Skip to content

Privacy Policy

Last updated: March 2026

Cardio is a free, real-time scrum poker tool designed to collect as little data as possible. This policy explains what is processed when you use the site and how cookies work.

Who runs this site?

Cardio is operated by an individual developer. For any privacy-related questions, contact: [email protected] .

What information is processed?

When you join a room:

  • You choose a display name. It is visible to other participants in the same room.
  • A temporary session ID is created while you are connected. It exists only to manage the live connection.
  • Room data exists only in server memory. When the last participant leaves, all room data is permanently deleted.

Cardio does not create user accounts and does not store room history. Avoid using personal information in your display name if you don't want to be identified.

Like most websites, limited technical information is also processed automatically when you connect — such as your IP address, browser type, and basic request details. This is necessary to deliver the service and maintain security. This processing is carried out on the basis of legitimate interests in operating and securing the service.

Cookies and browser storage

Cardio uses two items to make the site work:

  • cardio_dark — dark mode preference (stored in localStorage)
  • cardio_displayName — your display name, stored for convenience (stored in sessionStorage, cleared when the browser tab is closed)

Neither of these are used for cross-site tracking.

Third-party services

Cloudflare acts as the domain registrar and DNS provider for this site and also provides security services. As traffic passes through Cloudflare's network before reaching the server, Cloudflare operates as a data processor on behalf of Cardio and may process your IP address and basic request data in doing so. Their handling of this data is governed by Cloudflare's privacy policy.

Your rights (UK & EU)

If you are in the UK or EU, you have rights under data protection law — including the right to access, correct, or delete your personal data, and to object to certain processing. Because Cardio does not store persistent personal data or user accounts, it may not be possible to identify you individually in response to such a request.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.

Contact

Email: [email protected] .

An unhandled error has occurred. Reload 🗙

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please reload the page.