← Back to SlabCheck

PRIVACY POLICY

SlabCheck ("we," "us," or "our") operates the SlabCheck mobile application and website at slabcheck.vercel.app. This policy describes what data we collect, how we use it, and your rights.

1. INFORMATION WE COLLECT

Account information

When you create an account, we collect your email address and an optional display name. We use email/password authentication through Supabase. We do not support social login (Google, Apple, etc.) at this time.

Card and collection data

When you scan or search for cards, we store card metadata (name, set, rarity, images) in a shared cache. Your personal collection (which cards you've saved, condition notes, price snapshots) is stored in your private account.

Camera access

The app requests camera permission to scan Pokemon cards. Photos are captured temporarily on your device for card identification and are not stored permanently. We do not access your photo library.

Payment information

We do not directly collect or store credit card numbers. Payments are processed by Stripe (web) and Apple/Google via RevenueCat (mobile). We store your subscription tier, status, and billing period dates — not your payment method details.

Usage data

We track daily scan counts to enforce free-tier limits. We do not use analytics SDKs, tracking pixels, or behavioral profiling. We do not sell or share your data with advertisers.

eBay integration (optional)

If you connect your eBay account for listing cards, we store encrypted OAuth tokens to act on your behalf. These tokens are stored server-side only and are never exposed to the client app. You can disconnect your eBay account at any time.

2. HOW WE USE YOUR INFORMATION

• To provide the core service: card scanning, pricing, EV calculations, and collection tracking
• To manage your subscription and enforce tier-based feature access
• To create and manage eBay listings on your behalf (if you opt in)
• To cache card and pricing data for performance
• To communicate account-related information (password resets, subscription changes)

3. THIRD-PARTY SERVICES

We share limited data with the following services to operate SlabCheck:

Service	Purpose	Data shared
Supabase	Authentication, database	Email, account data, collection data
Stripe	Web subscription payments	Email, subscription tier
RevenueCat	Mobile in-app purchases	User ID, purchase events
Vercel	Hosting and serverless API	Request logs (IP, user agent)
eBay	Card listing (opt-in)	Card details, photos, pricing
TCGdex	Card data lookup	Search queries (card names)
PokemonPriceTracker	Graded card pricing	Card name, set name

Each service has its own privacy policy. We encourage you to review them.

4. DATA STORAGE AND SECURITY

• All data is transmitted over HTTPS (TLS encryption in transit)
• Authentication tokens are stored in your device's hardware-backed secure enclave (iOS Keychain / Android Keystore)
• eBay OAuth tokens are encrypted at rest in our database
• Database access is governed by row-level security — you can only access your own data
• API endpoints are rate-limited to prevent abuse

5. DATA RETENTION

We retain your account data for as long as your account is active. Cached card and pricing data may be retained for performance purposes. If you delete your account, your personal data (profile, collection, listings, subscription, scan history) is permanently deleted. Shared card cache data is not affected by account deletion.

6. YOUR RIGHTS

You may:

• Access your data through the app (collection, settings, subscription status)
• Delete your account and all associated personal data by contacting us
• Disconnect third-party integrations (eBay) at any time
• Cancel your subscription through the app settings or your platform's subscription manager

If you are a California resident, you have additional rights under the CCPA. Contact us to exercise them.

7. CHILDREN'S PRIVACY

SlabCheck is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us and we will delete it promptly.

8. COOKIES

The SlabCheck mobile app does not use cookies. Our website uses only essential cookies required for Stripe checkout sessions. We do not use advertising or tracking cookies.

9. CHANGES TO THIS POLICY

We may update this policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, through the app. Continued use of SlabCheck after changes constitutes acceptance of the updated policy.

10. CONTACT

For privacy questions or data requests:
support@slabcheck.app