Privacy Policy

Last updated: February 2026

1. Information We Collect

Account information: Email address, display name, and avatar (if provided).

Collection data: Card details, transaction records, valuations, and import files you upload.

Usage data: Pages visited, features used, and general interaction patterns to improve the service.

Payment information: Billing details are processed and stored by Stripe. We do not store credit card numbers.

2. How We Use Your Information

  • Provide, maintain, and improve the CollectibleIQ service
  • Calculate cost basis, P&L, and generate reports
  • Send transactional emails (welcome, import complete)
  • Send optional weekly digest emails (you can opt out)
  • Process payments and manage subscriptions
  • Respond to support requests

We do not sell your personal data to third parties.

3. Third-Party Services

We use the following third-party services to operate CollectibleIQ:

  • Supabase— Authentication, database, and file storage. Data stored in Supabase's cloud infrastructure.
  • Stripe — Payment processing and subscription management. Subject to Stripe's Privacy Policy.
  • Resend — Transactional email delivery.
  • Vercel — Application hosting and CDN.

4. Data Storage and Security

Your data is stored in Supabase's PostgreSQL database with row-level security (RLS) policies. All data is encrypted in transit (TLS) and at rest. We use industry-standard security practices including environment variable management and secure API keys.

5. Your Rights

You have the right to:

  • Access your data at any time through the app
  • Export your data via CSV exports in reports
  • Delete your account and all associated data from settings
  • Opt out of non-essential emails from settings

For California residents (CCPA) and EU residents (GDPR): We honor requests to access, correct, or delete personal information. Contact us at the email below.

6. Cookies

CollectibleIQ uses essential cookies for authentication session management. We do not use tracking cookies or third-party advertising cookies.

7. Data Retention

Your data is retained as long as your account is active. Upon account deletion, all personal data and collection data is permanently deleted within 30 days. Anonymized, aggregated data may be retained for analytics.

8. Children's Privacy

CollectibleIQ is not intended for use by individuals under the age of 13. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or in-app notification. The “Last updated” date at the top indicates the most recent revision.

10. Contact

For privacy-related questions or data requests, contact us at privacy@collectibleiq.com.