Privacy Policy

Last updated: April 2026

DeckTradr ("we," "us," or "our") operates the website at decktradr.com and the DeckTradr mobile application (collectively, the "Service"). This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our Service.

1. Information We Collect

1.1 Information You Provide

We collect personal information that you voluntarily provide when you:

• Create an account: Name, email address, and password (or authentication via Google or Apple OAuth).
• Verify your phone number: Phone number, verified via SMS through our verification provider, Twilio.
• Place an order: Shipping address and billing address. Payment card details are collected directly by Stripe and are never stored on our servers.
• Use the Service: Card collection data (card names, sets, conditions, purchase prices, grading information), custom binder names, and profile information (username).
• Contact us: Any information you include in emails or support requests.

1.2 Information Collected Automatically

When you visit our website, we may automatically collect:

• Device and browser information: Browser type, operating system, and device type.
• Usage data: Pages visited, time spent on pages, and referring URLs.
• IP address: Collected by our hosting provider (Amazon Web Services) and by third-party services loaded on our site (see Section 4).

1.3 Cookies and Local Storage

We use the following technologies to store information on your device:

• Strictly necessary cookies: Session cookies for authentication (via SuperTokens), CSRF protection tokens, and your cookie consent preferences. These are required for the Service to function.
• Functional storage: We use your browser's localStorage to remember your shopping cart, collection sort preferences, and scroll position. This data stays on your device.
• Analytics: We use Plausible Analytics, a privacy-focused analytics service that does not use cookies and does not collect personal data. It records aggregate page views only.
• Marketing cookies (with your consent): If you consent, we load Meta Pixel (Facebook), which sets cookies (_fbp, _fbc) to track browsing activity for advertising purposes. This is the only category that shares data with a third party for advertising. You can manage this via our Cookie Policy or Do Not Sell or Share page.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including processing orders and managing your account.
• Process payments and fulfill shipping for product orders.
• Verify your identity through phone verification.
• Provide customer support and respond to your inquiries.
• Send transactional emails (order confirmations, account notifications).
• Send marketing emails about our products and services (you can unsubscribe at any time via the link in each email or your email preferences).
• Improve our Service based on aggregate usage data.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

3. We Do Not Sell Your Personal Information

DeckTradr does not sell your personal information for monetary consideration. However, if you consent to marketing cookies, Meta Pixel shares browsing identifiers with Meta Platforms, Inc. for targeted advertising purposes. Under the California Consumer Privacy Act (CCPA), this may constitute "sharing" of personal information. You have the right to opt out of this sharing at any time via our Do Not Sell or Share My Personal Information page.

4. Third-Party Services

We share your information with the following third-party service providers, solely for the purposes described:

• Stripe — Payment processing. Your payment card information is collected and processed directly by Stripe (PCI DSS Level 1 certified). We never store card numbers on our servers. Stripe Privacy Policy.
• Shippo — Shipping and fulfillment. Your name, shipping address, and contact information are shared to facilitate delivery. Shippo Privacy Policy.
• Meta / Facebook — Advertising analytics via Meta Pixel (only with your consent). Shares browsing identifiers for ad targeting. Meta Privacy Policy.
• Plausible Analytics — Privacy-focused, cookieless website analytics. No personal data is collected or shared. Plausible Data Policy.
• SuperTokens — Authentication and session management. SuperTokens Privacy Policy.
• Twilio — SMS-based phone number verification. Twilio Privacy Policy.
• Amazon Web Services (AWS) — Cloud hosting and email delivery (via Amazon SES for transactional and marketing emails). AWS Privacy Policy.
• Google — Google Fonts (loaded from Google CDN; your IP address is transmitted to Google) and Google OAuth for account login. Google Privacy Policy.
• Apple — Apple OAuth for account login. Apple Privacy Policy.
• Font Awesome / Cloudflare — Icon library loaded from CDN; your IP address is transmitted. Font Awesome Privacy Policy.

We may also disclose your information if required by law, subpoena, court order, or government request, or to protect the rights, property, or safety of DeckTradr, our users, or others.

5. Your Rights and Choices

5.1 All Users

• Access your data: You can view your account information and collection data through your profile.
• Export your data: You can export your collection data at any time via the export feature in the app.
• Delete your account: You may permanently delete your account and all associated personal data at any time from our Delete My Account page (sign in required). You can also submit a request by email to support@decktradr.com. Either way, we will process your request within 45 days.
• Delete your data: You may also use our Delete My Data page to request deletion of the personal data we hold about you. Because your collection and activity are tied 1:1 to your account, this also deletes the account itself.
• Correct your data: You can update your profile information through your account settings, or contact us for corrections we cannot make through the interface.
• Unsubscribe from marketing emails: Click the unsubscribe link in any marketing email, or manage your preferences through your email settings.
• Manage cookies: Use our Cookie Policy page to change your cookie preferences at any time.

5.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt Out of Sharing: You may opt out of the sharing of your personal information for targeted advertising (Meta Pixel) via our Do Not Sell or Share My Personal Information page.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise these rights, contact us at support@decktradr.com. We will respond within 45 days. We may need to verify your identity before processing your request.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you request account deletion, we will delete your personal information within 45 days, except where we are required to retain it for legal, accounting, or fraud prevention purposes. Anonymized or aggregated data that cannot identify you may be retained indefinitely.

7. Data Security

We implement industry-standard security measures to protect your information, including:

• All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
• Payment card data is processed by Stripe, a PCI DSS Level 1 certified payment processor. DeckTradr never stores, processes, or transmits credit card numbers.
• Our infrastructure is hosted on Amazon Web Services with enterprise-grade security controls.
• Passwords are stored using secure one-way hashing algorithms.

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Children's Privacy

DeckTradr is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@decktradr.com, and we will promptly delete that information.

9. Data Breach Notification

In the event of a data breach involving your personal information, we will notify affected individuals as required by applicable federal and state laws, including Arizona Revised Statutes § 18-552, the California Consumer Privacy Act (CCPA), and any other applicable state breach notification statutes. Notification will be provided within the timeframes required by the applicable laws governing each affected individual.

10. International Users

Our Service is hosted and operated in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, contact us at:

• Email: support@decktradr.com
• Mail: 8790 E Via De Ventura, Unit 5800, Scottsdale, AZ 85261, United States