PokéGrader

Privacy Policy

Effective date: August 24, 2025

Last updated: August 24, 2025

This Privacy Policy explains how PokéGrader (“PokéGrader,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information when you use pokegrader.ai and any related apps, APIs, or services that link to this Policy (the “Services”). If you have questions, contact us at support@pokegrader.ai.

We are not affiliated with or endorsed by The Pokémon Company, Nintendo, GAME FREAK, or any other card-grading company. Brand names may appear solely for identification.

1) Who we are & scope

If you reside in the EEA/UK/Switzerland, the controller of your personal data is PokéGrader. If you reside elsewhere, PokéGrader is also your controller and service provider. This Policy covers our processing of personal information related to your use of the Services and does not cover third-party websites/services.

Contact:
PokéGrader — support@pokegrader.ai

2) Information we collect

We collect information in three ways: (a) you provide it; (b) we collect it automatically; (c) we receive it from others.

(a) Information you provide

  • Account & profile: name, email, password/SSO identifier.
  • Content you upload: images of trading cards (including labels/serials), captions, notes.
  • Your inputs: searches, prompts, feedback, support messages.
  • Payments: processed by our payment processor; we receive limited records (e.g., transaction ID, amount).

(b) Information collected automatically

  • Usage: pages/screens viewed, features used, clicks, session length.
  • Device/tech: IP (approx. location), device IDs, OS, browser, language, app version, crash logs.
  • Cookies/identifiers for auth, analytics, preferences, and ads measurement.

(c) Information from third parties

  • Identity providers (e.g., Google SSO).
  • Analytics/ads partners with aggregated or pseudonymous insights.
  • Public/licensed sources (e.g., marketplace listings, population reports) processed per law/contracts.

We do not intentionally collect sensitive personal data (e.g., precise geolocation, health data) in ordinary use.

3) How we use information

  • Provide/improve the Services, including image processing, OCR, and ML features.
  • Safety & integrity: prevent fraud, abuse, and security incidents.
  • R&D: develop features, run analytics, evaluate algorithms (de-identified/aggregated where feasible).
  • Communications: service notices and (with required consent) marketing.
  • Advertising & measurement: deliver and measure ads; see §8.
  • Legal compliance and enforcement of our terms.

Model training with your uploads. By default, we don’t use identifiable user uploads to train models used beyond your account unless you opt in (e.g., via a setting/consent flow). We may use de-identified, aggregated, or synthetic data for QA, safety, and performance testing. You can change your preference anytime in settings or by contacting us.

Legal bases (EEA/UK/CH): contract performance; legitimate interests (product improvement, security); consent (e.g., marketing cookies); legal obligations.

4) AI features & automated decisions

Automated processing (e.g., classification/OCR) may be used but does not create legal or similarly significant effects about you. You can request human review where applicable.

5) Retention

  • Account data: while active and up to ~24 months after inactivity (unless law requires longer).
  • Uploads: while your account is active or until you delete; backups may persist up to ~90 days.
  • Logs/analytics: typically 12–24 months in aggregated form.

6) How we share information

We do not sell personal information for money. We may “share” personal information for cross-context behavioral advertising (see §9 for opt-out).

  • Service providers (hosting, storage/CDN, security, email/SMS, analytics, measurement) under contract.
  • Payment processors handle your payment details under their policies.
  • Advertising & measurement partners that deliver/measure ads and may set cookies or read device IDs.
  • Affiliates/business transfers (e.g., merger, acquisition, asset sale).
  • Legal/safety when required by law or to protect rights/users/public.
  • With your direction/consent (e.g., when you connect third-party apps or make content public).

7) Third-party content and links

We may link to or integrate third-party sites/services. Their practices are governed by their policies; review those before sharing information.

8) Cookies & tracking

We and partners use cookies/device IDs to keep you signed in, remember preferences, perform analytics, and deliver/measure advertising.

  • Where required, we obtain consent for non-essential cookies.
  • Manage preferences via our cookie banner/settings and your browser/device controls.
  • We endeavor to honor Global Privacy Control (GPC) signals in applicable regions.

9) Your rights & choices

Account & communications

  • Access/correct/delete certain info in settings; delete uploads; export data where available.
  • Opt out of marketing emails via the unsubscribe link (service emails may still be sent).

Targeted advertising

  • Opt out of cross-context behavioral advertising via site controls and (region-dependent) industry tools; we endeavor to honor GPC.

EEA/UK/Swiss residents (GDPR)

Rights to access, rectify, erase, restrict, object (including profiling), data portability, and withdraw consent. You may lodge a complaint with your supervisory authority.

US state privacy (e.g., CA/CO/CT/UT/VA)

Rights to access, correct, delete, and opt out of targeted ads/sale/profiling. California users may use the “Do Not Sell or Share My Personal Information” link (or email us).

To exercise rights, contact support@pokegrader.ai. We’ll verify and respond within applicable timelines.

10) Children’s privacy

Services aren’t directed to children under 13 (or local digital-consent age). If you believe a child provided personal info, contact us for deletion.

11) Security

We use administrative, technical, and physical safeguards (e.g., encryption in transit, access controls). No system is 100% secure; we’ll act consistent with law if an incident occurs.

12) International transfers

Data may be stored/processed in the US and other countries. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses).

13) Changes to this Policy

We may update this Policy. “Last updated” reflects the effective date. Material changes will be notified via the Services or email where appropriate.

14) Region-specific disclosures

California (CPRA) — Notice at Collection

Categories collected: identifiers (email, IP), commercial info (transactions), internet activity, coarse location, inferences, and user content. Uses are described in §3. Retention: see §5. We do not sell PI for money but may “share” for cross-context behavioral advertising; see opt-out in §9.

EEA/UK representative

If applicable, we’ll appoint an EU/UK representative and update this section.

15) How to contact us

Email: support@pokegrader.ai