Loading...
Loading...
How we collect, use, and protect your data at CardGrade.io.
Last updated: March 23, 2026
At CardGrade.io, we take your privacy seriously. This policy explains how we collect, use, disclose, and safeguard your information when you use our services. Please read this policy carefully. If you do not agree with the terms of this privacy policy, please do not access our services.
When you create an account, we collect your name, email address, and payment information. This information is necessary to provide our services and process transactions.
When you upload card images for analysis, we process these images through CGI Vision AI. Images are stored securely and used only to provide grade predictions and improve our AI models.
We collect information about how you use CardGrade.io, including pages visited, features used, and analysis history. This helps us improve our services and provide a better experience.
We collect device information including browser type, operating system, and IP address. We also generate a device identifier using FingerprintJS, a browser fingerprinting library that creates a unique visitor ID based on your browser and device characteristics (such as installed fonts, screen resolution, and hardware configuration). This identifier is stored with your account and used solely for fraud prevention as described below. We also record your IP address at signup and on each login.
We normalize email addresses to detect duplicate accounts created through email aliasing techniques (for example, ignoring dots in Gmail addresses or suffixes in Outlook addresses). The normalized form is stored alongside your original email address.
We use your information to operate CardGrade.io, process card analyses, manage your account, and handle payments. This is essential for delivering the services you request.
Card images and analysis data may be used to train and improve CGI Vision AI. This helps us increase accuracy and add new features. You can opt out of this in your account settings.
We may send you service-related emails, including account notifications, analysis results, and important updates. You can manage your email preferences in your account settings.
We use device identifiers, IP addresses, and email analysis to detect and prevent fraud, abuse, and multi-account circumvention. Specifically, we: limit the number of accounts that can be created from a single device or IP address; block registration from known disposable or temporary email providers; normalize email addresses to prevent alias-based duplicate accounts; and maintain blocklists of device identifiers and IP addresses associated with abusive activity. Our administrators may review fraud signals and take action including account suspension or blocking future registrations from a device or IP address.
We use trusted third-party services for payment processing (Stripe), email delivery, analytics, and fraud prevention (FingerprintJS). These providers are bound by contractual obligations to protect your data.
We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of CardGrade.io, our users, or others.
In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will notify you of any such change and your choices regarding your data.
We do not sell your personal information to third parties. Your data is never shared for advertising purposes without your explicit consent.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. We employ industry-standard security measures to protect your information.
Access to user data is strictly limited to authorized personnel who need it to perform their job functions. We maintain comprehensive audit logs of all data access.
We are SOC 2 ready and follow security best practices. Regular security audits and penetration testing help ensure our systems remain secure.
We have procedures in place to detect, respond to, and recover from security incidents. In the event of a data breach, we will notify affected users promptly.
You can access and download your data at any time through your account settings. We provide your data in a portable format upon request.
You can update your account information at any time. If you believe any information we hold is inaccurate, please contact us.
You can request deletion of your account and associated data. Some data may be retained for legal or legitimate business purposes, including device identifiers and IP addresses associated with fraud prevention blocklists, which may be retained after account deletion to prevent re-registration by abusive actors.
You can opt out of AI training, marketing communications, and certain data collection through your account settings.
When you sign in to the CardGrade.io Chrome Extension, an API token is generated and stored locally in your browser using chrome.storage.local. This token is transmitted over HTTPS to authenticate requests. The token hash is stored on our servers; the plaintext token never leaves your browser.
When you use the right-click "Grade this card" feature, the extension extracts the selected image from the webpage to send for grading. Images are transmitted directly to our servers over HTTPS and handled identically to images uploaded through the main website. We do not access or collect any other images or page content.
The extension stores your account information (name, email, credit balance, subscription plan) in chrome.storage.local to display in the popup UI. This data stays on your device and is cleared when you sign out.
The extension requests access to eBay, COMC, and TCGPlayer domains solely to enable right-click card image grading. It does not read, collect, or transmit any browsing activity, page content, or personal data from these sites beyond the specific image you choose to grade.
The CardGrade mobile app requests camera access solely to photograph trading cards for AI grading analysis. The app does not record audio or video — it captures still photos only. Camera data is used only for card grading and is not stored beyond the grading session unless you explicitly save the result to your account.
The app may request access to your photo library so you can upload existing card images for grading. We only access images you explicitly select and do not scan or access other photos in your library.
With your permission, we may send push notifications about grading results, account updates, and service announcements. You can disable notifications at any time in your device settings.
The mobile app collects only: (1) account information (name, email) for authentication; (2) card images you explicitly photograph or select for grading; (3) usage data such as features used and grading history; and (4) device identifiers for fraud prevention. This data is handled identically to data collected through our website as described in this policy.
CardGrade does not access, collect, store, or process any health data, fitness data, biometric data, medical data, or wellness data of any kind. The app has no health-related features and does not request any health-related permissions. No health information is shared with any third party.
The CardGrade mobile app does not access or collect: contacts or address books; call logs or phone numbers; SMS or text messages; precise or approximate location data; microphone audio or voice recordings; calendar data; files or documents outside of photos you explicitly select; or any sensor data (accelerometer, gyroscope, etc.).
We use essential cookies to operate our service, including session management and security features. These cannot be disabled.
We use analytics cookies to understand how users interact with our service. You can opt out of analytics tracking in your browser or account settings.
We use cookies to remember your preferences, such as theme settings and language selection, to provide a personalized experience.