Privacy Policy

Introduction

Welcome to Vendor Vault. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our trading card game (TCG) collection management mobile application and related services.

By using Vendor Vault, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

Account Information

When you create an account, we collect:

• Email address — required for account creation and login
• Password — securely hashed and stored by our authentication provider
• Username — your chosen display name

Profile Information

You may optionally provide additional profile information:

• Profile picture — an avatar image uploaded and stored in our cloud storage
• Bio — a short description about yourself (up to 100 characters)
• Vendor name — a business name for Pro subscribers who sell at card shows
• Zip code — optionally provided to display upcoming card shows within 50 miles of your location

We do not collect your phone number, physical address, or any other personal contact information beyond your email.

Collection and Inventory Data

We store your card collection, vault, and inventory data so that you can access, manage, and share it. This includes your cards, transaction records, vault organization, and show attendance history. You can view, edit, or delete any of your data at any time from within the app.

Subscription and Usage Data

• Subscription status — your current plan (Free or Pro) and expiration date
• Scan usage count — the number of card scans used in the current billing month (Free tier: 300/month limit)

Subscription purchases are handled entirely through Apple's In-App Purchase system. We do not collect or store your payment card details, billing address, or any financial information. Apple processes all payments and provides us only with a confirmation of your subscription status.

Information We Do Not Collect

To be clear, the following data is not collected by Vendor Vault:

• Phone number
• Physical or mailing address
• GPS or precise location data (we only use zip code if you provide it)
• Payment card or banking information (handled by Apple)
• Device advertising identifiers
• Contacts, call logs, or SMS data

How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To create and manage your account, store your card inventory, track your transactions, and display relevant card shows near your zip code
• Card Identification: To process card images for automated card recognition and data entry
• Subscription Management: To manage your plan tier, enforce usage limits on the Free plan, and verify subscription status
• Data Export: To generate CSV exports of your inventory for use on third-party platforms (such as eBay or TCGPlayer) when you request it
• Security: To protect against unauthorized access and ensure platform integrity
• Compliance: To comply with legal obligations and enforce our terms of service

We do not use your information for targeted advertising, marketing emails, or profiling. We do not sell your personal information to third parties.

Analytics and Tracking

Vendor Vault does not use third-party analytics services such as Google Analytics, Firebase Analytics, Mixpanel, or similar tracking tools. We do not collect app usage analytics, crash reports through third-party services, or behavioral data.

The only usage metric we track is your monthly scan count, which is used solely to enforce Free-tier limits.

Information Sharing and Disclosure

Service Providers

We use the following third-party services to operate our platform:

• Cloud Infrastructure Provider: We use a third-party backend provider for database storage and user authentication. This provider may log IP addresses and basic request metadata as part of standard server operations.
• Apple App Store / In-App Purchases: Handles all subscription billing and payment processing. Apple's own privacy policy governs how they handle your payment information.

We do not share your data with advertising networks, data brokers, or other third parties for marketing purposes.

User-Initiated Sharing

Certain features allow you to share your data with others at your discretion:

• Shared lists: When you generate a QR code to share a card list, that list is temporarily accessible to anyone who scans the code. Shared lists expire automatically after 7 days.
• CSV exports: When you export your inventory for eBay or TCGPlayer, you control where that file goes.
• Show registration: When you register for a card show as a vendor, your vendor name may be visible to show attendees.

Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Law enforcement requests
• Protection of our rights, property, or safety
• Investigation of fraud or security issues

Data Storage and Security

Your data is stored on cloud infrastructure hosted in the United States. We rely on the following security measures:

• Encryption of data in transit using SSL/TLS
• Encryption of data at rest
• Passwords hashed using industry-standard algorithms
• Row Level Security (RLS) policies on database tables to ensure users can only access their own data
• Authentication tokens for API access

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Your Rights and Choices

Access and Correction

You can view and edit your profile information at any time through the app's Profile settings, including your username, bio, vendor name, zip code, and profile picture.

Account Deletion

You can delete your account directly from the app's Profile settings. When you delete your account:

• All of your personal data, inventory, transaction records, and uploaded images are permanently deleted from our database
• Your authentication credentials are removed
• This action is irreversible

Data Export

You can export your inventory data at any time through the app's export features (CSV format for eBay and TCGPlayer).

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected and how it is used
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information — we do not sell personal information
• Right to non-discrimination for exercising your CCPA rights

European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation, including the right to access, rectify, erase, restrict processing, port your data, and object to processing. To exercise these rights, contact us using the information below.

Children's Privacy

Vendor Vault is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. Users between 13 and 18 must have parental consent to use our services.

If we discover that we have collected information from a child under 13 without parental consent, we will delete that information promptly. If you believe we have collected information from a child, please contact us immediately.

Third-Party Links

Our app may contain links to third-party websites or services (such as TCGPlayer for card pricing data). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

Data Retention

We retain your personal information for as long as your account is active. When you delete your account, all associated data is permanently removed from our systems. We do not retain anonymized or aggregated data after account deletion.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes are posted constitutes your acceptance of the updated policy.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiries within 30 days or as required by applicable law.