Privacy Policy

Comp My Card (“we,” “us,” or “our”) operates the Comp My Card service at compmycard.com (the “Service”). This Privacy Policy explains how we collect, use, share, and protect information about you when you use our Service. By creating an account or using the Service, you agree to this policy.

1. Information We Collect

Account information

When you register with an email and password, we collect your name, email address, and a bcrypt-hashed version of your password (your plaintext password is never stored). When you register via Google OAuth, we receive your name, email address, and profile picture from Google.

Search and usage data

We log each search query you perform, including the card name, sport, filters applied, result count, and timestamp. You may also save searches, which are stored alongside your account. This data powers your search history, saved search notifications, and pricing comparisons.

Preferences

We store your display preferences (theme, default sport, results per page, compact view, currency) and your marketing email opt-in status.

Payment information

If you subscribe to a Premium plan, payment is processed by Stripe. We do not store your card number, CVV, or full payment details. We retain your Stripe customer ID and subscription status.

Security and technical data

We log the timestamp, email, and IP address of login attempts to detect brute-force attacks and enforce account lockout. These records are retained for 15 minutes for security purposes. We use JSON Web Tokens (JWTs) to maintain your session; these are stored client-side and expire after 24 hours.

2. How We Use Your Information

• To create and manage your account and authenticate your sessions.
• To provide pricing comparisons using eBay sold listing data.
• To save your searches and deliver search-based notifications.
• To process subscription payments and manage your Premium access.
• To send you product updates, pricing tips, and news about the Service — only if you have opted in.
• To protect the Service against abuse, fraud, and unauthorized access.
• To comply with legal obligations.

3. Information We Share

We do not sell your personal data. We share it only with the following service providers acting as data processors on our behalf:

We may also disclose your information if required by law, court order, or to protect the rights, property, or safety of our users or the public.

4. Data Security

Your email address and name are encrypted at rest using AES-256-GCM with a unique initialization vector per record. Passwords are hashed using bcrypt with a cost factor of 12. All data is transmitted over HTTPS. Access to the database is restricted to the application server.

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we maintain industry-standard safeguards appropriate for a service of this type.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Ask us to correct inaccurate data.
• Deletion: Request deletion of your account and all associated data (right to erasure).
• Portability: Request your data in a structured, machine-readable format.
• Withdraw consent: Opt out of marketing emails at any time via your account settings or the unsubscribe link in any marketing email.
• Object to processing: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@compmycard.com. We will respond within 30 days. For deletion requests, you may also submit a request directly from your account page.

6. Data Retention

• Account data: Retained until you delete your account.
• Search history: Retained while your account is active. Deleted immediately upon account deletion.
• Login attempt logs: Retained for security monitoring purposes; individual records may be purged periodically.
• Price cache: Non-personal; cached eBay results expire automatically.
• Deletion audit log: We retain a minimal record (timestamp and anonymized user ID) of account deletions for legal compliance purposes.

7. Cookies and Sessions

We use JSON Web Tokens (JWTs) stored as HTTP-only cookies to maintain your authenticated session. These expire after 24 hours. We do not use tracking cookies for advertising purposes ourselves, but Google AdSense (when displayed) may set its own cookies subject to Google's cookie policy. You can control cookie preferences through your browser settings.

8. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us at privacy@compmycard.com and we will delete it promptly.

9. International Data Transfers

Our service is operated from the United States. If you are located in the European Economic Area, United Kingdom, or Canada, your personal data is transferred to and processed in the United States. We rely on standard contractual clauses or other appropriate safeguards for such transfers where required by applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “last updated” date at the top of this page. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy. For material changes, we will make reasonable efforts to notify you by email or via an in-app notice.

11. Contact

Questions, requests, or complaints about this Privacy Policy should be directed to: