PRIVACY INFORMATION (PRIVACY POLICY)
Last updated : 24 March 2025
This Privacy Policy explains how APH Services LLC (“Ykards”, “we”, “us”, “our”) collects, uses, shares and safeguards personal data when you visit ykards.com, complete the card‑order form, fund your Ykards closed‑loop MasterCard® or interact with our support team.
No mobile app or customer login exists today; all interactions take place by web form, email or phone.
Table of contents
- Personal-Data Controller
- What Personal Data We Collect
- Why We Process Your Data
- Legal Bases (EEA / UK)
- Cookies & Similar Technologies
- Who Else Receives Your Data
- Your Privacy Rights & How to Exercise Them
- Age Limitation
- International Data Transfers
- U.S. State Privacy Notice
- Data Security
- Data Retention
- Changes to this Policy
- Contact Us
1. Personal‑Data Controller
The Service is provided by APH Services LLC, 16192 Coastal Highway, Lewes, Delaware 19958, USA.
2. What Personal Data We Collect
| Category | Examples | How we obtain it |
|---|---|---|
| Identifiers & Delivery Data | Name, email, phone, billing & shipping address | You supply via the card‑order form, top‑up form or support emails |
| Payment & Subscription Data | Last 4 digits/expiry of funding card, payment token, subscription tier, trial dates, refunds | Received from our payment processors – we never store full PANs |
| Card Top‑Up Data | Deposit amounts, timestamps, bonus cashback value, running monthly cap status | Generated when you request a top‑up |
| Identity‑verification Data | Copy of ID or proof of address (if required by anti‑fraud/KYC rules) | You provide upon request |
| Device / Usage Data | IP address, timezone, browser/OS, referral URL, pages visited, error logs | Collected automatically via cookies and server logs |
| Marketing & Preference Data | Newsletter opt‑in, promotional‑code usage, ad‑campaign source | Your choices; analytics/marketing partners |
| Support / Feedback | Emails, call notes, satisfaction ratings | You provide during support interactions |
We do not knowingly collect data from children (< 18), biometric templates or full credit‑card numbers.
3. Why We Process Your Data
| Purpose | Typical activities | Main data used |
|---|---|---|
| Provide & operate the Service | Create & fulfil your card order; credit 10 % cashback on deposits; monitor the £100/month cap | Identifiers, Card Top‑Up, Payment |
| Process payments & subscriptions | Start free trial; bill introductory & recurring fees; handle refunds/chargebacks | Identifiers, Payment |
| Customer support | Answer emails/phone calls; investigate card issues or delivery problems | Identifiers, Support, Card Top‑Up |
| Improve & secure the website | Analytics, error logs, fraud detection | Device/Usage, Marketing |
| Marketing & offers | Send product updates, limited‑time promotions; measure ad performance | Identifiers (hashed), Device/Usage, Marketing |
| Legal & compliance | KYC/AML checks; mandatory record‑keeping; respond to lawful requests | All categories as relevant |
4. Legal Bases (EEA / UK Users)
| GDPR basis | Applies to |
|---|---|
| Contract (Art 6 (1)(b)) | Issuing & funding the Card, subscription billing, customer support |
| Legitimate interest (Art 6 (1)(f)) | Analytics, anti‑fraud, direct marketing of similar services, site security |
| Consent (Art 6 (1)(a)) | Non‑essential cookies, promotional emails/SMS |
| Legal obligation (Art 6 (1)(c)) | Tax, accounting and electronic‑money regulations |
| Vital/Public interest | Not relied upon under normal circumstances |
You may withdraw consent or object to processing based on legitimate interest at any time (Section 7).
5. Cookies & Similar Technologies
We use first‑party and third‑party cookies, pixels and local storage to:
- remember form entries,
- measure site traffic & conversions,
- personalise advertising.
Full details and opt‑out options appear in our Cookie Policy.
6. Who Else Receives Your Data
| Partner type | Examples | Purpose |
|---|---|---|
| Payment processors | PayPal, Solid | Secure subscription & top‑up payments, refunds, anti‑fraud |
| Card issuer | Park Card Services Ltd (flexecash®) | Card creation, e‑money safeguarding, regulatory reporting |
| Cloud hosting & storage | AWS, Google Cloud | Website hosting, data back‑ups |
| Analytics | Google Analytics, Amplitude, Hotjar | Understand site usage & improve UX |
| Customer engagement | Customer.io (email), Twilio (SMS) | Newsletters, transaction notifications |
| Marketing / ad networks | Google Ads, Meta Ads, Microsoft Advertising | Show relevant ads, retarget visitors |
| Professional advisors / law firms | Accountants, local counsel | Compliance, dispute resolution |
| Government or regulators | HMRC, FCA, courts | Where required by law |
We never sell your personal data for money. Some U.S. states classify targeted‑ad sharing as a “sale” – see Section 10 for opt‑out rights.
7. Your Privacy Rights
| If you live in the EEA/UK | If you live in certain U.S. states | How to exercise |
|---|---|---|
| Access, Rectify, Erase, Restrict, Portability, Object, Withdraw consent, lodge a complaint with a DPA | Access/Know, Correct, Delete, Portability, Opt‑out of Sale/Sharing/Targeted‑Ads, Limit Sensitive PI | Email help@ykards.com. We will verify your identity before acting. |
8. Age Limitation
Ykards is for individuals 18 years or older. If you believe we have data about a minor, email us and we will delete it.
9. International Data Transfers
We are a U.S. company. Your data may be stored in the United States or other countries where our processors operate.
When we transfer EEA/UK data to a country without an adequacy decision, we rely on EU Standard Contractual Clauses plus the UK addendum.
10. U.S. State Privacy Notice
Residents of California, Colorado, Connecticut, Utah, Virginia and similar jurisdictions have extra rights to:
- Opt‑out of “sale”/“sharing” for targeted ads.
- See categories collected & disclosed in the past 12 months.
- Appeal any refusal of a privacy request.
11. Data Security
- TLS 1.2+ protects data in transit.
- Sensitive records at rest are encrypted with AES‑256.
- Access to production systems is restricted to authorised staff using MFA.
- We run regular penetration tests and maintain an incident‑response plan.
12. Data Retention
| Data set | Typical retention |
|---|---|
| Subscription & billing records | 10 years (tax rules) |
| Identity‑verification docs | 5 years (electronic‑money regs) |
| Top‑up & transaction logs | 7 years |
| Marketing opt‑out list | Indefinitely (to honour request) |
| Raw analytics logs | 13 months |
After expiry we delete or anonymise the data.
13. Changes to this Policy
We may update this Policy. Material changes will be signalled by:
- a new “Last updated” date, and
- an email or on‑site banner sent to active subscribers.
Continued use after the change becomes effective equals acceptance.
14. Contact Us
Ykards – APH Services LLC
16192 Coastal Highway, Lewes, DE 19958, USA
☎ +44 330 822 0969 – this is an automated help line that provides self‑service information about trials and cancellations steps. It does not connect you to a live agent. For personalised assistance or to submit documents, please email us.
We answer verified privacy requests within 30 days (45 days for California).
By submitting the card‑order form, funding your Card or visiting our site, you acknowledge that you have read and understood this Privacy Policy.