Loading...
Loading...
How we collect, use, and protect your data at CardGrade.io.
Last updated: June 22, 2026
At CardGrade.io, we take your privacy seriously. This policy explains how we collect, use, disclose, and safeguard your information when you use our services. Please read this policy carefully. If you do not agree with the terms of this privacy policy, please do not access our services.
When you create an account, we collect your name, email address, and payment information. This information is necessary to provide our services and process transactions.
When you upload card images for analysis, we process these images through CGI Vision AI. Images are stored securely and used only to provide grade predictions and improve our AI models.
We collect information about how you use CardGrade.io, including pages visited, features used, and analysis history. This helps us improve our services and provide a better experience.
We collect device information including browser type, operating system, and IP address. We also generate a device identifier using FingerprintJS, a browser fingerprinting library that creates a unique visitor ID based on your browser and device characteristics (such as installed fonts, screen resolution, and hardware configuration). This identifier is stored with your account and used solely for fraud prevention as described below. We also record your IP address at signup and on each login.
We normalize email addresses to detect duplicate accounts created through email aliasing techniques (for example, ignoring dots in Gmail addresses or suffixes in Outlook addresses). The normalized form is stored alongside your original email address.
We use your information to operate CardGrade.io, process card analyses, manage your account, and handle payments. This is essential for delivering the services you request.
Card images and analysis data may be used to train and improve CGI Vision AI. This helps us increase accuracy and add new features. You can opt out of this in your account settings.
We may send you service-related emails, including account notifications, analysis results, and important updates. You can manage your email preferences in your account settings.
We use device identifiers, IP addresses, and email analysis to detect and prevent fraud, abuse, and multi-account circumvention. Specifically, we: limit the number of accounts that can be created from a single device or IP address; block registration from known disposable or temporary email providers; normalize email addresses to prevent alias-based duplicate accounts; and maintain blocklists of device identifiers and IP addresses associated with abusive activity. Our administrators may review fraud signals and take action including account suspension or blocking future registrations from a device or IP address.
We use trusted third-party services for payment processing (Stripe), email delivery, product analytics (Google Analytics 4), and fraud prevention (FingerprintJS). Analytics providers only run in accordance with your cookie choices — see our Cookie Policy at cardgrade.io/cookies. These providers are bound by contractual obligations to protect your data.
We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of CardGrade.io, our users, or others.
In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will notify you of any such change and your choices regarding your data.
We do not sell your personal information for money. We do use an analytics partner (Google Analytics) whose cookies may qualify as a "sale" or "share" of personal information under certain U.S. state privacy laws. You can opt out at any time using the "Your Privacy Choices" / Cookie Preferences control in our footer, and we honor Global Privacy Control (GPC) browser signals. In the EEA, UK, and other opt-in regions, these load only after you give consent.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. We employ industry-standard security measures to protect your information.
Access to user data is strictly limited to authorized personnel who need it to perform their job functions. We maintain comprehensive audit logs of all data access.
We are SOC 2 ready and follow security best practices. Regular security audits and penetration testing help ensure our systems remain secure.
We have procedures in place to detect, respond to, and recover from security incidents. In the event of a data breach, we will notify affected users promptly.
You can access and download your data at any time through your account settings. We provide your data in a portable format upon request.
You can update your account information at any time. If you believe any information we hold is inaccurate, please contact us.
You can request deletion of your account and associated data. Some data may be retained for legal or legitimate business purposes, including device identifiers and IP addresses associated with fraud prevention blocklists, which may be retained after account deletion to prevent re-registration by abusive actors.
You can opt out of AI training, marketing communications, and non-essential cookies through your account settings and the "Cookie Preferences" link in our footer.
If you are in the European Economic Area, United Kingdom, or Switzerland, you have the right to access, correct, delete, restrict, or object to our processing of your personal data, and the right to data portability. Where we rely on consent (for example, analytics and advertising cookies), you may withdraw it at any time without affecting processing that already took place. You also have the right to lodge a complaint with your local supervisory authority. Our legal bases for processing are: performance of a contract (providing the service), our legitimate interests (security, fraud prevention, and improving our products), your consent (non-essential cookies and AI training where applicable), and compliance with legal obligations.
If you are a California resident (CCPA/CPRA) or live in another U.S. state with a comprehensive privacy law, you have the right to know what personal information we collect, to access and delete it, to correct it, and to opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell personal information for money, and we do not knowingly process the personal information of anyone under 16 for advertising. To exercise your opt-out, use "Your Privacy Choices" / Cookie Preferences in our footer; we also honor Global Privacy Control (GPC) signals. We will not discriminate against you for exercising your rights.
You can exercise most rights directly in your account settings or by emailing privacy@cardgrade.io. We will verify your request and respond within the timeframe required by applicable law. You may use an authorized agent where the law permits.
CardGrade.io is operated from the United States, and our service providers may process data in the United States and other countries. Where we transfer personal data out of the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission Standard Contractual Clauses. By using our services, you understand that your information may be processed in countries whose data-protection laws differ from those of your own country.
When you sign in to the CardGrade.io Chrome Extension, an API token is generated and stored locally in your browser using chrome.storage.local. This token is transmitted over HTTPS to authenticate requests. The token hash is stored on our servers; the plaintext token never leaves your browser.
When you use the right-click "Grade this card" feature, the extension extracts the selected image from the webpage to send for grading. Images are transmitted directly to our servers over HTTPS and handled identically to images uploaded through the main website. We do not access or collect any other images or page content.
The extension stores your account information (name, email, credit balance, subscription plan) in chrome.storage.local to display in the popup UI. This data stays on your device and is cleared when you sign out.
The extension requests access to eBay, COMC, and TCGPlayer domains solely to enable right-click card image grading. It does not read, collect, or transmit any browsing activity, page content, or personal data from these sites beyond the specific image you choose to grade.
The CardGrade mobile app requests camera access solely to photograph trading cards for AI grading analysis. The app does not record audio or video — it captures still photos only. Camera data is used only for card grading and is not stored beyond the grading session unless you explicitly save the result to your account.
The app may request access to your photo library so you can upload existing card images for grading. We only access images you explicitly select and do not scan or access other photos in your library.
With your permission, we may send push notifications about grading results, account updates, and service announcements. You can disable notifications at any time in your device settings.
The mobile app collects only: (1) account information (name, email) for authentication; (2) card images you explicitly photograph or select for grading; (3) usage data such as features used and grading history; and (4) device identifiers for fraud prevention. This data is handled identically to data collected through our website as described in this policy.
CardGrade does not access, collect, store, or process any health data, fitness data, biometric data, medical data, or wellness data of any kind. The app has no health-related features and does not request any health-related permissions. No health information is shared with any third party.
The CardGrade mobile app does not access or collect: contacts or address books; call logs or phone numbers; SMS or text messages; precise or approximate location data; microphone audio or voice recordings; calendar data; files or documents outside of photos you explicitly select; or any sensor data (accelerometer, gyroscope, etc.).
We use essential cookies to operate our service, including session management and security features. These cannot be disabled.
We use analytics cookies (Google Analytics 4) to understand how users interact with our service. You control these through our cookie banner and the "Cookie Preferences" link in the footer. In regions that require consent, analytics cookies stay off until you accept; elsewhere you can opt out at any time.
We use cookies to remember your preferences, such as theme settings and language selection, to provide a personalized experience.
You can review and change your cookie choices at any time using the "Cookie Preferences" link in our footer. For a full list of the cookies we use and their purposes, see our Cookie Policy at cardgrade.io/cookies.