Card VaultAI← Home

Privacy Policy

Last updated: May 10, 2026

AI Card Vault (“we”, “our”, the “Service”) helps trading-card collectors and dealers identify, price, and list their cards on online marketplaces. This Privacy Policy describes what information we collect, how we use it, and the limited circumstances under which we share it.

Information we collect

  • Account information — the name, email address, and password (stored hashed) you provide when you sign up.
  • Card data you provide — photographs, scans, descriptions, prices, grades, certification numbers, and inventory location notes for the cards you import into your collection.
  • Marketplace OAuth tokens — if you connect a marketplace account (such as eBay), we store the OAuth access and refresh tokens issued by that marketplace so we can list and manage your inventory on your behalf. We never see or store your marketplace password.
  • Operational data — basic logs of actions taken in the Service (e.g. “identify request submitted”, “listing published”) used for troubleshooting and billing.

How we use your information

  • To run the Service: identify cards, look up prices, build listings, print labels, and sync inventory with the marketplaces you choose.
  • To bill you for usage of metered AI features (identify calls, grading runs).
  • To respond to your support requests.
  • To comply with legal obligations and to protect against abuse of the Service.

Who we share information with

We share the minimum necessary data with the third parties that power the Service:

  • Marketplaces you connect (eBay, and in future releases TCGPlayer, Whatnot, CollX, Shopify) — we send your listing data, images, and policy selections to publish on your behalf.
  • Card-data providers — PriceCharting and similar pricing/catalog services receive card photographs or set metadata for identification and price lookup.
  • AI providers (Anthropic, Google, OpenRouter) — receive card photographs and prompts when you run an identification or grading task.
  • Infrastructure providers — our database, object storage, and hosting providers, used only to operate the Service.

We do not sell your personal information.

Your choices

  • You may disconnect any connected marketplace from the Service at any time, which revokes the OAuth tokens we hold for it.
  • You may delete cards, images, and listings from your collection at any time. Deleted data is removed from active storage and purged from backups within 30 days.
  • To request a full export or deletion of your account, email [email protected].

Data retention

We retain account and card data for as long as your account is open. Operational logs are retained for up to 12 months for troubleshooting and abuse-prevention purposes.

Security

We use HTTPS for all traffic, store passwords as bcrypt hashes, encrypt marketplace OAuth tokens at rest, and limit internal access to authorized personnel. No system can be guaranteed perfectly secure; please use a strong, unique password for your account.

Children

The Service is not intended for use by children under 13, and we do not knowingly collect personal information from them.

Changes to this Policy

We will update this page when our practices change. Material changes will be announced by email or in-app notice.

Contact

Questions about this Policy: email [email protected].