Privacy Policy
Last updated: July 5, 2026
This Privacy Policy explains how Personal Card Collection ("we," "us," the "Service") collects, uses, and protects your information when you use our website and app. By using the Service, you agree to this policy.
Information we collect
- Account information. When you create an account we collect your name, email address, and phone number. If you sign in with Google, we receive your name and email from Google. Passwords for email sign-ups are handled and encrypted by our authentication provider; we never see or store your raw password.
- Your collection content. The card details, photos, collections, tags, notes, storage locations, wishlist entries, and prices (purchase, value, sold) that you add to your account.
- Payment information. If you subscribe to a paid plan, payments are processed by Stripe. We do not receive or store your full card number; we store only a customer identifier and your current plan.
- Usage information. Basic, privacy-friendly analytics about page visits, and internal counts such as how many AI scans you have used, to enforce plan limits and improve the Service.
How we use your information
- To provide and operate the Service — storing your collection, signing you in, and syncing across devices.
- To process subscriptions and enforce plan limits.
- To provide features you choose to use, such as AI card identification, price lookups, eBay listing, and public collection sharing.
- To communicate with you about your account or support requests.
- To maintain security and prevent abuse.
We do not sell your personal information, and we do not show third-party advertising.
Third-party services
We rely on trusted providers to run the Service. Depending on the features you use, your information may be processed by:
- Supabase — hosts our database, user authentication, and private photo storage.
- Vercel — hosts the website and provides cookieless, aggregate visit analytics.
- Stripe — processes subscription payments.
- Google (Gemini API) — powers AI card identification. When you use "Identify with AI," the card photos you submit are sent to Google's Gemini API to read the card and suggest details. See below.
- eBay — only if you use the pricing or listing features. Card search terms and, if you list a card, its details and photos are sent to eBay. Connecting your eBay account uses eBay's own sign-in; we never see your eBay password, only a revocable permission token.
AI card identification
AI identification is optional. If you use it, the front and back photos of the specific card you are identifying are transmitted to Google's Gemini API to generate suggested card details. We send only the images you choose to scan, and only when you tap Identify. We do not use your photos to train our own models.
Public sharing
If you create a share link for a collection, anyone with that link can view a read-only version of that collection. Shared views deliberately exclude financial details (values, purchase and sold prices), notes, certificate numbers, and storage locations. You can turn a share link off at any time.
Cookies and local storage
We use your browser's local storage to keep you signed in. Our visit analytics are cookieless. We do not use advertising or cross-site tracking cookies.
Data security
Data is transmitted over encrypted connections (HTTPS). Your collection is protected by per-user access rules so that each account can only reach its own data. Photos are stored in a private bucket and served through temporary, signed links. Any stored eBay permission tokens are encrypted. No system is perfectly secure, but we take reasonable measures to protect your information.
Data retention and your choices
- Access and update. You can view and edit your profile and your cards at any time in the app, and export your entire collection to a CSV file.
- Deletion. You can delete individual cards yourself. To delete your entire account and associated data, contact us at the email below and we will remove it.
- Retention. We keep your information for as long as your account is active or as needed to provide the Service, and delete it on request (subject to any records we must keep for legal or payment reasons).
Your rights
Depending on where you live (for example, under the GDPR or CCPA), you may have rights to access, correct, delete, or export your personal information, and to object to certain processing. To exercise any of these rights, contact us at the email below.
Children's privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.
Changes to this policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date above. Significant changes may be communicated in the app or by email.
Contact us
Questions about this policy or your data? Email personalcardcollection@proton.me.
This Service is operated from the United States. This Privacy Policy is governed by the laws of the State of Utah, USA.