Privacy Policy

Last updated: April 21, 2026

1. Information We Collect

We collect the following information when you use The CardDex:

  • Account information: Name, email address, password (hashed), location, and storefront slug.
  • Listing content: Images, descriptions, pricing, and card details you provide for inventory items.
  • Transaction data: Purchase history, trade offers, payment amounts, and Stripe payment metadata.
  • Usage data: Pages visited, features used, and interaction patterns to improve the Platform.
  • Third-party data: eBay listing data (when you use the import feature) and Stripe account information (when you connect for payments).

2. How We Use Your Information

  • To provide and operate the marketplace, storefronts, and trading features.
  • To process payments and enforce subscription plan limits.
  • To send in-app notifications about your trades, sales, and account activity.
  • To improve the Platform, fix bugs, and develop new features.
  • To prevent fraud, enforce our Terms of Service, and comply with legal obligations.

3. Information Sharing

We do not sell your personal information. We share data only in these cases:

  • Other users: Your storefront name, slug, bio, location, avatar, and listed items are publicly visible. Buyers and sellers in a transaction can see each other's names and shipping details as necessary.
  • Payment processors: Stripe receives payment and identity information necessary to process transactions.
  • Third-party integrations: eBay receives data necessary to manage your linked listings. Pricing APIs receive card details to fetch market values.
  • Legal requirements: We may disclose information if required by law, court order, or to protect our rights.

4. Data Storage & Security

Your data is stored in a PostgreSQL database and Cloudflare R2 (for images). Passwords are hashed with bcrypt. We use HTTPS, secure headers (HSTS, CSP), and rate limiting to protect your account. However, no system is 100% secure, and we cannot guarantee absolute security.

5. Cookies & Sessions

We use session cookies to keep you logged in. We do not use third-party advertising cookies. Session tokens are stored as secure, HTTP-only JWTs.

6. Your Rights

You have the right to:

  • Access and update your personal information through your account settings.
  • Request deletion of your account and associated data.
  • Opt out of non-essential notifications through notification preferences.
  • Request a copy of your data by contacting us.

7. Data Retention

We retain your account data for as long as your account is active. Transaction records are retained for legal and accounting purposes even after account deletion. Uploaded images are deleted when the associated inventory item is permanently removed.

8. Children's Privacy

The CardDex is not intended for users under 18. We do not knowingly collect information from minors. If we learn we have collected data from a child under 18, we will delete that account.

9. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via in-app notification. Continued use after changes constitutes acceptance.

10. Contact

Questions about your privacy? Contact us at support@thecarddex.com.