Privacy policy.

Last updated: 18 May 2026 · Plain English. Read it in two minutes.

The short version

The contact info you put into a live sharing session is never saved. It lives in encrypted memory only and is destroyed when the session ends. You don't need an account to share — the live tool stays fully anonymous.

If you choose to create a free account, the Mango Cards you save are stored — in our database, with every personal field encrypted at rest. That's the one place we keep contact data, and only because you opted in. The "Account data & Mango Cards" section below explains exactly what's kept.

The site itself — the pages you visit, the buttons you click — uses standard third-party services for analytics, security, and advertising. Those are described in detail below so you know exactly what's happening.

What we process — and for how long

Contact info you type into a session

When you (or someone you're sharing with) enters details — first name, last name, phone, email, note — that information is encrypted with industry-standard authenticated encryption using a key derived from your one-time code. It is held only in our server's working memory for the duration of the session you chose: 15, 30, or 60 minutes. The moment the session ends — by timer, by you clicking End session, by inactivity, or by failed unlock attempts — it is permanently deleted. Nothing is written to disk. There is no database of your live-session contacts, no backup, no log of session contents.

Account data & Mango Cards

mangocontact has an optional free account, hosted at app.mangocontact.com. Creating one is never required to use the live sharing tool. If you do sign up:

• Sign-in details — your email and password (or social login) are handled by our authentication provider, Clerk, under their own security model and privacy policy. We don't store your password.
• Mango Cards — reusable contact profiles you choose to save. Every personal field (name, phone, email, company, job title, website, address, birthdate, notes) is encrypted with AES-256-GCM before it is written to our database. Only non-identifying values — the card's label and its share code — are stored in plain text.
• Activity log — a record of your own live shares (date and which card; on paid plans also the duration and fields shared), shown in your dashboard.

This data is kept for as long as your account exists. You can edit or delete any Mango Card from your dashboard at any time, which removes its encrypted row; deleting your account removes all of it. A live session started from a Mango Card still follows the zero-retention rules above — the card is only a template, and the session never writes back to the database.

Your IP address

Your IP is briefly visible to our servers when you make a request (the way it has to be for the internet to work) and to the third-party services described below. We use it for:

• Rate limiting — counting how many wrong codes a single IP has tried recently, so attackers can't brute-force codes. Counters live in memory only and reset on a short rolling window.
• Abuse prevention — blocking IPs that show automated abuse patterns.

Site analytics (Google Analytics)

We use Google Analytics (GA4) to understand how people find and use the site — page views, browsers, country-level location, time-on-page. Google sets cookies on your device for this purpose. The data is aggregated and cannot identify you personally, but Google itself may use it under their own terms.

• If you don't want to be tracked, you can opt out site-wide by installing the Google Analytics Opt-Out browser add-on, or by enabling "Do Not Track" in your browser (where supported), or by blocking analytics cookies in your browser settings.
• Google's privacy policy: policies.google.com/privacy

Advertising (Google AdSense / similar networks)

We display ads on the site to keep it free. Ads are served by Google AdSense (and may be served by similar partner ad networks). To do that, ad partners may set cookies and read browser characteristics in order to:

• Show you relevant ads based on your past activity on this site and elsewhere
• Measure ad performance
• Prevent the same ad from being shown repeatedly

You can manage personalised advertising at:

• Google Ads Settings
• YourAdChoices.com (US)
• YourOnlineChoices.eu (EU)

Ads never have access to the contact info you share inside a session — that data is on a separate, isolated path and is not visible to ad scripts.

Performance & security (Cloudflare)

We sit behind Cloudflare for speed, security, and protection against attacks. Your requests pass through Cloudflare's network, which is able to see your IP address, request paths, and basic browser data so it can route, cache, and block hostile traffic. Cloudflare may set a small cookie (e.g. __cf_bm) for bot management. See Cloudflare's privacy policy.

Cookies & similar technologies

The cookies and storage that may be set on your device, by category:

• Strictly necessary — a short-lived browser-side storage entry holding your session token while a sharing session is active. Stays on your device, never sent to anyone but our server, gone when you close the tab.
• Security — Cloudflare bot-management cookies (e.g. __cf_bm).
• Analytics — Google Analytics cookies (e.g. _ga, _ga_*).
• Advertising — Google AdSense / partner cookies for ad personalisation and measurement.

You can clear or block any of these from your browser settings at any time. Blocking analytics or ad cookies will not break the sharing functionality.

What we don't do

• No account required to use the live sharing tool — it stays fully anonymous
• No selling, licensing, or sharing of your contact info — not what's in a live session, not what's on a Mango Card
• No AI training on the contents of your sessions or your Mango Cards
• No storing of Mango Card personal fields in plain text — they are encrypted at rest
• No fingerprinting beyond what the third parties listed above perform

Your rights

For the contact data you share inside a live session: there's nothing for us to access, delete, correct, or hand over — it never persists.

For account data (your Mango Cards and sign-in details): you can view, edit, or delete your Mango Cards from your dashboard at any time, and you can delete your account to remove all of it. For sign-in data held by Clerk, use their account controls or email us. For the analytics and ad data collected by our third-party providers, you have the rights granted to you by laws like GDPR (EU/UK) and CCPA/CPRA (California). You can:

• Opt out of personalised ads using the links above
• Opt out of analytics via your browser, an extension, or "Do Not Track"
• Request that our third-party providers delete data they hold about you, via their own privacy controls
• Email us with any other concerns and we'll do our best to help

Children

mangocontact is not directed at children under 13 (or under 16 in jurisdictions where that is the higher threshold). We don't knowingly collect data from children. If you believe a child has used the service, contact us and we'll act accordingly.

International transfers

Our infrastructure provider, Cloudflare, Google Analytics, and our ad partners may transfer data internationally, including to the United States, under their standard contractual safeguards. By using the service you accept these transfers as described in their respective policies.

Changes to this policy

If we change anything material — new analytics, new ad networks, new logging, anything that affects what's done with your data — we'll update the date at the top of this page. Significant changes will be flagged on the homepage for a period before taking effect.

Contact

Questions, concerns, or a privacy request? Email us at info@mangocontact.com.

← Back home