Privacy Policy

Last updated: March 20, 2026

1. Introduction

CardAlpha ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at cardalpha.pro. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Platform.

2. Information We Collect

Information you provide directly:

  • Account information — name, email address, and password when you register
  • Collection data — card details, purchase prices, grades, and other information you choose to enter
  • Payment information — processed securely by Stripe; we do not store card numbers
  • Communications — messages you send us or post in community features

Information collected automatically:

  • Usage data — pages visited, features used, search queries, and time spent on the Platform
  • Device information — browser type, operating system, and IP address
  • Cookies and similar tracking technologies to maintain your session and improve your experience

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Platform and its features
  • Process your subscription payments and manage your account
  • Send you service-related communications including alerts and notifications you have enabled
  • Send you product updates, new features, and promotional offers (you may opt out at any time)
  • Analyze usage patterns to improve the Platform experience
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

  • Service providers — Clerk (authentication), Supabase (database), Stripe (payments), Resend (email), and Twilio (SMS) who process data on our behalf under strict confidentiality agreements
  • Community features — information you choose to share publicly in the deal feed or community is visible to other members
  • Legal requirements — when required by law, court order, or governmental authority
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to you

5. Your Collection Data

Your collection data — including card details, purchase prices, and related information — is private by default. It is only visible to you and is never shared with other members or third parties without your explicit consent. We use industry-standard Row Level Security on our database to ensure your data is isolated from other members.

6. Data Retention

We retain your account and collection data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention.

7. Cookies

We use essential cookies to maintain your login session and platform preferences. We do not use advertising or tracking cookies. You can control cookie settings through your browser, though disabling essential cookies may affect Platform functionality.

8. Security

We implement industry-standard security measures including encrypted data transmission (HTTPS), secure authentication via Clerk, database-level Row Level Security, and regular security reviews. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate personal information
  • Request deletion of your personal information
  • Export your collection data in a portable format
  • Opt out of marketing communications at any time
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at privacy@cardalpha.pro

10. Children's Privacy

CardAlpha is not directed to children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

11. New Jersey Residents

If you are a New Jersey resident, you have additional rights under the New Jersey Consumer Privacy Act. You may request access to, correction of, or deletion of your personal data by contacting us at privacy@cardalpha.pro. We will respond to verified requests within 45 days.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered members of material changes via email at least 30 days before the changes take effect. Continued use of the Platform after changes constitutes acceptance of the updated Policy.

13. Contact Us

For privacy-related questions or requests, contact us at privacy@cardalpha.pro