CardZen
Sign Up

Privacy Policy

Last Updated: March 2, 2026

Introduction

CardZen ("we," "our," or "us") operates the CardZen web application at cardzen.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using CardZen, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the service.

1. Information We Collect

Account Information

  • Name, email address, and password when you create an account
  • Optional profile details: zip code, phone number, company name
  • Collection preferences (focus, size range)

Card Collection Data

  • Card images you upload for AI-powered identification
  • Card details (player name, year, set, card number, grade, etc.)
  • Inventory, personal collection, and grading submission records
  • Purchase and sale transaction history
  • Cost basis and pricing information

Third-Party Account Data

  • eBay account information when you connect your eBay account (see our eBay Integration Privacy Policy for details)
  • Payment information processed through Stripe (we do not store your credit card numbers)

Automatically Collected Information

  • Device information (browser type, operating system)
  • Usage data (pages visited, features used, session duration)
  • IP address and approximate location
  • Error and performance data

2. How We Use Your Information

  • Provide the service: Process card images using AI, manage your inventory, track costs and sales
  • AI processing: Card images are sent to Google Gemini and/or OpenAI for optical character recognition (OCR) to identify card details. These providers process images according to their respective privacy policies and do not retain your images for training.
  • eBay integration: Import purchases, create listings, and track sales on your behalf
  • Billing: Process subscription payments through Stripe
  • Analytics: Understand how users interact with CardZen to improve the product
  • Error tracking: Identify and fix bugs and performance issues
  • Communication: Send account-related emails (password resets, subscription confirmations)

3. Third-Party Services

We share data with the following third-party services, each for a specific purpose:

ServicePurposeData Shared
SupabaseDatabase & authenticationAccount data, card data, all application data
VercelHosting & CDNRequest logs, IP addresses
Google Gemini / OpenAIAI card identification (OCR)Card images for processing
StripePayment processingEmail, subscription plan, payment method
eBayMarketplace integrationListings, orders, account info (when connected)
PostHogProduct analyticsAnonymized usage events, device info
SentryError trackingError details, stack traces (no personal data)

We do not sell, rent, or trade your personal information to any third party.

4. Cookies & Tracking

CardZen uses the following types of cookies and tracking technologies:

  • Essential cookies: Required for authentication and session management. Cannot be disabled.
  • Analytics cookies (PostHog): Help us understand how you use CardZen. These collect anonymized usage data.
  • Error tracking (Sentry): Captures error information to help us fix bugs.

5. Data Retention

  • Active accounts: We retain your data for as long as your account is active.
  • Account deletion: When you delete your account, we remove your personal data within 30 days, except where we are required by law to retain it.
  • eBay disconnection: When you disconnect your eBay account, we delete your eBay-specific data within 30 days.
  • AI processing: Card images sent to AI providers are processed in real-time and are not stored by these providers beyond the processing request.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we correct inaccurate data
  • Deletion: Request that we delete your personal data
  • Portability: Request your data in a machine-readable format (CSV export)
  • Objection: Object to certain types of data processing

To exercise any of these rights, contact us at privacy@cardzen.io.

7. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of your personal information
  • The right to non-discrimination for exercising your CCPA rights

We do not sell your personal information. To exercise your rights, contact privacy@cardzen.io.

8. Children's Privacy

CardZen is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately and we will delete it.

9. Data Security

We implement appropriate technical and organizational security measures to protect your data, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Encrypted storage of authentication tokens
  • OWASP-compliant security headers
  • Rate limiting on API endpoints
  • Regular security reviews

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the app or sending an email. The "Last Updated" date at the top reflects the most recent revision.

11. Contact Us

If you have questions about this Privacy Policy, contact us at: