CardPing Ltd is incorporated in England and Wales and processes personal data in compliance with UK GDPR and EU GDPR. Last updated: 1 March 2026.
When you use CardPing, we act as a Data Processor on your behalf — processing data per your instructions as the Data Controller. We also act as Data Controller for account and billing data collected directly from you.
A DPA is available for all customers. For Growth and Enterprise, it is automatically incorporated into our Terms of Service. Contact legal@cardping.io to request a signed copy or negotiate custom terms.
Key sub-processors include: AWS (infrastructure — EU regions available), Stripe (payments), Postmark (email), and Cloudflare (CDN/edge). A full sub-processor list is available on request.
EU/EEA customer data can be processed exclusively within EU infrastructure on request. Transfers to the UK are covered under the UK Adequacy Decision. Transfers to the US (Stripe, Cloudflare) are covered by Standard Contractual Clauses (SCCs).
GDPR grants EU/EEA data subjects rights to: access, correct, erase, restrict processing, port, and object to data use. Email privacy@cardping.io — we respond within 30 days.
dpo@cardping.io · CardPing Ltd, 1 Canada Square, London E14 5AB, UK.