Privacy Policy

1. Introduction

Welcome to TCG Snipe ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our desktop application, Chrome browser extension, and website (collectively, the "Service").

By using TCG Snipe, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

When you create an account or use our Service, we collect:

• Account Information: Email address, name (optional)
• Payment Information: Processed securely by Stripe (we never store your full credit card details)
• Authentication Data: Managed by WorkOS (enterprise-grade authentication provider)

2.2 Information Automatically Collected

When you use TCG Snipe, we automatically collect:

• Card Scan Data: Card images (temporarily), card name, set, game type, pricing data
• Usage Information: Number of scans, scan timestamps, subscription tier
• Device Information: Operating system type, app version
• Log Data: Error logs, performance metrics (for debugging and service improvement)

2.3 Information We Do NOT Collect

• We do NOT record your screen or monitor your activity outside of card scans
• We do NOT access your webcam, microphone, or files without your explicit action
• We do NOT track your browsing history or other apps you use
• We do NOT sell, rent, or share your personal data with third parties for marketing

2.4 Chrome Extension Specific Data

What the Extension Accesses:

• Active Tab Screenshots: When you press Ctrl+Shift+S, the extension captures a screenshot of your current tab (Whatnot, TikTok, or YouTube) to scan the card. Screenshots are immediately sent to our AI service and never stored.
• Local Storage: Stores your login token and scan history locally in your browser (using chrome.storage.sync). This data is synced across your Chrome browsers if you're signed into Chrome.
• Tab Navigation: The extension opens authentication pages (tcgsnipe.com/login) in a new tab when you sign in. We do not monitor your browsing history or other tabs.

Permissions Explained:

What the Extension Does NOT Do:

• ❌ Does NOT track your browsing history or monitor websites you visit
• ❌ Does NOT read your emails, passwords, or personal files
• ❌ Does NOT inject ads or modify website content (except our price overlay)
• ❌ Does NOT sell or share your data with third parties
• ❌ Does NOT run cryptocurrency miners or other background processes
• ❌ Does NOT access your webcam, microphone, or other hardware

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service: Process card scans, retrieve pricing data, maintain your scan history
• Account Management: Create and manage your account, authenticate users, manage subscriptions
• Payment Processing: Process payments securely through Stripe
• Customer Support: Respond to your inquiries, troubleshoot issues
• Service Improvement: Analyze usage patterns to improve accuracy and performance
• Security: Detect and prevent fraud, abuse, and security vulnerabilities
• Legal Compliance: Comply with applicable laws and regulations

4. How Card Images Are Handled

Here's the exact flow:

1. You press the screenshot hotkey (Ctrl+Shift+C)
2. The image is captured and compressed locally on your device
3. The compressed image is sent to Google Gemini AI for card recognition
4. We receive card details (name, set, etc.) from Gemini
5. The image is immediately deleted from our servers
6. We store only the card metadata (name, set, pricing) in your scan history

Google Gemini: Card images sent to Gemini are processed in accordance with Google's Cloud Privacy Policy. Google does not use your images to train AI models when using our enterprise API tier.

5. Third-Party Services

We use trusted third-party services to operate TCG Snipe:

6. Data Retention

• Account Data: Retained as long as your account is active
• Scan History: Stored indefinitely unless you delete it or close your account
• Card Images: Deleted immediately after processing (not stored)
• Payment Data: Managed by Stripe according to their retention policies
• Logs & Analytics: Retained for up to 90 days for debugging and security

When you delete your account, we delete all personal data within 30 days, except where required by law (e.g., tax records, fraud prevention).

7. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data transmitted over HTTPS/TLS, encrypted at rest in our database
• Authentication: Enterprise-grade auth via WorkOS with JWT tokens
• Access Control: Strict role-based access, least-privilege principle
• Regular Audits: Security reviews and dependency updates
• No Plaintext Storage: Sensitive data is never stored in plaintext

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 Access & Portability

You can access and export your scan history anytime from the account dashboard.

8.2 Correction

You can update your account information (name, email) from the account settings.

8.3 Deletion

You can delete your account and all associated data by emailing support@tcgsnipe.com. We will process deletion requests within 30 days.

8.4 Opt-Out of Marketing

We do not send marketing emails unless you explicitly opt-in. You can unsubscribe anytime.

8.5 GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR, including:

• Right to access your personal data
• Right to rectification (correction of inaccurate data)
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

To exercise these rights, contact us at support@tcgsnipe.com.

8.6 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do NOT sell your data)
• Right to request deletion of personal information
• Right to non-discrimination for exercising CCPA rights

9. Children's Privacy

TCG Snipe is not intended for users under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at support@tcgsnipe.com, and we will delete it.

10. International Data Transfers

Your data may be processed and stored in the United States or other countries where our service providers operate. By using TCG Snipe, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

We ensure that all international transfers comply with applicable data protection laws through appropriate safeguards (e.g., Standard Contractual Clauses for EU users).

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending you an email notification (if you have an account)
• Displaying a prominent notice in the desktop app

Your continued use of TCG Snipe after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: