Privacy Policy

Last updated: 2026-04-19

1. Introduction

Gradeon ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use the Gradeon mobile application ("the Service").

2. Information We Collect

2.1 Account Information

Email address (for authentication)
Google account information (if using Google Sign-In)
User ID (generated by our authentication provider)

2.2 Card Data

Images of trading cards you upload or capture
AI-generated grading analysis
Defect annotations (AI-detected and user-corrected)
Card metadata (name, set, number)

2.3 Pricing Data

Card price information from PriceCharting API
Historical price tracking data
Pokémon TCG card selections

2.4 Technical Data

Device information
App version
Usage timestamps
Error logs and diagnostics

3. How We Use Your Information

We use your data to:

Provide the Service: Process card images, generate grades, fetch pricing data
Improve AI Models: Train and improve our card grading algorithms
Store Your Collection: Save your scanned cards and pricing history
Authenticate Users: Manage account access and security
Provide Support: Respond to inquiries and troubleshoot issues

4. Data Storage and Security

4.1 Where We Store Data

Your account, card data, and uploaded images are stored using Supabase (Postgres + Object Storage). Card image analysis runs on Google Cloud Run.

4.2 Data Security

We implement security measures including:

Encrypted data transmission (HTTPS/TLS)
Row-level security on the database to protect user data
Authentication requirements for data access
Regular security updates and monitoring

4.3 Data Retention

We retain your data for as long as your account is active. You can delete your account and all associated data at any time from within the app.

5. Third-Party Services

We use the following third-party services:

AI Analysis Engine: For card image analysis (data sent to our secure AI provider for processing)
PriceCharting: For market pricing data
Pokémon TCG API: For card database information
Supabase: For authentication, database, and storage
Google Cloud Run: For card image analysis

Each service has its own privacy policy. We are not responsible for third-party data practices.

6. Your Rights

You have the right to:

Access: View all data we store about you
Export: Download your card images and grading data
Delete: Remove your account and all associated data
Correct: Edit defect annotations and card information
Object: Opt-out of data collection by not using the Service

7. Children's Privacy

The Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with data, please contact us immediately.

8. International Users

Your data is stored in Supabase data centers, which may be located in different countries. By using the Service, you consent to the transfer of your data to these locations.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions or to exercise your rights, please contact us through Discord: https://discord.gg/ExqhPFhpYG

Note: This Privacy Policy is provided for transparency. For legal enforcement of your data rights under GDPR, CCPA, or other regulations, please contact us directly.