VendBro is a product of Netmana LLC, a Hawaii-based technology company (netmana.net). This policy explains what data we collect, why, and how we handle it. We aim to collect only what we need to run the service.
1. What We Collect
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account creation, login, support | Until account deletion |
| Password (hashed) | Authentication | Until account deletion |
| Scan images | Card identification during scanning | Deleted after processing |
| Scan history | Your card scan log within the app | Until account deletion |
| Sale logs | Tracking cards you've marked as sold | Until account deletion |
2. What We Don't Collect
- Card images are not stored long-term. Images you scan are used for identification and then deleted. We do not build a library of your card photos.
- No tracking cookies. We don't use advertising cookies, analytics trackers, or fingerprinting. No data is sold to third parties.
- No payment card details. All billing is handled by PayPal — we never see or store your credit card number.
3. Third-Party Services
We use a small number of third-party services to operate VendBro:
- Supabase — Authentication and database hosting. Your account data and scan history are stored in a Supabase-hosted PostgreSQL database. Session tokens are stored in your browser's local storage.
- Google OAuth — If you sign in with Google, we receive your name and email address from Google. We do not access your contacts, files, or other Google data. See Google's Privacy Policy.
- PayPal — Payment processing (Merchant of Record). Handles all billing, invoicing, and payment data. See PayPal's Privacy Policy.
- Cloudflare — Hosting and CDN. Processes web requests to serve the app.
- TCGPlayer / TCGdex — Pricing data sources. We query these services for card market prices. No personal data is shared with them.
4. Data Retention
Account data (email, scan history, sale logs) is kept for as long as your account exists. When you request account deletion, all associated data is permanently removed from our database. Scan images are processed in real-time and deleted immediately after card identification — they are not stored.
5. Your Rights
You can request a copy or deletion of your data at any time by emailing [email protected]. We will process your request within 30 days.
Specifically, you have the right to:
- Know what personal data we hold about you
- Request deletion of your account and all associated data
- Request a portable copy of your data
- Withdraw consent for data processing (by deleting your account)
6. GDPR (European Users)
If you are located in the European Economic Area, you have rights under the General Data Protection Regulation. Our legal basis for processing your data is:
- Contract performance — to provide the VendBro service you signed up for
- Legitimate interest — to maintain and improve the service
To exercise any GDPR rights (access, rectification, erasure, portability, objection), email [email protected].
7. CCPA (California Users)
If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your rights, email [email protected].
8. Children
VendBro is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us and we will delete it.
9. Changes to This Policy
We may update this policy as the service evolves. Significant changes will be communicated via email or in-app notice. The "Last updated" date at the top reflects the most recent revision.
10. Contact
For any privacy-related questions or requests, email [email protected].