← Back to SlabCheck

PRIVACY POLICY

SlabCheck ("we," "us," or "our") operates the SlabCheck mobile application and website at www.slabcheck.app. This policy describes what data we collect, how we use it, and your rights.

1. INFORMATION WE COLLECT

Account information

When you create an account, we collect your email address and an optional display name. We use email/password authentication through Supabase. We do not support social login (Google, Apple, etc.) at this time.

Card and collection data

When you scan or search for cards, we store card metadata (name, set, rarity, images) in a shared cache. Your personal collection (which cards you've saved, condition notes, price snapshots) is stored in your private account.

Camera access

The app requests camera permission to scan Pokemon cards. Photos are captured temporarily on your device for card identification and are not stored permanently. We do not access your photo library.

Payment information

We do not directly collect or store credit card numbers. Payments are processed by Stripe (web) and Apple/Google via RevenueCat (mobile). We store your subscription tier, status, and billing period dates — not your payment method details.

Usage data

We track daily scan counts to enforce free-tier limits. We do not sell or share your data with advertisers or use behavioral profiling.

Error and crash telemetry

We use Sentry to capture application errors and crashes so we can fix bugs. When an error or crash occurs, Sentry receives: device model, operating system version, app version, stack trace, the sequence of actions leading up to the error (breadcrumbs), and your user ID (as an identifier, not linked to other personal data in error reports). Server-side errors send request metadata (HTTP method, URL path, correlation ID) and error stack traces. We do not intentionally include email addresses, passwords, payment details, or collection data in error reports. Telemetry is used solely to diagnose and fix issues, never for marketing or user profiling.

Our website uses Vercel Web Analytics, which measures page views and aggregate visitor counts without cookies. Vercel anonymizes IP addresses and does not track individual users across sessions or sites.

Early access signups

If you submit your email on our landing page to request early access, we store it in order to notify you when the app launches. You can request deletion by contacting us.

eBay integration (optional)

If you connect your eBay account for listing cards, we store encrypted OAuth tokens to act on your behalf. These tokens are stored server-side only and are never exposed to the client app. You can disconnect your eBay account at any time.

2. HOW WE USE YOUR INFORMATION

• To provide the core service: card scanning, pricing, EV calculations, and collection tracking
• To manage your subscription and enforce tier-based feature access
• To create and manage eBay listings on your behalf (if you opt in)
• To cache card and pricing data for performance
• To communicate account-related information (password resets, subscription changes)

3. THIRD-PARTY SERVICES

We share limited data with the following services to operate SlabCheck:

Service	Purpose	Data shared
Supabase	Authentication, database	Email, account data, collection data
Ximilar	Card identification from scan photos	Photo captured during scan (not stored)
Stripe	Web subscription payments	Email, subscription tier
RevenueCat	Mobile in-app purchases	User ID, purchase events
Vercel	Hosting, serverless API, privacy-friendly web analytics	Request logs, aggregate page views (no cookies)
eBay	Card listing (opt-in)	Card details, photos, pricing
TCGdex	Card data lookup	Search queries (card names)
PokemonPriceTracker	Graded card pricing	Card name, set name
Sentry (mobile)	Crash and error telemetry	Device model, OS version, app version, stack traces, breadcrumbs, user ID
Sentry (API)	Server error telemetry	Request method, URL path, correlation ID, error stack traces

Each service has its own privacy policy. We encourage you to review them.

4. DATA STORAGE AND SECURITY

Your data is stored on servers operated by Supabase (database) and Vercel (serverless API), primarily in the United States. By using SlabCheck from outside the United States, you consent to the transfer and processing of your data in the United States, which may have different data protection laws than your jurisdiction. We apply the same security standards regardless of where data is processed.

• All data is transmitted over HTTPS (TLS encryption in transit)
• Authentication tokens are stored in your device's hardware-backed secure enclave (iOS Keychain / Android Keystore)
• eBay OAuth tokens are encrypted at rest in our database
• Database access is governed by row-level security — you can only access your own data
• API endpoints are rate-limited to prevent abuse

5. DATA RETENTION

We retain your account data for as long as your account is active. Cached card and pricing data may be retained for performance purposes. If you delete your account in the app (Settings → Delete Account), your personal data (profile, collection, listings, eBay tokens, subscription records, scan history) is deleted immediately via database cascade; the deletion is permanent and cannot be reversed. Shared card cache data (card names, set metadata) is not linked to individual users and is not affected by account deletion. We may retain limited transactional records (e.g., subscription invoices, tax records) as required by law. For data requests submitted by email, we respond within 30 days.

6. YOUR RIGHTS

You may:

• Access your data through the app (collection, settings, subscription status), or request an export by email
• Correct inaccurate account data by editing it in the app (display name, email) or by emailing us
• Delete your account and all associated personal data in the app via Settings → Delete Account; deletion is immediate and permanent
• Disconnect third-party integrations (eBay) at any time through the app
• Cancel your subscription through the app settings or your platform's subscription manager
• Object to or restrict processing of your data by emailing us
• Lodge a complaint with a data protection supervisory authority in your jurisdiction (EU/UK residents)

California residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, the right to delete your personal information (exercised through Settings → Delete Account), and the right to opt out of the sale of personal information. We do not sell personal information. You may exercise these rights without discriminatory treatment.

EU/UK residents (GDPR)

Under GDPR, you additionally have the right to data portability (receive your data in a machine-readable format), the right to withdraw consent where processing is based on consent, and the right to lodge a complaint with your supervisory authority. To exercise any of these rights, email us at hello@slabcheck.app. We respond to requests within 30 days.

To exercise any right not available in the app, email hello@slabcheck.app with your request and the email associated with your account. We may ask for verification of identity before fulfilling requests that could expose or modify personal data.

7. CHILDREN'S PRIVACY

SlabCheck is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us and we will delete it promptly.

8. COOKIES

The SlabCheck mobile app does not use cookies. Our website uses only essential cookies required for Stripe checkout sessions. We do not use advertising or tracking cookies.

9. CHANGES TO THIS POLICY

We may update this policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, through the app. Continued use of SlabCheck after changes constitutes acceptance of the updated policy.

10. CONTACT

For privacy questions or data requests:
hello@slabcheck.app