Privacy Policy

BadgeFinder (“BadgeFinder”, “we”, “us”) is a conference-badge scanner with AI lead enrichment, operated by Infinite Improbability Invest AS, a company registered in Norway (org. no. 933 337 502) at Toftes gate 39 A, 0552 Oslo, Norway.

This Privacy Policy explains how we handle personal data when you use the BadgeFinder website and application (the “Service”). For any privacy question, or to exercise your rights, email joachimbm96@gmail.com.

The Service involves two very different groups of personal data: data about our account holders, and data about the people whose badges our account holders scan and enrich. Our role differs for each — see Our role.

• Account data — your name, email address, authentication credentials (managed by our auth provider), and the workspaces and seats you belong to.
• Billing data — handled by our payment provider, Paddle. We receive limited transaction metadata (plan, status, credit balance). We never see or store your full card details.
• Captured lead data — when you scan a badge, we process the badge photo and the text we extract from it, typically a name, job title and company.
• Enriched lead data — to help you follow up, our AI agent and third-party data providers look up business-contact details for the captured person, such as a work email, LinkedIn profile, company information and, if you choose to reveal it, a phone number.
• Technical & usage data — log data, device and browser information, IP address, and how you interact with the Service, used for security, debugging and product analytics.

We use personal data to:

• Provide the Service — run OCR and enrichment, store and organize your leads, and sync them to your CRM if you connect one.
• Authenticate you and manage accounts, workspaces, seats, billing and credits.
• Send service communications such as receipts, security notices and important changes.
• Keep the Service secure and prevent abuse.
• Maintain, improve and develop the Service.
• Comply with our legal obligations.

Where the GDPR applies, we rely on the following legal bases:

• Performance of a contract (Art. 6(1)(b)) — to provide the Service to account holders.
• Legitimate interests (Art. 6(1)(f)) — to secure the Service, run analytics, and process limited business-contact data for B2B networking and sales prospecting. You can object at any time.
• Consent (Art. 6(1)(a)) — where we ask for it, e.g. certain optional communications.
• Legal obligation (Art. 6(1)(c)) — for accounting, tax and similar requirements.

For people whose badges are scanned, processing of limited professional-contact data rests on the legitimate interests of our customers and us in business networking. We do not knowingly process special-category data.

• For account and billing data, we are the data controller.
• For lead data you capture and enrich, the account holder who scanned the badge is the controller — they decide to collect it and how to use it — and BadgeFinder acts as a processor on their behalf, under the data-processing terms in our Terms of Service.
• To the extent we independently decide how badge data is enriched and which sources are queried, we act as a controller for that sourcing activity.

In every case, the contact address below reaches a person who can action a request or route it to the responsible controller.

We do not sell personal data. We share it with service providers who help us run BadgeFinder:

• Supabase — database, authentication and file storage hosting.
• Lovable Cloud — application hosting and our AI gateway.
• Paddle — payments and Merchant of Record for purchases.
• Enrichment & AI providers — to read badge text and find business-contact details (which may include providers such as Firecrawl, Apollo, Hunter and FullEnrich, alongside public registries).
• HubSpot — only if you connect a CRM, to push the leads you choose to sync.

We may also disclose data where required to comply with law or protect our rights, and to a successor as part of a merger, acquisition or asset sale.

Some of our providers are located outside the EEA, including in the United States. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

• Account data — kept while your account is active, then deleted or anonymized within a reasonable period.
• Lead data — kept while it remains in your workspace. You can delete individual leads or export them at any time. When an account is closed, we delete or anonymize workspace data within a reasonable period, subject to legal retention needs.
• Billing records — retained as required by accounting and tax law.

If you are in the EEA, Norway or the UK, you have rights to access, rectify, erase, restrict and port your personal data, to object to processing, and to withdraw consent. To exercise any of these, email joachimbm96@gmail.com.

If your badge was scanned and you would like to access or delete the data we hold about you, or object to its processing, email the same address. Where the data sits in a customer’s workspace, we will action your request and route it to that customer as the controller.

You also have the right to lodge a complaint with a supervisory authority — in Norway, the Norwegian Data Protection Authority (Datatilsynet).

We use technical and organizational measures to protect personal data, including encryption in transit, access controls, and row-level security that isolates each workspace’s data. No method of transmission or storage is completely secure, but we work to protect your data and will notify you of a breach where the law requires it.

BadgeFinder is a business tool that is not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

We may update this Privacy Policy from time to time. Material changes will be posted here with a new “last updated” date.

Questions or requests: Infinite Improbability Invest AS, Toftes gate 39 A, 0552 Oslo, Norway — joachimbm96@gmail.com.