Privacy Policy

Last updated: April 11, 2026

This Privacy Policy explains how getCRDS.com ("CRDS", "we", "us", or "our") collects, uses, and protects information about users of our wholesale sports card marketplace platform. By using CRDS, you agree to the practices described here.

Contents

Information We Collect
How We Use Your Information
Third-Party Services
Payment Processing
AI-Powered Card Scanning
Cookies & Tracking
Data Retention
Your Rights
Security
Children's Privacy
International Users
Changes to This Policy
Contact Us

1. Information We Collect

We collect information you provide directly to us, information collected automatically when you use the platform, and information from third-party services you connect.

Account Information

Name, email address, and password (hashed)
Business name and store URL slug (for sellers)
Profile photo, banner image, bio, and social media handles (optional)
Shipping address (for buyers and sellers, used for order fulfillment)

Wholesale Buyer Application Information

Business name and resale tax certificate (for tax-exempt status)
Documentation supporting wholesale buyer status

Card Inventory and Listings

Card details you enter or scan (player, year, set, condition, cert numbers)
Photos of cards you upload (front and back)
Pricing, quantity, location, and notes

Order and Transaction Information

Items purchased or sold
Order amounts, dates, and shipping details
Tracking numbers and delivery status

Usage Information

Browser type, device information, and IP address
Pages visited, features used, and actions taken
Approximate location derived from IP address

2. How We Use Your Information

We use the information we collect to:

Operate and maintain the CRDS platform
Process orders, payments, and shipping
Authenticate users and prevent fraud
Generate AI-powered card metadata via image scanning
Send transactional and account-related emails
Provide customer support and respond to inquiries
Comply with legal obligations
Improve and develop new features
Send marketing communications (only if you opt in)

3. Third-Party Services

We use trusted third-party services to operate the platform. These providers have their own privacy policies, and they may receive certain information necessary to provide their services:

Stripe — Payment processing, subscription billing, and Stripe Connect for seller payouts. Stripe receives payment method data, billing addresses, and transaction details. Stripe Privacy Policy
Supabase — Database hosting, authentication, and file storage (card images). Supabase Privacy Policy
Vercel — Web hosting and serverless function execution. Vercel Privacy Policy
Anthropic (Claude AI) — Card image analysis and metadata extraction. Card images are sent to Anthropic for processing but are not used to train their models per their commercial terms. Anthropic Privacy Policy
Resend — Transactional email delivery (notifications, application status). Resend Privacy Policy
Google (OAuth) — Optional sign-in via Google for buyer/seller applications. Google Privacy Policy
eBay — Optional integration for sellers who connect their eBay account. We share inventory data with eBay only at your direction. eBay Privacy Policy
PSA (Professional Sports Authenticator) — Looking up card details and images by certification number. We send PSA cert numbers but no personal data.

We do not sell your personal information to third parties.

4. Payment Processing

All payment processing on CRDS is handled by Stripe. We do not store credit card numbers, bank account details, or other sensitive payment information on our servers. When you make a payment or receive a payout, your payment data is transmitted directly to Stripe and is subject to their privacy and security practices.

Sellers who accept payments must complete Stripe Connect onboarding, which requires identity verification per financial regulations. CRDS does not see or store the documents you submit to Stripe for verification.

5. AI-Powered Card Scanning

CRDS offers an AI-powered card scanning feature that uses Anthropic's Claude API to identify and extract metadata from photos of trading cards. When you use this feature:

Card images you upload are temporarily transmitted to Anthropic for analysis
Anthropic processes the image and returns structured metadata (player, year, set, etc.)
Per Anthropic's commercial terms, your images are NOT used to train AI models
The original image is stored in our Supabase Storage bucket and linked to your inventory
You retain ownership of all card photos you upload

6. Cookies & Tracking

CRDS uses minimal cookies and local storage to operate. We do not use third-party advertising or cross-site tracking cookies.

Authentication tokens — Stored in your browser's localStorage to keep you logged in
Session preferences — Cart contents, saved drafts, and view preferences
Stripe cookies — During checkout, Stripe may set cookies for fraud prevention

You can clear these at any time via your browser settings, but doing so will log you out and clear any saved drafts.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. After account deletion, we may retain certain information as required by law (e.g., tax records related to transactions) or for legitimate business purposes (e.g., fraud prevention, dispute resolution).

Card images and inventory data are retained while your account is active and for up to 30 days after account closure unless you request earlier deletion.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access — Request a copy of the personal information we hold about you
Correction — Request that we correct inaccurate or incomplete information
Deletion — Request that we delete your personal information (subject to legal retention requirements)
Portability — Request a machine-readable copy of your data
Opt-out — Unsubscribe from marketing communications at any time
Withdrawal of consent — Where we rely on consent, you can withdraw it at any time

To exercise any of these rights, contact us at katelyn@getcrds.com.

9. Security

We take reasonable measures to protect your information:

All passwords are hashed using bcrypt before storage
Authentication uses industry-standard JWT tokens
All traffic to and from CRDS is encrypted via HTTPS/TLS
Payment data is handled exclusively by Stripe (PCI-compliant)
Database access is restricted to authorized personnel only

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but we work continuously to protect your data.

10. Children's Privacy

CRDS is not intended for use by children under the age of 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us immediately.

11. International Users

CRDS is operated from the United States. If you access the platform from outside the US, your information will be transferred to, stored, and processed in the United States. By using CRDS, you consent to this transfer and processing.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify users via email or via a prominent notice on the platform. Your continued use of CRDS after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your information, please contact us:

Email: katelyn@getcrds.com
Website: getcrds.com