The Report Card ("we," "us") is a tool that helps sports-card collectors value cards and decide what to buy. This policy explains what we collect, how we use it, and your choices. We keep it short and honest on purpose.
What we collect
Your account: the email address and password you sign up with. Passwords are stored only as secure one-way hashes by our authentication provider; we never see them.
The data you enter: the cards, purchase prices, grading details, sales, and profit/loss figures you choose to track. This is yours.
Basic technical data: standard logs (such as IP address and device/browser type) that our hosting providers record to run and secure the service.
What we do NOT collect
We do not ask for your real name, mailing address, phone number, or date of birth.
We never see or store your payment card number. If and when you subscribe, payments are handled by Stripe on Stripe's own secure systems; we only receive a confirmation and limited details like the card brand and last four digits.
We do not sell your data, and we do not use third-party advertising trackers.
How we use your data
To provide the app: store and sync your inventory across your devices, and run the valuation tools.
To improve the product, using aggregated and de-identified data (for example, blended market trends). We do not publish or share your individual inventory.
To secure the service and prevent abuse.
Who we share it with
We use a small number of trusted service providers ("subprocessors") strictly to run the app:
Supabase: database and account authentication (where your data is stored).
Netlify: website hosting.
PSA: only when you scan a slab, we send that single certification number to PSA to fetch the card's details.
Stripe: payment processing, if you subscribe.
We share data with these providers only as needed to operate the service. We may also disclose information if required by law.
How your data is protected
Encrypted in transit (HTTPS) and encrypted at rest by our database provider.
Strict per-account isolation: database security rules ensure your data is only ever accessible to your own logged-in account.
API secrets are kept server-side and never shipped to your browser.
Your choices and rights
Export: you can download a full backup of your data at any time from the app's Data menu.
Delete: you can permanently delete your data and account from the app's Data menu ("Delete my account & data"), or by emailing us.
Access/correction: contact us and we will help.
Deleting your data in the app removes it from our database. Stripe retains its own payment records as required by law; you can request deletion of your Stripe customer record by contacting us.
Cookies and local storage
We use your browser's local storage to keep you signed in and remember preferences (like dark mode). We do not use advertising or cross-site tracking cookies.
Children
The Report Card is not directed to children under 16, and we do not knowingly collect their data.
Changes
If we change this policy we will update the date above and, for significant changes, notify you in the app or by email.