vaultd.

Privacy Policy

Last updated: March 20, 2026

1. Information We Collect

We collect information you provide directly when you use vaultd.:

  • Account information: email address, display name, and password when you create an account. If you sign up with Google OAuth, we receive your name and email from Google.
  • Profile information: phone number (for seller verification), profile photo, and display name.
  • Listing information: card photos, descriptions, prices, and condition details you provide when creating listings.
  • Transaction information: purchase history, offer history, and shipping details.
  • Usage information: pages visited, listings viewed, search queries, watchlist activity, and device/browser information collected automatically.

2. How We Use Your Information

  • To operate and maintain the marketplace.
  • To process transactions and send related communications (order confirmations, shipping updates, offer notifications).
  • To verify seller identity and manage seller tier status.
  • To detect and prevent fraud, abuse, and violations of our Terms of Service.
  • To improve the Platform through usage analytics and user feedback.
  • To send important account-related notices such as security alerts and policy changes.
  • To respond to support requests and resolve disputes.

We do not sell your personal information to third parties. We do not send marketing emails unless you explicitly opt in.

3. Payment Information

All payment processing on vaultd. is handled by Stripe. When you make a purchase or connect a bank account for payouts, your payment details are collected and processed directly by Stripe. vaultd. does not store, access, or retain your credit card numbers, bank account numbers, or other sensitive financial information on our servers. Stripe’s handling of your data is governed by their Privacy Policy.

4. Cookies

vaultd. uses cookies and similar technologies to maintain your authentication session, remember your preferences, and understand how the Platform is used. We use essential cookies required for the Platform to function (authentication tokens, session identifiers). We do not use third-party advertising cookies. You can disable cookies in your browser settings, but this may prevent you from using certain features of the Platform.

5. Third-Party Services

We use the following third-party services to operate the Platform:

  • Stripe — payment processing and seller payouts. Stripe receives your payment information directly.
  • Supabase — database hosting, user authentication, and file storage. Your account data, listing data, and uploaded images are stored on Supabase infrastructure.
  • Resend — transactional email delivery. Your email address is shared with Resend to send order confirmations, offer notifications, and account-related communications.
  • Vercel — web hosting and deployment. Vercel processes incoming web requests and may log IP addresses and request metadata.

Each of these services has their own privacy policy governing their handling of your data. We encourage you to review them.

6. Data Retention

We retain your account information for as long as your account is active. If you delete your account, we will remove your personal information within 30 days, except where we are required to retain certain data for legal or compliance purposes (such as transaction records, which we retain for 7 years). Listing images are deleted from our storage within 30 days of listing removal. Anonymized usage analytics may be retained indefinitely.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request that we correct inaccurate or incomplete data.
  • Deletion: request that we delete your personal data, subject to legal retention requirements.
  • Portability: request your data in a structured, machine-readable format.
  • Objection: object to certain types of processing, such as direct marketing.

To exercise any of these rights, contact us at the email below. We will respond within 30 days.

8. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS), secure authentication via Supabase, and row-level security policies on all database tables. However, no method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately.

9. Children’s Privacy

vaultd. is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Platform or sending an email to the address associated with your account. Your continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at privacy@vaultd.cards.