Privacy Policy

Last updated: November 26, 2025

Overview

ShowVault and VaultBridge are designed with privacy as a core principle. We believe your card collection data belongs to you. This policy explains how we collect, use, and protect your information.

What We Collect

Account Information

  • Email address (for authentication via magic link)
  • Account creation date

Card Collection Data

When you use the VaultBridge extension to sync your vault, we store:

  • Card details (player name, year, set, card number, grade)
  • Grading certification numbers
  • Card images (cached from vault providers)
  • Vault source (PSA, Alt, Fanatics)
  • Sync timestamps

What We Do NOT Collect

  • Vault credentials - We never see or store your PSA, Alt, or Fanatics passwords
  • Payment information - We don't process payments (beta period)
  • Browsing history - The extension only activates on vault inventory pages
  • Personal identification - No names, addresses, or phone numbers required

How We Collect Data

User-Initiated Sync Only

You control when syncing happens. The VaultBridge extension only reads data when you explicitly click the "Start Sync" button. There is no automated background syncing, scheduled scraping, or passive data collection.

DOM Reading (Not Scraping)

The extension reads the visible content of vault pages you are already authenticated to. It does not bypass login pages, intercept network traffic, or access data you couldn't see yourself in your browser.

How We Use Your Data

  • Unified Dashboard - Display your cards from all vaults in one place
  • Public Sharing - Generate shareable links (only if you choose)
  • Deletion Detection - Track when cards leave your vaults
  • Service Improvement - Aggregate, anonymized statistics

We do not sell your data, share it with advertisers, or use it for purposes beyond providing the ShowVault service.

Data Security

Row Level Security (RLS)

Your data is stored in a secure database with Row Level Security policies. This means:

  • You can only access your own collection data through the application
  • Other users cannot query or view your cards
  • API access is restricted to your own data only

Authentication

We use passwordless magic link authentication. No passwords are stored or transmitted. Session tokens are encrypted and automatically expire.

Extension Security

  • Minimal permissions (only vault provider domains)
  • No access to browsing history or other tabs
  • Session tokens stored in encrypted Chrome storage

Data Retention

Your collection data is retained as long as you maintain an active account. You may request deletion of your account and all associated data at any time by contacting us.

Third-Party Services

We use the following third-party services:

  • Supabase - Database hosting and authentication
  • Netlify - Website hosting
  • Resend - Email delivery for magic links

These services have their own privacy policies and are selected for their security practices.

Your Rights

  • Access - View all data we have about you via the dashboard
  • Export - Download your collection data as CSV or JSON
  • Deletion - Request complete account and data deletion
  • Correction - Update your account information

Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated via email. The "Last updated" date at the top indicates when this policy was last revised.

Contact

For privacy-related questions or data requests, contact us at privacy@showvault.net

View Terms of Service →
Privacy Policy - ShowVault