Privacy Policy
Last updated: November 26, 2025
Overview
ShowVault and VaultBridge are designed with privacy as a core principle. We believe your card collection data belongs to you. This policy explains how we collect, use, and protect your information.
What We Collect
Account Information
- Email address (for authentication via magic link)
- Account creation date
Card Collection Data
When you use the VaultBridge extension to sync your vault, we store:
- Card details (player name, year, set, card number, grade)
- Grading certification numbers
- Card images (cached from vault providers)
- Vault source (PSA, Alt, Fanatics)
- Sync timestamps
What We Do NOT Collect
- Vault credentials - We never see or store your PSA, Alt, or Fanatics passwords
- Payment information - We don't process payments (beta period)
- Browsing history - The extension only activates on vault inventory pages
- Personal identification - No names, addresses, or phone numbers required
How We Collect Data
User-Initiated Sync Only
You control when syncing happens. The VaultBridge extension only reads data when you explicitly click the "Start Sync" button. There is no automated background syncing, scheduled scraping, or passive data collection.
DOM Reading (Not Scraping)
The extension reads the visible content of vault pages you are already authenticated to. It does not bypass login pages, intercept network traffic, or access data you couldn't see yourself in your browser.
How We Use Your Data
- Unified Dashboard - Display your cards from all vaults in one place
- Public Sharing - Generate shareable links (only if you choose)
- Deletion Detection - Track when cards leave your vaults
- Service Improvement - Aggregate, anonymized statistics
We do not sell your data, share it with advertisers, or use it for purposes beyond providing the ShowVault service.
Data Security
Row Level Security (RLS)
Your data is stored in a secure database with Row Level Security policies. This means:
- You can only access your own collection data through the application
- Other users cannot query or view your cards
- API access is restricted to your own data only
Authentication
We use passwordless magic link authentication. No passwords are stored or transmitted. Session tokens are encrypted and automatically expire.
Extension Security
- Minimal permissions (only vault provider domains)
- No access to browsing history or other tabs
- Session tokens stored in encrypted Chrome storage
Data Retention
Your collection data is retained as long as you maintain an active account. You may request deletion of your account and all associated data at any time by contacting us.
Third-Party Services
We use the following third-party services:
- Supabase - Database hosting and authentication
- Netlify - Website hosting
- Resend - Email delivery for magic links
These services have their own privacy policies and are selected for their security practices.
Your Rights
- Access - View all data we have about you via the dashboard
- Export - Download your collection data as CSV or JSON
- Deletion - Request complete account and data deletion
- Correction - Update your account information
Changes to This Policy
We may update this privacy policy from time to time. Significant changes will be communicated via email. The "Last updated" date at the top indicates when this policy was last revised.
Contact
For privacy-related questions or data requests, contact us at privacy@showvault.net