FR. Jr.+288.9%MT. Smith1.25+443.5%FJ. Garcia+253.0%MS. Kolek0.26+333.3%FA. Bohm+176.4%MT. France0.38+322.2%FH. Bader+164.6%MJ. Merrill0.38+322.2%FD. Schneider+162.2%MT. O'Neill0.38+322.2%FP. Bailey+151.3%MR. Detmers0.38+322.2%FB. Matthews+133.3%ML. Keaschall0.38+322.2%FL. García+129.6%MT. Ward0.38+322.2%FB. Naylor+128.3%MG. Arias0.38+322.2%FN. Velázquez+125.5%MC. Raleigh0.51+264.3%FE. Sosa+119.1%MK. Griffin0.54+260.0%FN. Fortes+113.8%MM. Gage0.27+200.0%FR. Durán+113.5%MA. Rodriguez12.56+187.4%FC. Mullins+112.1%MT. Thornton0.38+171.4%FE. White+110.7%MT. Ferguson0.38+171.4%FV. Jr.+107.6%MB. Stewart0.27+170.0%FL. O'Hoppe+104.3%MJ. Erving4.12+169.3%FR. Devers+101.3%MA. Kaline3.31+166.9%FM. Chapman+100.4%MF. Thomas3.43+165.9%FB. Garcia+100.0%MJ. Garcia0.25+127.3%FR. Jr.+288.9%MT. Smith1.25+443.5%FJ. Garcia+253.0%MS. Kolek0.26+333.3%FA. Bohm+176.4%MT. France0.38+322.2%FH. Bader+164.6%MJ. Merrill0.38+322.2%FD. Schneider+162.2%MT. O'Neill0.38+322.2%FP. Bailey+151.3%MR. Detmers0.38+322.2%FB. Matthews+133.3%ML. Keaschall0.38+322.2%FL. García+129.6%MT. Ward0.38+322.2%FB. Naylor+128.3%MG. Arias0.38+322.2%FN. Velázquez+125.5%MC. Raleigh0.51+264.3%FE. Sosa+119.1%MK. Griffin0.54+260.0%FN. Fortes+113.8%MM. Gage0.27+200.0%FR. Durán+113.5%MA. Rodriguez12.56+187.4%FC. Mullins+112.1%MT. Thornton0.38+171.4%FE. White+110.7%MT. Ferguson0.38+171.4%FV. Jr.+107.6%MB. Stewart0.27+170.0%FL. O'Hoppe+104.3%MJ. Erving4.12+169.3%FR. Devers+101.3%MA. Kaline3.31+166.9%FM. Chapman+100.4%MF. Thomas3.43+165.9%FB. Garcia+100.0%MJ. Garcia0.25+127.3%
HomeMy BinderDemo BinderLogin
Back to Player Index

Privacy Policy

Effective Date: April 28, 2026

1. Introduction

This Privacy Policy explains how Player Index ("we", "us", or "our") collects, processes, stores, and protects your personal data when you use our API and SaaS platform. By using our services, you understand that we process your data to operate our API, provide support, and deliver targeted advertising.

2. Information We Collect

To operate effectively, we collect information that identifies, relates to, or could reasonably be linked to you or your household. This includes:

  • Identifiers: Real name, email address, postal address, unique personal identifiers, and IP addresses.
  • Commercial Information: Billing data, products or services purchased, and purchasing histories.
  • User-Generated Portfolio Data:Information you voluntarily submit to the 'My Binder' feature, including physical card inventory, self-reported cost basis, acquisition dates, and sources.
  • Internet or Electronic Network Activity: API usage patterns, browsing history, search history, and information regarding your interaction with our website, application, or advertisements.

3. How We Use Your Information

We use your personal data to:

  • Operate our SaaS platform, optimize functionality, and provide customer support.
  • Process billing, account management, and subscription services.
  • Deliver personalized marketing and targeted advertising.

4. Data Sharing and Third-Party Integrations

To support our business model, we share certain personal data with third-party service providers.

  • Payment Processing: We use Stripe as a PCI-DSS compliant third-party payment processor for B2B API subscriptions. Your billing information is transmitted directly to Stripe. Player Index does not collect or store raw credit card numbers on its servers.
  • Advertising and Affiliates: We integrate with third-party networks, explicitly including Google AdSense and the eBay Partner Network. These embedded services may collect your usage patterns and identifiers to optimize your user experience and provide targeted advertising across the internet. Advertising cookies are only activatedafter you grant explicit "Marketing" consent via our cookie banner.
  • Artificial Intelligence: Our API utilizes third-party AI Large Language Models (LLMs) to process queries and identify cards. We ensure that our data sharing with AI providers is governed by strict terms to protect your data.
  • Hosting and Infrastructure (Railway, Supabase): Our platform is hosted on Vercel, and our primary user-authentication database is operated by Supabase. When you create a Player Index account or initiate our Claim Your Store flow, your email address, password hash, and account metadata are processed by these providers on our behalf under signed data-processing agreements. Note: If you choose to deploy a white-label storefront via the claim flow, you will also create an independentRailway account (with Postgres and Tigris storage) governed directly by Railway's own privacy policy; Player Index does not receive, store, or have access to the billing information you provide to Railway.
  • White-Label Storefront Operators (Merchant Sub-Processors): If you are a shopper on a third-party storefront powered by the Player Index white-label template, the individual shop owner is the data controller for your shopper data (name, shipping address, order details). Player Index acts as a sub-processor only for data that transits our API (such as card valuation lookups) and does not sell shopper data.

5. "Do Not Sell or Share My Personal Information" (CCPA)

Under the California Consumer Privacy Act (CCPA), the sharing of personal data with third parties like Google AdSense or eBay for targeted advertising purposes qualifies as a "sale" or "sharing" of personal information.

  • Your Right to Opt-Out: You have the absolute right to direct us not to sell or share your personal information. You can exercise this right at any time by clicking the "Do Not Sell My Personal Information"link located clearly on our homepage, or by declining "Marketing" cookies in our cookie banner.
  • Minors: We will not sell the personal information of consumers we have actual knowledge are under the age of 16 without affirmative opt-in consent. For consumers under the age of 13, this requires the affirmative authorization of a parent or guardian.

6. Your Privacy Rights

Depending on your location, including under the GDPR and CCPA, you possess the following rights regarding your data:

  • Right of Access: You may request details about the categories and specific pieces of personal data we have collected, the purposes for processing, and the third parties with whom it is shared. You can view your core account data at any time by visiting your Account Settings.
  • Right to Deletion (Erasure): You may request that we delete the personal information we have collected from you, subject to certain legal and operational exceptions (e.g., detecting security incidents or complying with legal obligations). You can exercise your right to deletion at any time via the self-service "Delete Account Permanently" button in your Account Settings. This tool will cancel any active Stripe subscriptions, revoke your API keys, anonymize your financial transaction records, and remove your personal data from our authentication database.
  • Right to Data Portability: You have the right to receive your electronic data in a structured, commonly used, and machine-readable format. Click "Export My Data" in your Account Settings to download a JSON file containing your account details, API key metadata, and complete token transaction history. Store owners can additionally export financial records via the 1-Click CSV Export in their admin dashboard.
  • Right to Non-Discrimination: We will not discriminate against you (e.g., by denying services or charging different prices) for exercising your privacy rights.

7. Account Deactivation & Deletion

We provide two self-service account management options in your Account Settings, designed to give you full control over your data and presence on our platform:

  • Account Deactivation (Temporary): Deactivation temporarily hides your profile, suspends your storefront (the API gateway will reject requests with your key), and pauses any active Stripe subscriptions. Your data remains intact on our servers. You may reactivate your account at any time simply by logging back in — your data and subscription will be automatically restored.
  • Permanent Account Deletion:Permanent deletion is irreversible. When you delete your account, we will: (a) cancel any active Stripe subscriptions, (b) revoke all API keys, (c) remove your profile from our authentication database, and (d) delete your store deployment records. A two-step confirmation process (including typing "DELETE") is required before execution.
  • Financial Records Exception: In compliance with tax and accounting regulations, we retain anonymized records of financial transactions (e.g., token purchase amounts and dates) even after account deletion. These records are stripped of all personally identifiable information and cannot be linked back to you.
  • Deletion Confirmation Email: Upon permanent deletion, we send a final transactional email to your registered address confirming that your account and data have been purged. This serves as both a receipt and a security measure in the event of unauthorized account access.

8. Data Retention and Security

We implement commercially reasonable technical and organizational security measures, including encryption, access controls, and multi-factor authentication, to protect your data against unauthorized access or security incidents. We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, to perform our contractual obligations, or as required by law, after which it is permanently deleted.

9. Data Sovereignty and International Transfers

In compliance with 2026 data sovereignty standards, we practice "Privacy by Design". If your data is transferred outside of your home jurisdiction (such as out of the European Economic Area or the UK), we ensure appropriate legal safeguards are in place. This includes executing Standard Contractual Clauses (SCCs) or relying on frameworks like the EU-U.S. Data Privacy Framework (DPF) to guarantee adequate legal protection for your personal data.

10. Developer Data Processing (B2B)

When you register as a developer, claim a white-label storefront, or generate API tokens through our platform, we collect and process the following business-to-business data:

  • Account Registration Data: Your email address, chosen store name, and store URL are stored in our central Supabase authentication database upon account creation.
  • API Keys: When you generate an API key, only a cryptographic hash (SHA-256) of the key is stored in our api_keys table. The plaintext key is displayed to you once and is never stored or recoverable by Player Index.
  • Fleet Ledger: If you deploy a white-label storefront via the Claim flow, we record your Railway deployment identifier, provisioned domain, and deployment status in our fleet_ledger table. This data is used exclusively for deployment management, support, and abuse prevention.
  • Scanner API Uploads: Raw card photographs submitted via POST /scan/upload are temporarily stored in our object-storage buckets for processing. Images are automatically purged after processing is complete. We do not use uploaded images for model training or any purpose other than fulfilling the scan request.
  • Usage Telemetry: API call counts, token consumption, rate-limit events, and error rates are logged per API key for billing, capacity planning, and abuse detection.

We process developer data under the legal basis of contractual necessity (GDPR Art. 6(1)(b)) — it is required to deliver the API service you have subscribed to. You may export or delete your developer data at any time via the self-service tools in your Account Settings, or by contacting admin@verdicsystems.com.

11. Children's Privacy (COPPA Compliance)

THIS SITE AND ITS SERVICES — INCLUDING THE API, DEVELOPER PORTAL, AND CARD FORECASTER — ARE NOT DIRECTED AT CHILDREN UNDER THE AGE OF 13. PLAYER INDEX DOES NOT KNOWINGLY COLLECT PERSONAL INFORMATION FROM CHILDREN UNDER 13.

In compliance with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501–6506) and Google AdSense publisher policies:

  • Player Index does not knowingly collect, use, or disclose personal information from children under the age of 13 without verifiable parental consent.
  • If we become aware that we have collected personal information from a child under 13, we will promptly delete that information from our systems.
  • Google AdSense advertising on this site does not serve personalized advertisements based on the activity of users known to be under the age of 13.
  • Parents or guardians who believe their child has provided personal information to Player Index may contact us at admin@verdicsystems.com to request deletion.

12. Cookie Consent & Tracking Technologies

Player Index uses a granular cookie consent mechanism that categorises tracking technologies into four groups:

  • Necessary: Required for authentication, security, and basic site functionality. These cannot be disabled.
  • Preferences: Remember your display settings, theme, and interface preferences.
  • Statistics: Anonymous usage analytics (Vercel Analytics) to help us understand how the platform is used.
  • Marketing: Personalised advertising via Google AdSense and eBay Partner Network affiliate tracking. These cookies are only activated after you grant explicit consent via our cookie banner.

Your consent choices are timestamped and stored locally. You may update your preferences at any time by clicking "Cookie Preferences" in the site footer.

13. Contact

For privacy-related inquiries, please contact us at admin@verdicsystems.com.