Real-time TCG market data, portfolio tracking & price alerts View Plans

Privacy Policy

Last updated February 22, 2026

1. Introduction

This Privacy Policy describes how Investors.Cards ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit or use our website at investors.cards (the "Service"). By using the Service, you consent to the practices described in this policy.

2. Information We Collect

Account Information: When you sign in using Google or Discord, we receive your name, email address, and profile picture from the authentication provider. We do not collect or store passwords — authentication is handled entirely by your chosen provider through OAuth 2.0.

Portfolio Data: If you use the portfolio feature, we store the card identifiers you choose to track, along with timestamps of when cards were added or removed.

Price Alert Data: If you create price alerts, we store the card identifier, target price, alert direction (above/below), and your notification preferences.

Payment Information: If you subscribe to a paid plan (Pro or Premium), payment processing is handled entirely by Stripe, Inc. We do not collect, store, or have access to your full credit card number, debit card number, or bank account details. Stripe provides us with limited information including your Stripe customer ID, subscription status, plan type, billing cycle, and the last four digits of your payment method for display purposes. For details on how Stripe handles your payment data, see Stripe's Privacy Policy.

Log Data: We automatically collect standard server log data when you access the Service, including your IP address, browser type and version, operating system, referring URL, pages visited, time and date of visits, and time spent on pages.

Cookies: We use a session cookie to maintain your authentication state. See our Cookie Policy for details.

3. How We Use Your Information

We use your information for the following purposes:

  • To provide, operate, and maintain the Service, including your account, portfolio, and price alerts
  • To authenticate your identity and manage your session
  • To process subscription payments, manage billing, and maintain your subscription status
  • To communicate with you about your account, subscription changes, feature updates, or price alert notifications
  • To analyze usage patterns and improve the platform's features, performance, and user experience
  • To detect, prevent, and address technical issues, abuse, or fraud
  • To comply with legal obligations

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share information in the following limited circumstances:

  • Service Providers: We share data with third-party services that help us operate the platform, including Supabase (authentication and database hosting), Render (application hosting), and Stripe, Inc. (payment processing for Pro and Premium subscriptions). When you subscribe to a paid plan, we share your email address with Stripe to create and manage your customer account. These providers are contractually obligated to protect your data and use it only to perform services on our behalf.
  • Affiliate Partners: When you click affiliate links to TCGPlayer, eBay, or other marketplaces, those platforms may collect data according to their own privacy policies. We do not share your personal data with these platforms — the affiliate relationship is tracked through URL parameters only.
  • Legal Requirements: We may disclose your information if required to do so by law, regulation, subpoena, court order, or other governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction.

5. Data Retention

We retain your account information for as long as your account is active or as needed to provide the Service. Subscription and billing records (excluding full payment card details, which are held by Stripe) are retained for as long as required for accounting, tax, and legal compliance purposes. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal, regulatory, or financial record-keeping purposes. Log data is retained for up to 90 days for security and debugging purposes.

6. Data Security

We implement industry-standard security measures to protect your personal information, including encrypted data transmission (HTTPS/TLS), secure session management, and access controls on our databases. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may request that we correct inaccurate or incomplete personal data.
  • Deletion: You may request that we delete your personal data. We will comply unless we have a legal obligation to retain it.
  • Portability: You may request a machine-readable copy of your data.
  • Objection: You may object to our processing of your personal data in certain circumstances.
  • Withdrawal of Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, contact us at support@investors.cards. We will respond within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale of your personal information (we do not sell personal information); and not be discriminated against for exercising your privacy rights. To make a request, email support@investors.cards.

9. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR). Our legal bases for processing your data include: your consent (for optional features like waitlists), contractual necessity (to provide the Service), and legitimate interests (to improve and secure the platform). You have the right to lodge a complaint with your local data protection authority.

10. Children's Privacy

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete it promptly. If you believe a child under 13 has provided us with personal data, please contact us.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where applicable.

12. Third-Party Links

The Service may contain links to third-party websites and services, including TCGPlayer, eBay, and authentication providers. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: support@investors.cards

Markets Portfolio Search Sign In