Skip to content
← Back to SlabScore

Privacy Policy

Last updated: March 2, 2026

1. Introduction

SlabScore ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our card grading analytics service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, password (hashed)
  • Profile Information: Display name (optional)
  • Card Data: Card names, codes, prices, grades, notes you enter
  • Payment Information: Processed by Stripe; we do not store card numbers

2.2 Information Collected Automatically

  • Usage Data: Features used, cards analyzed, batches created
  • Device Information: Browser type, operating system
  • Log Data: IP address, access times, pages viewed
  • Cookies: Session cookies for authentication

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Process your transactions and subscriptions
  • Send you service-related communications
  • Track your monthly card analysis count within your subscription tier
  • Improve and personalize the Service
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Data Storage and Security

Your data is stored securely using industry-standard practices:

  • Database: Supabase (PostgreSQL) with encryption at rest
  • Authentication: Supabase Auth with secure password hashing
  • Payments: Stripe PCI-DSS compliant processing
  • Hosting: Vercel with HTTPS encryption
  • Row-Level Security: Users can only access their own data

Free tier users: Card data is stored in your browser's localStorage only. Pro/Unlimited users: Card data is synced to our secure cloud database.

4.1 Data Residency & Cross-Border Transfers

Your data is processed and stored in the United States via our hosting providers (Vercel, Supabase). If you access SlabScore from outside the United States, your data will be transferred to and processed in the US. For EU/EEA users, these transfers are made pursuant to Standard Contractual Clauses (SCCs) maintained by our service providers. By using SlabScore, you consent to this transfer.

5. Data Sharing

We do not sell your personal information. We share data only with:

  • Stripe: For payment processing
  • Supabase: For authentication and data storage
  • Vercel: For hosting and analytics
  • PriceCharting: We send card search queries (no personal data)

We may disclose information if required by law or to protect our rights and safety.

6. Cookies

We use essential cookies for:

  • Authentication: Keeping you logged in
  • Preferences: Remembering your theme choice (dark/light)

We do not use advertising or tracking cookies. You can disable cookies in your browser, but this may affect functionality.

7. Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your card data (available in Settings)
  • Opt-out: Unsubscribe from marketing emails

To exercise these rights, contact us at admin@slabscore.io.

8. GDPR Compliance (EU Users)

If you are in the European Union, you have additional rights under GDPR:

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

Legal basis for processing: Contract performance (providing the Service), legitimate interests (improving the Service), and consent (marketing communications).

9. CCPA Compliance (California Users)

If you are a California resident, you have the right to:

  • Know what personal information we collect
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your rights

10. Data Retention

We retain your data for as long as your account is active. After account deletion:

  • Personal data is deleted within 30 days
  • Anonymized usage statistics may be retained
  • Payment records are retained as required by law (typically 7 years)

11. Children's Privacy

SlabScore is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

13. Chrome Extension

The SlabScore Chrome Extension provides card grading analysis directly in your browser. This section describes data practices specific to the extension.

13.1 Data the Extension Collects

  • Card information: Card names and prices extracted from supported marketplace pages (eBay, TCGPlayer, PriceCharting) when you explicitly trigger analysis via right-click
  • Analysis results: Cached locally in your browser using Chrome's storage API

13.2 Data the Extension Sends

  • Card name and raw price are sent to slabscore.io/api/extension/analyze for grading analysis
  • No personally identifiable information is sent (no browsing history, no cookies, no tracking IDs)
  • If you are signed in, your authentication token is included for higher rate limits

13.3 Local Storage

  • chrome.storage.local: Caches up to 50 analysis results with 24-hour expiry to reduce API calls
  • chrome.storage.sync: Stores your preferences and optional authentication token

13.4 What the Extension Does NOT Do

  • Does not collect or transmit browsing history
  • Does not read content from pages other than supported marketplaces
  • Does not inject ads or modify page content
  • Does not run in the background — only activates when you trigger it

14. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us at:

admin@slabscore.io

View Terms of Service →