Privacy Policy

Last Updated: March 16, 2026  |  Effective: March 16, 2026

1. Information We Collect

Information You Provide

• Account Information: Username, email address, display name, password (stored as a secure hash, never in plain text), and profile photo
• Seller Information: Store name, store description, specialties, shipping and return policies, payout method details (PayPal email or e-Transfer email)
• Listing Information: Card descriptions, condition assessments, grading details, certification numbers, pricing, and photographs
• Transaction Information: Purchase history, sale history, order details, shipping addresses, and tracking numbers
• Communication: Messages exchanged between Users through the Platform, and communications with Card-Star support
• Verification Information: Identity verification documents when applying for Verified Seller status

Information Collected Automatically

• Usage Data: Pages visited, features used, search queries, listing views, and click patterns
• Device Information: Browser type, operating system, device type, screen resolution, and language preferences
• Network Information: IP address, approximate geographic location (city/region level), and referring website
• Session Data: Login times, session duration, and authentication tokens

Information from Third Parties

• Payment Processors: Transaction confirmation, payment status, and fraud risk assessments from Stripe and PayPal
• Grading Companies: When available, certification verification data from PSA, BGS, SGC, and other grading services

2. How We Use Your Information

We use the information we collect to:

• Operate the Platform: Facilitate listings, transactions, payments, shipping, and communications between Users
• Build Price Analytics: Aggregate sale data to provide market pricing, trends, and Card Identity records. This data is anonymized and used to power our price engine
• Improve the Platform: Analyze usage patterns to improve features, fix issues, and develop new functionality
• Security and Fraud Prevention: Detect and prevent fraudulent activity, counterfeit listings, and unauthorized access
• Communication: Send transaction updates, shipping notifications, and important account alerts. We may also send marketing communications with your consent
• Trust and Safety: Calculate seller ratings, buyer metrics, and community scores
• Legal Compliance: Comply with applicable laws, regulations, and legal processes

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

• Between Transaction Parties: Buyers receive the Seller's store name and shipping origin. Sellers receive the Buyer's shipping address for order fulfillment. Full names and contact details beyond what is necessary for the transaction are not shared.
• Payment Processors: Transaction data is shared with Stripe and PayPal as required to process payments
• Service Providers: We may share data with hosting providers, email services, and analytics tools that assist in operating the Platform, bound by data processing agreements
• Legal Requirements: We may disclose information when required by law, court order, or government request, or to protect the rights, property, or safety of Card-Star, our Users, or the public
• Business Transfers: In the event of a merger, acquisition, or sale of Card-Star, User data may be transferred to the successor entity
• Aggregated Data: We may share anonymized, aggregated data (such as market trends and price indices) publicly or with partners. This data cannot identify individual Users

4. Payment Information

Card-Star does not directly store credit card numbers, bank account details, or full payment credentials. All payment processing is handled by PCI DSS-compliant third-party providers (Stripe and PayPal). We store only:

• Transaction references and order IDs
• Payout method type and associated email address
• Transaction amounts and fee calculations

5. Cookies and Tracking

Card-Star uses the following types of cookies:

• Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
• Functional Cookies: Remember your preferences such as language, currency, and display settings
• Analytics Cookies: Help us understand how Users interact with the Platform to improve features and performance

We do not use third-party advertising cookies or tracking pixels for targeted advertising. You can manage cookie preferences through your browser settings.

6. Data Retention

• Account Data: Retained for the duration of your account and for 30 days after account closure to allow for recovery
• Transaction Data: Retained for 7 years for tax and legal compliance purposes
• Card Identity Data: Sale prices and ownership history associated with Card Identity records are retained permanently as part of the Platform's card database. This data is considered Platform data, not personal data, and persists after account deletion
• Communication Data: Messages are retained for 2 years after the associated transaction is completed
• Usage Data: Aggregated usage data is retained indefinitely. Individual-level usage data is retained for 12 months

7. Data Security

We implement industry-standard security measures to protect your data:

• HTTPS/TLS encryption for all data in transit
• Bcrypt password hashing (passwords are never stored in plain text)
• CSRF token protection against cross-site request forgery
• Parameterized database queries to prevent SQL injection
• Regular security updates and server monitoring
• Access controls limiting employee access to User data

While we take security seriously, no system is 100% secure. We encourage Users to use strong, unique passwords and to report any security concerns immediately.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data, subject to our retention requirements. Note: Card Identity records (sale prices, ownership history) are Platform data and are not subject to individual deletion requests
• Data Portability: Request your data in a commonly used, machine-readable format
• Withdrawal of Consent: Withdraw consent for marketing communications at any time
• Objection: Object to processing of your data for certain purposes

To exercise these rights, contact us at privacy@card-star.com. We will respond within 30 days.

9. Children's Privacy

Card-Star is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a child under 18, we will delete that information promptly.

10. International Users

Card-Star is operated from Canada. If you access the Platform from outside Canada, your data may be transferred to and processed in Canada. By using the Platform, you consent to this transfer. We comply with applicable Canadian privacy laws including PIPEDA (Personal Information Protection and Electronic Documents Act).

11. Third-Party Services

The Platform may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those services. We encourage you to review the privacy policies of any third-party services you use.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Users of material changes via email or Platform notification at least 14 days before changes take effect. The "Last Updated" date at the top of this page indicates when the policy was last revised.

13. Contact

For privacy-related questions or to exercise your data rights:

Card-Star.com — Privacy
Email: privacy@card-star.com
Website: card-star.com/contact