CardChain Privacy Policy

1. INTRODUCTION

Welcome to CardChain. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how CardChain ("we," "our," or "us") collects, uses, shares, and protects information when you use our mobile application and related services (collectively, the "Service").

By using CardChain, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree with this policy, please do not use our Service.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information:

• Username, email address, and password (for email/password accounts)
• Profile information from Apple or Google (if using social login)
• Date of birth for age verification
• Phone number (optional, for account recovery and notifications)

Seller Account Information:

• Full legal name
• Shipping address for order fulfillment
• Phone number
• For users 18 and over: Bank account information (stored securely by Stripe, our payment processor)
• For users 13-17: Parental consent and parent/guardian account information required for seller accounts

Portfolio and Collection Data:

• Sports card information you add to your portfolio (card name, player, year, manufacturer, condition, purchase price)
• Card images you upload or capture using the app camera
• Custom notes, tags, and organization preferences
• Purchase and sale history
• Portfolio value tracking and historical data

Marketplace Activity:

• Listings you create (title, description, price, condition, images, shipping preferences)
• Offers you make or receive on listings
• Purchase and sale transactions
• Shipping addresses for order delivery
• Communication with buyers and sellers through in-app messaging

Support and Communication:

• Messages you send to CardChain support
• Dispute information and resolution history
• Feedback and survey responses

2.2 Information Collected Automatically

Device and Technical Information:

• Device type, model, and operating system version
• App version and settings
• IP address
• Device identifiers for push notifications (Expo push tokens)
• App performance data, error logs, and crash reports

Usage Information:

• Features you use within the app
• Screens you view and actions you take
• Time spent on different sections of the app
• Search queries and browsing history

Camera and Image Data:

• Photos of sports cards you capture using the in-app camera scanner
• Barcode scans (for graded cards with PSA or other certification barcodes)
• Images stored to your portfolio remain in your account; images not saved to your portfolio are deleted after processing

Location Information:

• Shipping addresses you manually enter (for order fulfillment and shipping rate calculations)
• We do NOT collect precise GPS location, geolocation data, or track your physical location

2.3 Information from Third-Party Sources

Authentication Services:

• When you sign in with Apple or Google, we receive your name, email address, and authentication tokens
• We do not receive your Apple ID password or Google password

Payment Processing (Stripe):

• Transaction status and payment confirmation
• For sellers: Stripe stores your bank account information; we do not have direct access to your full bank account numbers
• We retain transaction amount, date, and order details

Card Pricing Services:

• We fetch current market prices for sports cards from third-party pricing services
• We do NOT send your portfolio data or personal information to these services; we only query card prices by card identifier

AI Card Analysis:

• When you scan a card, the image is sent to artificial intelligence services for card recognition and condition assessment
• These services process the image and return card details (name, player, year, manufacturer, estimated grade)
• Images may be used to improve AI accuracy in the future

Shipping Services (Shippo):

• Address validation results
• Shipping rate quotes based on package weight and destination
• Tracking information for shipped orders

3. HOW WE USE YOUR INFORMATION

3.1 Core Service Functions

Account Management:

• Create and maintain your user account
• Authenticate your identity when you log in
• Verify your age (minimum 13 years old; 18+ for independent seller accounts)
• Enable account recovery and password resets

Portfolio Management:

• Track your sports card collection
• Calculate current portfolio value using real-time market prices
• Generate portfolio performance analytics and historical charts (stored for up to 1 year)
• Sync your portfolio across devices

AI-Powered Card Scanning:

• Analyze card images to identify card details (name, player, year, manufacturer, set)
• Estimate card condition and grade
• Automatically populate card information in your portfolio
• Improve AI recognition accuracy through machine learning

Marketplace Operations:

• Display your listings to potential buyers
• Facilitate offers and counteroffers between buyers and sellers
• Process payments through Stripe
• Calculate shipping costs and generate shipping labels via Shippo
• Track order status from purchase to delivery
• Manage order fulfillment and delivery confirmation

Payment Processing:

• Charge buyers for purchases
• Hold funds during the 3-day buyer protection period after delivery
• Transfer seller payouts after the protection period ends (or after CardChain confirms the buyer received the item in satisfactory condition)
• Process refunds and returns when applicable

3.2 Communication

Transactional Notifications:

• Order confirmations and shipping updates
• Messages from other users about your listings or purchases
• Price alerts when cards in your watchlist change in value
• Offer notifications when someone makes an offer on your listing or portfolio card

Support and Dispute Resolution:

• Respond to your customer support inquiries
• Investigate and resolve disputes between buyers and sellers
• Communicate updates about your open support tickets

Account and Security Notifications:

• Security alerts about suspicious account activity
• Important updates to our Terms of Service or Privacy Policy

We do NOT send marketing or promotional communications at this time.

3.3 Service Improvement and Development

Platform Enhancement:

• Analyze how users interact with the app to identify bugs and improve performance
• Develop new features based on user behavior and feedback
• Optimize the user interface and experience

AI Training and Improvement:

• Card images and scan data may be used to train our AI models to improve card recognition accuracy
• Training data is stored in our database with associated card details and user corrections
• You may opt out of contributing your scan data to AI training (feature planned for future release)

Fraud Prevention and Security:

• Monitor transactions for fraudulent activity
• Detect and prevent policy violations
• Protect the integrity and safety of the marketplace
• Investigate reported scams or suspicious behavior

3.4 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests from law enforcement or regulatory authorities
• Enforce our Terms of Service
• Protect our rights, property, and safety, as well as those of our users

4. HOW WE SHARE YOUR INFORMATION

4.1 Public Information

Public Profiles (Optional):

• If you enable "Public Profile," other users can search for and view your profile
• Your public profile displays your username, profile picture (if set), seller rating, and follower count
• Other users can follow your public profile

Public Portfolios (Optional):

• If you enable "Public Portfolio," other users can view the cards in your portfolio
• This allows other users to make offers on your portfolio cards
• Public portfolios display card details and images, but NOT your purchase prices or profit/loss data

Listing Information:

• All active marketplace listings are publicly visible to CardChain users
• Listing views and watchlist counts are publicly displayed
• We do NOT notify sellers when someone adds their listing to a watchlist

Offer History:

• Offer details and negotiation history are ONLY visible to the buyer and seller involved
• Offer information is not shared with other users

4.2 Service Providers

We share information with trusted third-party service providers who assist in operating our Service:

Cloud Infrastructure:

• Cloud hosting and server infrastructure (United States)
• User authentication services
• Image storage
• Email delivery
• Address autocomplete

Stripe:

• Payment processing and seller payouts
• Stripe Connect accounts for sellers
• We share transaction amounts, order details, and seller/buyer information necessary to process payments
• Stripe stores sensitive payment information (bank accounts, credit cards) under their security standards
• Read Stripe's Privacy Policy at: https://stripe.com/privacy

Shipping Services:

• Shipping rate calculations
• Shipping label generation
• Package tracking
• We share seller/buyer shipping addresses and package details to facilitate shipping

Artificial Intelligence Services:

• Card image analysis and recognition
• Chat and support assistance
• We send card images and text prompts to AI services for processing
• AI service providers do not use your data for their own purposes beyond providing the service to us

Push Notification Services:

• Push notification delivery for messages, order updates, and price alerts
• We share your device push token and notification content

Subscription Management Services:

• Process in-app subscription purchases (if applicable)
• Manage subscription status and billing

4.3 During Disputes and Support Requests

When you contact CardChain support or file a dispute:

• We share relevant information with our support team to investigate and resolve your issue
• This may include order details, chat messages, card images, tracking information, and transaction history
• Information is shared only with authorized CardChain support staff

4.4 Legal and Safety Requirements

We may disclose your information when required by law or to protect safety:

• In response to court orders, subpoenas, or other legal processes
• To comply with legal obligations or government requests
• To investigate or prevent illegal activity, fraud, or security threats
• To protect the rights, property, and safety of CardChain, our users, or the public
• To enforce our Terms of Service and policies

4.5 Business Transfers

If CardChain is involved in a merger, acquisition, sale of assets, or bankruptcy:

• Your information may be transferred to the acquiring entity
• We will provide notice and inform you of any choices you may have regarding your information

4.6 With Your Consent

We may share your information for other purposes with your explicit consent.

4.7 What We Do NOT Share

• We do NOT sell your personal information to anyone
• We do NOT share your information for third-party advertising or marketing purposes
• We do NOT share your portfolio holdings, purchase prices, or investment performance with third parties (except as necessary for the Service)
• We do NOT share your private messages with anyone except the intended recipient and authorized support staff during disputes

5. DATA STORAGE, RETENTION, AND SECURITY

5.1 Data Storage

Location:

• Our servers are located in the United States
• Data is stored in secure cloud infrastructure with encryption at rest and in transit

Encryption:

• Passwords are hashed and salted using industry-standard encryption
• Sensitive data is encrypted during transmission (HTTPS/TLS)
• Payment information is tokenized and secured by Stripe

5.2 Data Retention

Account Data:

• We retain your account information, portfolio data, and transaction history for as long as your account is active
• You can delete your account at any time through the app settings

Deleted Accounts:

• When you delete your account, all personal information, portfolio data, and chat messages are permanently deleted
• Some transaction records may be retained for legal, tax, or fraud prevention purposes for up to 7 years as required by law

Portfolio Historical Data:

• Portfolio value snapshots and price history data are retained for up to 1 year to provide historical charts

Chat and Support Messages:

• In-app messages between buyers and sellers are stored until you delete them or close your account
• Support ticket messages are stored until you delete them or close your account

Card Images:

• Images saved to your portfolio remain until you delete them or close your account
• Images from card scans that are NOT saved to your portfolio are deleted after processing

Order Records:

• Transaction history and order details are retained for as long as your account is active
• Retention periods may be extended for legal compliance, tax reporting, or ongoing disputes

5.3 Security Measures

We implement security safeguards to protect your information:

Technical Security:

• Secure Socket Layer (SSL) encryption for data transmission
• Encrypted storage of sensitive data
• Regular security audits and vulnerability assessments
• Secure authentication protocols (OAuth, industry-standard authentication)

Access Controls:

• Role-based access restrictions for CardChain employees
• Multi-factor authentication available for user accounts
• Monitoring for unauthorized access attempts

Payment Security:

• We do NOT store credit card numbers or bank account numbers
• Payment data is tokenized and secured by Stripe, a PCI DSS compliant payment processor
• Sellers' bank account information is stored by Stripe, not by CardChain

Physical Security:

• Secure data centers with physical security measures
• Restricted access to server infrastructure

Despite our security measures, no system is 100% secure. We cannot guarantee absolute security of your information.

6. YOUR PRIVACY RIGHTS AND CHOICES

6.1 Account Settings and Controls

Access and Update Your Information:

• View and edit your profile information in Account Settings
• Update your shipping addresses, payment methods, and preferences
• Manage your portfolio and listing data

Delete Your Account:

• You can permanently delete your account at any time through Settings > Account > Delete Account
• Account deletion is permanent and cannot be undone
• All personal data, portfolio information, and messages will be deleted

Communication Preferences:

• Control push notification settings for messages, orders, and price alerts through Settings > Notifications
• You cannot opt out of transactional notifications (order confirmations, security alerts) while using the Service

Privacy Settings:

• Toggle Public Profile on/off to control whether others can search for and view your profile
• Toggle Public Portfolio on/off to control whether others can view your portfolio cards
• Manage who can send you messages or offers

6.2 Data Access and Portability

Request Your Data:

• You can request a copy of your personal information by contacting privacy@cardchain.ai
• We will provide your data in a machine-readable format (JSON or CSV)
• Requests are processed within 30 days

Export Your Portfolio:

• Export your portfolio data directly through the app (Settings > Portfolio > Export)

6.3 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know:

• Request information about the categories and specific pieces of personal information we collect
• Learn about the sources of information, purposes for collection, and categories of third parties with whom we share information

Right to Delete:

• Request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention)

Right to Non-Discrimination:

• We will not discriminate against you for exercising your privacy rights
• You will not receive different pricing or service quality for making privacy requests

Right to Opt-Out of Sale:

• We do NOT sell personal information, so there is nothing to opt out of

How to Exercise Your Rights:

• Email your request to: privacy@cardchain.ai
• Include your account username/email and specify which right(s) you are exercising
• We will respond within 45 days

Verification:

• We may ask you to verify your identity before processing your request to protect your privacy

Authorized Agent:

• You may designate an authorized agent to make requests on your behalf by providing written authorization

6.4 Other State Privacy Laws

We comply with applicable privacy laws in all U.S. states. If your state provides additional privacy rights, please contact us at privacy@cardchain.ai.

7. CHILDREN'S PRIVACY

7.1 Age Requirements

• CardChain is intended for users 13 years of age and older
• We do NOT knowingly collect personal information from children under 13
• If we discover that we have collected information from a child under 13, we will promptly delete it

7.2 Parental Consent for Sellers

Users Ages 13-17:

• May use CardChain to browse, purchase items, and manage a portfolio
• To create a seller account, users ages 13-17 MUST have parental consent and parent/guardian account management
• A parent or legal guardian must create and manage the seller account on behalf of the minor

Users Ages 18 and Older:

• May independently create and manage seller accounts
• May link bank accounts for seller payouts

7.3 Parental Rights

If you are a parent or guardian and believe your child under 13 has provided information to CardChain:

• Contact us immediately at privacy@cardchain.ai
• We will delete the information and close the account

Parents of users ages 13-17 may request:

• Access to information we have collected about their child
• Deletion of their child's account and information
• Restrictions on future collection of their child's information

8. INTERNATIONAL USERS AND DATA TRANSFERS

8.1 United States Based Service

• CardChain is operated from the United States
• Our servers are located in the United States
• Currently, our Service is only available to users in the United States

8.2 Future International Expansion

If we expand to serve users outside the U.S. in the future:

• We will update this Privacy Policy to address international data transfers
• We will implement appropriate safeguards for cross-border data transfers (e.g., Standard Contractual Clauses)
• We will comply with applicable international privacy laws (e.g., GDPR for EU users)

9. THIRD-PARTY SERVICES AND LINKS

9.1 Third-Party Privacy Policies

Our Service integrates with third-party services that have their own privacy policies:

• Stripe: https://stripe.com/privacy

We are not responsible for the privacy practices of third-party service providers. Please review their privacy policies directly.

9.2 External Links

• Our Service may contain links to external websites or resources (e.g., card grading companies, sports leagues)
• We are not responsible for the privacy practices of external sites
• We recommend reviewing the privacy policies of any sites you visit

9.3 Social Login

If you sign in using Apple or Google:

• Your use of those services is governed by Apple's or Google's privacy policies
• We receive limited information (name, email, authentication token) as permitted by your social login provider
• You can manage connected accounts and permissions through your Apple ID or Google Account settings

10. AI AND AUTOMATED PROCESSING

10.1 AI Card Scanning and Recognition

How It Works:

• When you scan a card, the image is sent to AI services for analysis
• The AI identifies card details (name, player, year, manufacturer, set, estimated grade)
• Results are returned to you within seconds

Data Usage:

• Card images and scan results may be stored to improve AI accuracy
• Training data includes the image, identified card details, and any corrections you make
• Future versions may allow you to opt out of contributing to AI training

Accuracy Disclaimer:

• AI analysis is for informational purposes only and may not be 100% accurate
• You should verify card details and grades independently
• AI condition assessments are estimates, not professional grading opinions

10.2 AI Chat and Support

Automated Assistance:

• Our support system may use AI to help answer common questions
• AI chat provides navigation help and general information
• Complex issues are escalated to human support staff

Limitations:

• AI responses are automated and may not always be accurate
• Sensitive account issues should be directed to human support

10.3 Algorithmic Pricing and Recommendations

Market Pricing:

• We use algorithms to fetch and display real-time card prices from third-party pricing services
• Pricing data is aggregated from public market sources
• Prices are for reference only and may not reflect actual sale values

Future Features:

• We may introduce personalized recommendations, investment insights, or trending card alerts
• These features will be based on aggregated market data and your portfolio preferences

10.4 Human Review and Appeals

• You can request human review of any AI decision or analysis
• Contact support at support@cardchain.ai if you believe an AI result is incorrect
• We will manually review and correct errors when appropriate

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Current Practices

• CardChain is a native mobile application (not a website)
• We do NOT currently use cookies, tracking pixels, or web analytics
• We do NOT use third-party advertising or tracking networks

11.2 Future Web Platform

If we launch a web version of CardChain in the future:

• We will update this Privacy Policy to describe cookie usage
• You will have the option to accept or decline non-essential cookies
• We will comply with applicable cookie consent laws

11.3 Push Notifications

• We use push notification services to send notifications to your device
• You can disable push notifications in your device settings or app notification settings
• Disabling notifications may affect your ability to receive important order and message updates

12. DATA BREACH NOTIFICATION

12.1 Security Incident Response

In the event of a data breach:

• We will promptly investigate and contain the incident
• We will assess the scope and impact of the breach
• We will notify affected users as required by law

12.2 User Notification

If your information is compromised:

• We will notify you within 72 hours (or sooner if required by law)
• Notification will include:
  • Description of what happened
  • Types of information affected
  • Steps we are taking to address the breach
  • Actions you can take to protect yourself
• We will provide updates as the investigation progresses

12.3 Regulatory Reporting

• We will report breaches to relevant authorities as required by law
• We will cooperate with law enforcement and regulatory investigations

13. CHANGES TO THIS PRIVACY POLICY

13.1 Policy Updates

• We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features
• We will update the "Last Updated" date at the top of this policy
• Material changes will be communicated to users via email or in-app notification

13.2 Continued Use

• Your continued use of CardChain after changes are posted constitutes your acceptance of the updated Privacy Policy
• If you do not agree with the changes, you may delete your account

13.3 Review Past Versions

• You can request previous versions of this Privacy Policy by contacting privacy@cardchain.ai

14. CONTACT INFORMATION

14.1 Privacy Questions and Requests

For privacy-related questions, data requests, or to exercise your privacy rights:

Email: privacy@cardchain.ai

Response Time: We aim to respond within 30 days

14.2 Customer Support

For general customer support (account issues, orders, technical problems):

Email: support@cardchain.ai

In-App Support: Settings > Help & Support > Contact CardChain Support

14.3 Legal and Compliance

For legal inquiries, law enforcement requests, or regulatory matters:

Email: legal@cardchain.ai