Privacy Policy
Effective date: July 5, 2026
Reviewed draft — have a licensed attorney approve this policy before running paid customer acquisition.
Who we are
DataNeverLies ("DataNeverLies," "we") operates this trading-card pricing and collection platform. This policy explains what personal data we collect, why, who processes it, and the choices you have. Contact: support@dataneverlies.app.
What we collect
Account: email address, username, password (stored only as a secure hash by our auth provider), and whether you opted into marketing email. If you sign in with Google we receive your email and basic profile from Google.
Billing: your plan, subscription status, and billing history. Card details go directly to Stripe — we never see or store full card numbers.
Content you add: collection and watchlist entries, price alerts, photos you upload for scanning, and your conversations with the assistant.
Usage & marketing: pages viewed, features used, device/browser info, IP address, and the campaign (UTM) parameters on the link that brought you here.
How we use it
To provide the Service (price your collection, run AI identification on your photos, remember conversations, send alerts you configured); to process payments and prevent fraud and abuse; to understand and improve the product; to measure advertising; and to send marketing email only if you opted in — every message includes an unsubscribe link. We do not sell your personal information.
AI processing
Photos you scan and messages you send to the assistant are transmitted to our AI provider (Google Gemini API) to generate results, and the results are stored in your account. Your photos are stored in a private bucket accessible only to you; we do not use your photos or chats to train our own models.
Service providers (subprocessors)
Each provider processes data under its own data-processing terms:
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Database, authentication, and file storage | Account data, collection data, uploaded photos |
| Stripe | Payment processing and billing portal | Name, email, payment method, billing history |
| Google (Gemini API) | AI card identification, estimates, and chat | Uploaded card photos, chat messages |
| Vercel | Website hosting and delivery | IP address, request logs |
| Google Analytics | Product analytics | Usage events, device info, UTM parameters |
| Meta | Advertising measurement | Ad-click identifiers, conversion events |
We may also disclose data when required by law, to enforce our Terms, or as part of a merger or acquisition (with notice).
Cookies and analytics
We use essential cookies for sign-in sessions and analytics cookies (Google Analytics, Meta Pixel) to measure product usage and ad performance. You can block analytics cookies in your browser without affecting core functionality; ad platforms also offer their own opt-outs (Google Ads Settings, Meta ad preferences).
Retention
We keep your data while your account is active. When you delete your account we delete or de-identify your personal data within 30 days, except billing records we must keep for tax and accounting law and minimal logs kept for fraud prevention. Backups roll off on a fixed schedule thereafter.
Your rights
Depending on where you live (including under GDPR and the California Consumer Privacy Act) you may have the right to access, correct, export, or delete your personal data, to object to or restrict processing, and to non-discrimination for exercising these rights. Email support@dataneverlies.app and we will respond within the legally required window (30–45 days). You can also delete individual scans, conversations, and collection items directly in the app, and cancel your subscription in Settings → Billing. EU/UK users may lodge a complaint with their data protection authority.
Security
Data is encrypted in transit (TLS) and at rest by our infrastructure providers. Access to production data is restricted and scoped per-user by row-level security. No system is perfectly secure — if we learn of a breach affecting your data we will notify you as required by law.
Children
The Service is not directed to children under 13 and we do not knowingly collect their data. If you believe a child has created an account, contact us and we will delete it.
International transfers
We are US-based and our providers process data in the United States (and their own regions) under standard contractual safeguards where required.
Changes to this policy
We will post updates here and, for material changes, notify you by email or in-product at least 14 days before they take effect.