This Privacy Policy explains how Card Vendor Suite ("we," "us," or "our") collects, uses, and protects your personal information when you use our Service. By using the Service you agree to the practices described here.
Account information: When you register, we collect your username and email address. Passwords are stored as one-way hashes and are never readable by us.
Billing information: Payments are processed by Paddle. We do not store your credit card number or full payment details. We receive and store a Paddle customer ID, subscription ID, plan type, and billing status.
eBay authorization: If you connect an eBay account, we store the OAuth tokens required to create listings on your behalf. These tokens are stored locally on our servers and used only to fulfill your listing requests.
Scan and session data: We store images you upload for card scanning, session records, and identification results. This data is associated with your account and used to provide the Service.
Usage data: We may collect basic server logs (IP address, request timestamps, error events) for security monitoring and debugging purposes.
We do not sell your personal information. We share data only with:
We retain your account and billing records for as long as your account is active and for a reasonable period thereafter for legal and business purposes. Scan images are cleaned up by the server on a configurable schedule (default: 7 days after processing). Session identification records may be retained longer for billing and audit purposes. You may request deletion of your account data by contacting us.
All data in transit is protected by HTTPS. eBay OAuth tokens are encrypted at rest using a server-side secret key. Other server data (session records, settings) is stored on disk and protected by server-side filesystem access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but take reasonable precautions to protect your data.
Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. To exercise these rights, contact us at support@cardvendorsuite.com. We will respond within 30 days.
The Service uses session tokens (stored in browser local storage) to keep you logged in. We do not use tracking cookies or third-party advertising cookies.
The Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will promptly delete it.
We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice. Continued use of the Service after changes take effect constitutes acceptance.
Privacy questions or requests can be directed to support@cardvendorsuite.com.