Privacy Policy

Effective April 9, 2026

CardSeer is a Pokemon trading card price aggregator and portfolio tracker. This policy explains what information we collect, how we use it, and the choices you have. We keep it short and in plain English because that's easier for everyone.

What we collect

Account information

When you sign in, we receive your email address. If you sign in with Google, we also receive your name and profile picture from your Google account. We do not receive or store your Google password. You can use a magic link sent to your email instead of Google if you prefer.

Collection data

If you add cards to your Vault, we store the card identifiers, quantities, conditions, grades, purchase prices, storage location labels, and any notes you write. This information belongs to you and is visible only to you.

Scan images

When you scan cards, we receive the image you upload, process it to identify the cards, and store it in secure cloud storage so you can review scan results and import them into your Vault. Scan images are associated with your account and used to improve scan accuracy over time.

Payment information

Payments are processed by Stripe. CardSeer never sees your card number, CVV, or billing address — Stripe handles that end-to-end. We receive a Stripe customer ID and the status of your subscription or scan-pack purchase so we can credit your account correctly.

Usage analytics

We log anonymized sessions, page views, and product events so we can understand which features are used and fix bugs. This includes a pseudonymous visitor ID, the pages you visit, your device type and browser, approximate country (from your IP), language, and timezone. If you're signed in, these events are also associated with your user ID.

How we use your information

  • To sign you in and keep you signed in securely.
  • To identify cards in your scan images and show you matching prices.
  • To store and display your Vault, wishlist, and set goals.
  • To process payments and credit your account.
  • To send you the email you requested (magic link, support reply).
  • To improve scan accuracy, fix bugs, and understand usage patterns.

We do not sell your personal information, show third-party advertising, or share your Vault contents with other users.

Third-party services

To run CardSeer we rely on a small set of trusted providers. Each one only receives the data necessary for its role.

CategoryWhat we share
Payment processorStripe handles all payments. Stripe collects your card details directly; we never see your card number.
Authentication providerYour email address and session state for sign-in. If you sign in with Google, your Google profile.
Cloud infrastructureScan images and session data are processed by a small set of trusted cloud providers for storage, network delivery, and card identification. Each provider only receives the data necessary for its role.
Transactional emailMagic-link sign-in emails and support replies are delivered through a third-party email provider.

Cookies and local storage

We use HTTP-only session cookies set by our authentication provider to keep you signed in. These are required for the login system to work. We also set a pseudonymous visitor ID in your browser to link page views within a single session. We do not use third-party advertising or tracking cookies.

Your choices and rights

  • Access and export: You can export your Vault contents as a CSV from the Vault page.
  • Correction: You can edit or remove any Vault entry yourself at any time.
  • Deletion: Email [email protected] from the address on your account and we will delete your account, Vault data, and scan images. We may retain a minimal record of past Stripe transactions as required by tax and accounting law.
  • Sign out: You can sign out from any page using the navigation bar.

Data retention

We keep account and Vault data while your account is active. Scan images are retained so you can revisit past scans. Analytics events are kept for up to 12 months and then aggregated or deleted. If you request account deletion we remove your personal data within 30 days of the request.

Security

All traffic to and from CardSeer uses HTTPS. Passwords are never stored — sign-in uses either a one-time magic link or Google OAuth. Session tokens live in HTTP-only cookies. Our third-party providers (including Stripe and the cloud infrastructure vendors referenced above) are themselves subject to industry-standard security certifications. No system is perfect; if you believe your account has been compromised, contact us right away.

Children

CardSeer is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

International users

CardSeer is operated from the United States and our servers and cloud infrastructure are located in the United States and in globally distributed networks operated by our providers. By using CardSeer you consent to the transfer of your information to these locations.

Changes to this policy

We may update this policy as CardSeer evolves. When we do, we'll update the effective date at the top of this page. Material changes will be announced in-app or by email.

Contact

Questions about this policy, or requests for data access or deletion, can be sent to [email protected] or through our support form. We reply within a few business days.