Privacy Policy
Last updated: June 7, 2026ITS Cards Emporium ("we", "us", "the app") helps you catalog your personal sports-card collection and, when you choose, list cards for sale on eBay. This policy explains what we collect, how your images and information are stored, who we share data with, and the choices and consent that put you in control.
1. Who we are
ITS Cards Emporium is operated as a personal/independent service. For any privacy question or request, contact us at [email protected].
2. Information we collect
- Account information. When you sign in with Google or Microsoft, we receive your name and email address to create and secure your account. We never see or store your Google/Microsoft password.
- Card images. The front and back photos you upload or scan for each card.
- Card details. Information you enter or that we extract from your images โ player, team, year, set, manufacturer, card number, condition, purchase price and date, quantity, and any description you add.
- Text extracted from images (OCR). To help auto-fill card details, your card images are processed by an optical-character-recognition service (see Section 5).
- eBay connection data. If you connect eBay, we store the authorization token needed to act on your behalf, and listing records (offer/listing identifiers, status, and the price you set).
- Technical data. A secure authentication cookie to keep you signed in, and basic server logs used for reliability and security. We do not use advertising trackers.
3. How we use your information
- To build and display your private card inventory.
- To read your card images with OCR so we can suggest card details for you.
- To create, update, and manage eBay listings โ only for cards you explicitly choose to list.
- To authenticate you and keep your account and data secure.
We do not sell your personal information, and we do not share it for third-party advertising.
4. How your images and information are stored
- Card images are stored in our application database and served only through authenticated, per-account endpoints. One signed-in user can never load another user's images, and the images are not browsable on the public internet from within the app.
- Card details are stored in our database and isolated per account โ every record is tied to its owner and access is filtered by that owner on every query.
- Your eBay refresh token (the long-lived credential that lets us list on your behalf) is encrypted at rest using ASP.NET Core Data Protection. The short-lived access tokens used for individual requests are kept only in server memory for minutes at a time, are never written to the database, and are never sent to your browser.
- Application secrets and encryption keys are kept outside of source code in a protected configuration/secret store.
- Connections are encrypted in transit over HTTPS.
- When you list a card, its images are uploaded to eBay's Picture Service and the card details are sent to eBay to create the listing. Once listed, those images and details become publicly visible as part of your eBay listing and are then also governed by eBay's own privacy policy.
5. Third-party services
We rely on a small number of providers to deliver the service. Each only receives the data needed for its function:
- Google and Microsoft โ used for sign-in. They authenticate you and return your basic profile (name, email).
- Microsoft Azure AI Vision โ used for OCR. Your card images are sent to Azure to extract text for auto-filling card details.
- eBay โ used only after you connect your account. When you list a card, we send the listing details and upload its images to eBay. Your use of eBay is governed by eBay's privacy policy.
6. Your consent
- Using the app. By signing in and adding cards, you consent to the processing described here, including OCR of the images you upload.
- Connecting eBay. Connecting eBay is optional. When you do, eBay shows you a consent screen and you authorize a specific, limited set of permissions (creating and managing your own inventory and listings). We request only the scopes needed to list cards.
- Withdrawing consent. You can disconnect eBay at any time from the Inventory page, which deletes the stored token from our system. You can also revoke access from your eBay account's connected-apps settings.
7. Data retention
- Cards, images, and details are kept until you delete them or ask us to close your account. Deleted items are first hidden, then removed.
- Your eBay token is kept until you disconnect or it expires. Listings already published on eBay remain on eBay until you end them there.
- We retain only what we need to provide the service and meet legal obligations.
8. Your rights and choices
- Access and correct. View and edit your card details at any time in the app.
- Delete. Delete individual cards (and their images) from your inventory.
- Disconnect eBay. Remove the eBay connection and stored token in one click.
- Account deletion. Request full deletion of your account and associated data by emailing [email protected].
9. Security
We protect your data with encryption in transit (HTTPS), encryption at rest for sensitive credentials, required authentication on all data endpoints, and strict per-account isolation so users can only ever reach their own data. No method of transmission or storage is perfectly secure, but we work to protect your information using industry-standard practices.
10. Children's privacy
The app is intended for adults managing their own collections and is not directed to children under 18. We do not knowingly collect information from children.
11. Changes to this policy
We may update this policy as the service evolves. We will revise the "Last updated" date above and, for significant changes, provide a notice within the app.
12. Contact us
Questions or requests about your privacy? Email [email protected].