Privacy Policy

Who we are

CardSeeker is a trading card vendor and store management platform operated by Digivide Ltd, a company registered in England and Wales. References to "we", "us" or "our" in this policy refer to Digivide Ltd.

If you have any questions about this policy or how we handle your data, contact us at hello@cardseeker.co.uk.

What data we collect

We collect the following categories of personal data:

Account data — your name and email address when you register.

Payment data — payment card details are handled entirely by Stripe. We never see or store your full card number. We store your Stripe customer ID and subscription status.

Inventory and business data — card inventory, pricing, event details, and revenue records you enter into the platform. This data belongs to you.

Usage data — pages visited, features used, and app activity, collected to improve the platform.

Device data — browser type, operating system, and IP address, collected automatically when you use the service.

Why we collect it

We collect and use your data for the following purposes:

To provide the service — your account data is required to create and maintain your CardSeeker account.

To process payments — subscription billing via Stripe requires a payment method and billing record.

To send service communications — we may email you about your account, subscription, or important product updates. We do not send marketing emails without your consent.

To improve the platform — usage data helps us understand how the app is used and where to focus development.

To comply with legal obligations — we may be required to retain certain records under UK law.

Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

Contract performance — processing your account and payment data is necessary to deliver the service you signed up for.

Legitimate interests — usage analytics and platform improvement, where these do not override your rights.

Legal obligation — where we are required to retain records by law.

Third parties we share data with

We use the following third-party services to operate CardSeeker:

Supabase — our database and authentication provider. Your account and inventory data is stored on Supabase infrastructure hosted in the EU.

Stripe — payment processing. Stripe's privacy policy applies to payment data: stripe.com/gb/privacy.

Vercel — our hosting provider. Request logs may be retained by Vercel for security and performance purposes.

Resend — used to send transactional emails (account confirmation, receipts). Only your email address is shared.

We do not sell your personal data to any third party.

How long we keep your data

We retain your account data for as long as you have an active CardSeeker account. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain records for legal or financial compliance purposes (typically 6 years for financial records under UK law).

Inventory and business data you have entered is deleted immediately on account deletion.

Your rights under UK GDPR

As a UK resident you have the following rights regarding your personal data:

Right of access — you can request a copy of the personal data we hold about you.

Right to rectification — you can ask us to correct inaccurate data.

Right to erasure — you can ask us to delete your personal data, subject to legal retention requirements.

Right to data portability — you can request your data in a machine-readable format.

Right to object — you can object to processing based on legitimate interests.

Right to restrict processing — you can ask us to pause processing of your data in certain circumstances.

To exercise any of these rights, email hello@cardseeker.co.uk. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Cookies

CardSeeker uses essential cookies only — specifically, a session cookie to keep you logged in. We do not use advertising cookies or third-party tracking cookies.

You can disable cookies in your browser settings, but this will prevent you from staying logged in to the platform.

Security

We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), access controls on our database, and regular security reviews. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or by displaying a notice in the app. The date at the top of this page shows when it was last updated.

Contact

For any privacy-related queries, contact us at hello@cardseeker.co.uk.

Digivide Ltd, England and Wales.