Privacy policy
Last updated: 2026-05-07
CardPreGrading.com (“CPG”) takes privacy seriously. This page explains what we collect, why, and what your rights are under UK GDPR.
Data we collect
- Account data: email address, password hash, display name (optional).
- Scan data: photos you upload, card metadata you enter, and the centering measurements / verdict our system produces.
- Payment data: handled by Stripe. We never see or store your full card number.
- Analytics: anonymised usage data via Plausible (no cookies) and PostHog (privacy-first, EU region).
- Cookies: see our cookie policy.
How we use it
- To deliver the service: produce reports, manage your account, process payments.
- To send transactional emails (purchase receipts, scan completion).
- With your consent, to send marketing emails (unsubscribe at any time).
- For aggregated, anonymised product analytics - improving the service.
Lawful basis (UK GDPR)
- Performance of a contract - to deliver the service.
- Legitimate interests - to secure the service and detect fraud.
- Consent - for marketing emails and non-essential analytics.
Sharing
We share data only with service providers strictly necessary to deliver the service:
- Supabase (database, storage, auth) - EU/EEA region.
- Stripe (payments).
- Resend (email delivery).
- Vercel (hosting).
We do not sell your data to anyone, ever.
Retention
We retain account and scan data while your account is active. When you delete a report, the photos and metadata are deleted. When you delete your account, all personal data is deleted within 30 days.
Your rights
You can access, correct, export, or delete your data from your Account page or by emailing hello@cardpregrading.com. You can also complain to the UK ICO if you believe we've mishandled your data.
International transfers
Some sub-processors are based outside the UK/EEA. Where that is the case, we rely on Standard Contractual Clauses or the UK Adequacy Regulations.
Contact
Email hello@cardpregrading.com for any privacy-related question.