Services LLC, 16192 Coastal Highway, Lewes, Delaware 19958, USA (“Kardynal”, “we”, “our”, “us”).
We act as the data controller for subscription, refund-assistance, and website usage data. For prepaid card issuance, Park Card Services Ltd is the controller.
Name, email, phone, billing & shipping address
Last 4 digits & expiry of funding card, payment token, subscription tier, trial dates, refunds
Deposit amounts, timestamps
Copy of ID or proof of address (for anti-fraud or KYC)
IP address, timezone, browser/OS, referral URL, pages visited, error logs
Newsletter opt-in, promotional-code usage, ad-campaign source
Emails, chat transcripts, satisfaction ratings
Questions submitted to our AI assistant or chatbot
Order number, receipts, merchant name, description of issue (e.g. damaged item, lost parcel, refund not received)
You provide via the card-order form or through support channels
Received from our payment processors – we never store full card numbers
Generated when you fund your Kardynal card
You provide upon request
Collected automatically via cookies and server logs
Your choices; analytics/marketing partners
You provide during interactions with our team
You provide during service usage
You provide when filling out the Refund Assistance form in your member area or via support
We do not knowingly collect: data from children under 18 (EU/UK) or 13 (US COPPA), biometric data, or full credit-card numbers.
Card issuance, deposits, subscriptions
Billing, refunds, chargebacks
Handle support requests
Analytics, testing, fraud prevention
Newsletters, offers, retargeting
Generate personalised assistance
Records, AML/KYC, tax
Drafting claim emails, contacting merchants, tracking claim progress, updating you on status
Identifiers, Card Funding, Payment
Identifiers, Payment
Identifiers, Support/Feedback
Device/Usage, Marketing
Identifiers (hashed), Device/Usage, Marketing
Chat Interactions, Device/Usage
All categories as relevant
Identifiers, Refund & Claim Data, Support/Feedback
Issuing the Kardynal Card, subscription billing, refund-assistance, support
Analytics, anti-fraud, security, direct marketing of similar services
Non-essential cookies, personalised ads, newsletters
Tax, accounting, electronic-money regulations
You can withdraw consent or object to legitimate interest processing at any time – see Section 7.
We use cookies, pixels and local storage to:
• keep you logged in,
• remember form entries,
• measure traffic & conversions,
• personalise ads and content.
Non-essential cookies (analytics, ads) are only set with your consent.
See our Cookie Policy for details and opt-out options.
PayPal, Solid
Park Card Services Ltd
AWS, Google Cloud
Google Analytics, Amplitude, Hotjar
Customer.io, Twilio, Hubspot,
[LLM Provider – anonymised]
Meta, Google Ads
HMRC, FCA, courts
The online store where you made a purchase (e.g. ASOS, Argos, Tesco)
Subscription billing, deposits, refunds
Card issuance & regulatory compliance
Infrastructure & backups
Usage analytics
Emails, chats, SMS
Chatbot processing
Campaign tracking
Legal compliance
To submit and follow up on your refund or return request
We do not sell personal data. Some U.S. laws treat targeted advertising as “sharing” or “sale” – see Section 10 for opt-out rights.
Access, Rectify, Erase, Restrict, Portability, Object, Withdraw consent
Know/Access, Correct, Delete, Portability, Opt-out of Sale/Sharing/Ads, Limit sensitive data
Email help@kardynal.ai. We verify your identity before responding.
You may withdraw consent for personalised ads or cookies at any time via your account settings or cookie banner.
• Kardynal is intended for users 18+ (UK/EU).
• We do not knowingly collect data from children under 13 (US COPPA).
• If we inadvertently hold such data, contact us and we will delete it.
We are a U.S.-based provider. Your data may be processed in the U.S. or other countries..
Transfers from the EEA/UK rely on Standard Contractual Clauses (SCCs) and the UK Addendum.
Residents of California and other U.S. states may:
• Opt‑out of “sale” or “sharing” for ads.
• Request full category disclosures.
• Appeal denied privacy requests.
California residents: exercise these rights via our “Do Not Sell/Share My Info” link in the footer.
• TLS encryption (in transit)
• AES-256 encryption (at rest for sensitive files)
• MFA access control
• Ongoing audits & incident response procedures
Account & billing
Identity/KYC
Deposit & transactions
Opt-out lists
Analytics logs
Refund & Claim Data
10 years (legal/tax)
5 years (regulatory)
7 years
Indefinite
Max 13 months
3 years (to handle claims history & disputes)
After expiry, data is anonymised or deleted.
We may update this Policy.
• “Last updated” date will change.
• If changes are material, we will notify you by email or in-app. Continuing to use the Service means you accept the updated Policy.
Kardynal – APH Services LLC
16192 Coastal Highway, Lewes, DE 19958, USA
✉ help@kardynal.ai
📞 +44 7445 916608
This number is an automated help line for general info. For personalised assistance, email us.
We respond to verified privacy requests within 30 days (45 days in California).
By signing up, funding your Kardynal card, or using our site, you acknowledge that you have read and understood this Privacy Policy.
.svg)
.svg)
.svg)