← Back to Home

Privacy Policy

Effective Date: April 8, 2026

1. Overview

ShinyBinder.com ("ShinyBinder," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (the "Service").

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account (via Google sign-in or email), we collect your name, email address, and profile picture (if provided by your authentication provider).
  • Workspace Information: If you create or join a workspace, we collect the workspace name and your role within it.
  • Collection Data: Card inventory data, deck lists, pack opening records, and related information you enter into the Service.
  • User Content: Images, videos (e.g., pack opening recordings), and other files you upload to the Service.
  • Payment Information: If you subscribe to a paid tier, payment details are collected and processed by our third-party payment processor. We do not store your full payment card information on our servers.
  • Community Contribution Data: When you log pack openings, we record data about the cards you pull. This data is used to compute community statistics. Only combined totals across all contributing workspaces are shown publicly.

2.2 Information Collected Automatically

  • Usage Data: We use PostHog to collect analytics data including pages visited, features used, click events, session duration, and general usage patterns.
  • Device Information: Browser type, operating system, device type, and screen resolution.
  • Log Data: IP address, access times, and referring URLs.
  • Cookies: We use cookies and similar technologies for authentication, session management, and analytics. See Section 8 for more details.

2.3 Information from Third Parties

  • Authentication Providers: When you sign in via Google or another OAuth provider, we receive your name, email, and profile picture from that provider.
  • eBay Integration: If you connect your eBay account, we store OAuth tokens to facilitate listing and inventory syncing. We do not access your eBay data beyond what is necessary for the integration.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your subscription
  • Authenticate your identity and manage your account
  • Analyze usage patterns to improve features and user experience
  • Process uploaded videos through AI to identify cards from pack openings
  • Communicate with you about service updates, security alerts, and support
  • Detect, prevent, and address fraud or abuse
  • Comply with legal obligations
  • Compute aggregated community pull rate statistics from your pack opening records, where you have consented via our Terms of Service.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We share data with third-party sub-processors who help us operate the Service:
    • Neon — database hosting and storage of your account and collection data
    • Cloudflare R2 — cloud storage for uploaded images and pack opening videos
    • Google Gemini — AI video analysis for card identification during pack openings
    • PostHog — product analytics and usage tracking
    • Stripe — payment processing for Supporter Tier subscriptions
    • Vercel — application hosting and edge delivery
    • Auth.js / NextAuth — authentication, operated self-hosted; no personal data is shared with Auth.js as an external service beyond what is provided by your chosen OAuth provider (e.g., Google)
  • Workspace Members: If you belong to a workspace, other members of that workspace can see shared inventory data and activity within the workspace.
  • Legal Requirements: We may disclose information if required to do so by law or in response to valid legal process.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • Community Statistics: Aggregated pack opening totals may be combined with data from other workspaces to display community pull rates. Individual workspace data is never shown publicly.

5. Data Retention

We retain your account and collection data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or legitimate business purposes.

Uploaded videos for pack rip analysis are stored temporarily and automatically deleted after processing is complete.

Audit logs (which record inventory changes) are retained indefinitely for data integrity purposes but do not contain personal information beyond your user ID.

Community contribution data is retained for as long as your account is active. If you opt out of community contributions, your data will no longer appear in community statistics but will remain stored until your account is deleted.

6. Data Security

We implement reasonable technical and organizational measures to protect your information, including encrypted connections (TLS), secure authentication, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Data Breach Notification

In the event of a data breach that affects your personal information, ShinyBinder will comply with all applicable data breach notification laws. We will notify affected users without undue delay, and where required by law, notify the relevant supervisory authorities within the timeframes specified by applicable law. Notifications will be sent to the email address associated with your account.

8. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication and session management. These cannot be disabled.
  • Analytics Cookies: Used by PostHog to understand how users interact with the Service. You can opt out of analytics tracking through your browser settings or PostHog's opt-out mechanism.

9. Do Not Track

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. ShinyBinder does not currently respond to browser DNT signals. If a standard for DNT compliance is established, we will review and update our practices accordingly.

California law (California Business & Professions Code Section 22575) requires us to disclose how we respond to DNT signals. Because no recognized standard currently exists, we are disclosing that we do not alter our data collection practices in response to DNT signals.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data and account.
  • Portability: Request an export of your data in a machine-readable format.
  • Opt-Out: Opt out of analytics tracking at any time.
  • Community Data Opt-Out: You may stop contributing your pack opening data to community statistics at any time via Settings → Privacy. Your data will no longer appear in community displays. Community contribution data is deleted when your account is deleted. We do not offer partial deletion of community data independently of your account.

To exercise any of these rights, contact us at support@shinybinder.com. We will respond within 30 days.

11. Children's Privacy

ShinyBinder is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@shinybinder.com.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your data, and the right to opt out of the sale of personal information. We do not sell personal information.

13. International Users & GDPR Compliance

ShinyBinder is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

Data Controller. ShinyBinder is the data controller for personal data collected through the Service. This means we determine the purposes and means of processing your personal data.

Legal Bases for Processing. Where the GDPR applies, we process your personal data on the following legal bases:

  • Consent — when you create an account (account information) or opt in to community data contribution (pack opening statistics)
  • Contract performance — to provide the Service and process your subscription payments
  • Legitimate interests — product analytics, fraud prevention, and improving the Service, where those interests are not overridden by your rights
  • Legal obligation — where we are required to process data to comply with applicable laws

International Transfers. Your personal data may be transferred to and processed in the United States, which may not provide the same level of data protection as your home country. For transfers from the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission where applicable to ensure an adequate level of protection.

Additional EEA Rights. If you are located in the EEA, in addition to the rights described in Section 10, you have the right to:

  • Restrict processing — request that we limit how we use your personal data in certain circumstances
  • Object to processing — object to processing based on legitimate interests
  • Data portability — receive your personal data in a structured, machine-readable format and have it transferred to another controller
  • Lodge a complaint — file a complaint with your local data protection supervisory authority if you believe we have processed your personal data unlawfully

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the effective date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

15. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

support@shinybinder.com

Terms of ServiceHome