Back to CardSense Pro

Privacy Policy

Last updated: January 24, 2026

At CardSense Pro, we take your privacy seriously. This policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Data Controller

CardSense Pro is the data controller responsible for your personal data. For any privacy-related inquiries, contact us at:
privacy@cardsense.pro

2. Data We Collect

2.1 Account Information

  • Email address
  • Name (optional)
  • Profile picture (if using social login)
  • Password (hashed, never stored in plain text)

2.2 Portfolio Data

  • Cards you add to your collection
  • Purchase prices and dates
  • Binders and deck configurations
  • Notes and tags you create

2.3 Usage Data

  • Pages visited and features used
  • Device type and browser information
  • IP address (anonymized)
  • Referring website

2.4 Payment Information

Payment details are processed by Stripe and are never stored on our servers. We only receive confirmation of successful payments and subscription status.

3. Legal Basis for Processing

We process your data based on:

  • Contract: To provide the services you signed up for
  • Consent: For marketing communications (opt-in only)
  • Legitimate Interest: To improve our service and prevent fraud
  • Legal Obligation: To comply with applicable laws

4. How We Use Your Data

  • Providing and improving our portfolio tracking services
  • Processing payments and managing subscriptions
  • Sending service-related notifications
  • Analyzing usage to improve features (anonymized)
  • Responding to support requests
  • Marketing communications (only with your consent)

5. Data Sharing

We share your data only with:

  • Stripe: Payment processing
  • Vercel: Hosting infrastructure
  • Neon: Database hosting (EU region)
  • Analytics providers: Privacy-focused, GDPR-compliant tools

We do not sell your personal data to third parties. We do not share your portfolio data with anyone unless you explicitly choose to make it public.

6. Data Retention

  • Account data: Retained while your account is active, deleted within 30 days of account deletion
  • Portfolio data: Retained while your account is active
  • Deleted cards: Moved to trash for 30 days, then permanently deleted
  • Payment records: Retained for 7 years for tax compliance
  • Analytics data: Anonymized and aggregated after 90 days

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: Withdraw consent for marketing at any time

To exercise these rights, contact us at privacy@cardsense.pro. We will respond within 30 days.

8. Data Security

We protect your data through:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Regular security audits
  • Access controls and authentication
  • Secure password hashing (bcrypt)

9. International Transfers

Your data is primarily stored in the European Union (EU). Where data is transferred outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

10. Cookies

We use cookies for:

  • Essential cookies: Required for the service to function (authentication, preferences)
  • Analytics cookies: To understand how you use our service (only with consent)

You can manage cookie preferences in your browser settings. Disabling essential cookies may affect service functionality.

11. Children's Privacy

CardSense Pro is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us for removal.

12. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

13. Supervisory Authority

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

https://autoriteitpersoonsgegevens.nl

14. Contact Us

For any privacy-related questions or to exercise your rights:
privacy@cardsense.pro