Privacy Policy
Last updated: July 8, 2026
1. Overview
This policy explains what Card Wallet ("we," "us") collects, how we use it, and the choices you have. The short version: we collect what the product needs to work - your card photos, your collection data, and an email if you claim your vault - and we don't sell any of it.
2. What we collect
Account data. Guest vaults use a random identifier stored in a cookie. If you claim your vault or sign in, we store your email address.
Collection data. The card photos you upload (fronts and backs), the cards you confirm, condition and grading details, serial numbers, purchase prices, and notes you add. You should only upload your own photographs of cards you own - see the Terms of Service for the content rules you agree to.
Payment data. Payments are processed by Stripe. We receive subscription status and transaction references - never your full card number.
Technical data. Standard server logs (IP address, browser type, timestamps) for security and debugging, session cookies to keep you signed in, and - for free-plan scan limits - a one-way hashed form of your IP address that is automatically deleted within days. We do not run third-party advertising or cross-site tracking.
3. How we use it
To operate the Service: storing and displaying your collection, identifying cards you scan, computing estimated values, processing payments and entitlements, preventing abuse, providing support, and improving reliability. We do not sell your personal information, and we do not use your photos to train our own models.
4. Who processes your data
We use a small set of service providers to run Card Wallet, each receiving only what its role requires: Supabase (database, authentication, and photo storage), Vercel (hosting), Stripe (payments), Google (Gemini machine-vision - receives scan photos solely to detect and identify cards), OCR.space (text extraction from scan photos), and our market-data provider (receives card identifiers - never your photos or personal details - to fetch comparable sales). We may also disclose information when required by law or to protect the Service and its users.
5. Retention and deletion
Your collection data and photos are kept while your account is active. Deleting a card from your collection deletes its photos. Unclaimed guest vaults may be deleted after extended inactivity. You can request full deletion of your account and data at any time by emailing support@getcardwallet.com from your account email; we will delete your data within 30 days, except records we must keep for legal or accounting reasons.
6. Your rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. Contact us at the address above and we will honor applicable rights. We do not discriminate against you for exercising them.
7. Security
Data is encrypted in transit; database access is isolated per user with row-level security; photos are stored in private buckets accessible only to their owner. No system is perfectly secure - if we learn of a breach affecting your data, we will notify you as required by law.
8. Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.
9. Changes and contact
We may update this policy; material changes will be posted here with a new "Last updated" date. Questions or requests: support@getcardwallet.com. See also our Terms of Service.