| card_id | string, UUID, 🔒 system | ✅ Yes | unique; generated via gen_random_uuid() on insert | — | Public stable identifier for the card. Use this UUID in all API references; never expose the internal pk. |
| last_four_digits | string | ✅ Yes | length = 4; CHECK last_four_digits ~ ’^[0-9]{4}$‘ | Exactly 4 numeric digits | The last four digits of the card number. Required for all cards; used for display and matching against payment-means records. |
| anonymized_pan | string | ⚪ No | max length 30; nullable | — | Partially masked PAN string, e.g. ‘4539xXXXXXXXXXX4291’. Populated by connectors that provide it; absent when only the last four digits are known. |
| brand | enum (CardBrandEnum) | ⚪ No | nullable; native PostgreSQL enum ‘card_brand_enum’ | visa, mastercard, amex, discover, diners, jcb, unionpay | Card network / brand. Sourced from the connector’s card metadata. Null when the brand cannot be determined. |
| type | enum (CardTypeEnum) | ⚪ No | nullable; native PostgreSQL enum ‘card_type_enum’ | credit, debit, prepaid, corporate, virtual | Functional category of the card. Corporate and virtual cards commonly surface from expense-management connectors. |
| expiration_date | date | ⚪ No | nullable; stored as PostgreSQL DATE | — | The date after which the card is no longer valid. Typically the last day of the expiry month. |
| start_date | date | ⚪ No | nullable; stored as PostgreSQL DATE | — | The date from which the card becomes valid. Common on UK-issued cards that carry an explicit start date on the face. |
| issue_date | date | ⚪ No | nullable; stored as PostgreSQL DATE | — | The date the card was issued by the issuing institution. Distinct from start_date — a card may be issued before it becomes valid. |
| cardholder_name | string | ⚪ No | max length 100; nullable | — | The name embossed or printed on the card. May differ from the linked People.full_name when the card was issued in a trade name or role name. |
| created_at | datetime, 🔒 system | ✅ Yes | set once via onCreate lifecycle hook; never updated | — | Timestamp when the card record was created in the Well database. Auto-populated; not accepted from the API client. |
| updated_at | datetime, 🔒 system | ⚪ No | set via onCreate and onUpdate lifecycle hooks; nullable in schema | — | Timestamp of the last modification to this record. Auto-managed by MikroORM lifecycle hooks. |
| deleted_at | datetime | ⚪ No | nullable; soft-delete sentinel; all active-record queries filter deleted_at IS NULL | null (active) or a past ISO timestamp (soft-deleted) | Soft-delete timestamp. When set, the card is logically deleted. Indexes on (company_pk, deleted_at) and (workspace_pk, deleted_at) are defined to avoid scanning deleted tuples in Hasura traversal paths. |