Back to Nostalgicard

Privacy Policy

Last updated: March 26, 2026

Nostalgicard ("we," "us," or "our") operates the website nostalgicard.com(the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. Nostalgicard is a social platform for Yu-Gi-Oh and trading card collectors to showcase collections, discuss cards, and track market prices.

By using Nostalgicard, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

  • Account information: email address, username, display name, and password (hashed, never stored in plain text).
  • Profile information: avatar image, biography, and country.
  • Collection content: photos and videos of your trading cards (JPEG, PNG, WebP, or video formats), card details, and post captions.
  • Social interactions: comments, likes, follows, community ratings, and direct messages with other users (including optional image attachments in messages).
  • Space participation: threads, replies, and content you contribute to community spaces.

1.2 Information Collected Automatically

  • Log data: IP address, browser type, operating system, referring URL, and pages visited. This data is collected by our hosting provider (Vercel) as part of standard server operations.
  • Authentication tokens: session cookies used to keep you signed in.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account.
  • Display your profile, collection posts, and social interactions to other users on the platform.
  • Facilitate direct messaging between users.
  • Provide card pricing information by querying third-party services (eBay, YGOProDeck).
  • Send notifications about interactions relevant to your account (likes, comments, follows, messages).
  • Process and optimize uploaded images (resizing, format conversion to WebP) to improve performance.
  • Maintain security, prevent abuse, and enforce our Terms of Service.
  • Improve and develop new features for the Service.

3. Third-Party Services

We rely on the following third-party services to operate Nostalgicard. Each has its own privacy policy governing its handling of data:

  • Supabase (database, authentication, and file storage) — Hosts our database and stores your account data, posts, messages, and uploaded images. Supabase runs on AWS infrastructure, is SOC 2 Type II compliant, and encrypts data at rest. Supabase Privacy Policy
  • Vercel (hosting and deployment) — Serves the Nostalgicard web application. Vercel may process standard request logs (IP addresses, user agents). Vercel Privacy Policy
  • eBay Browse API (market price data) — We query eBay's API to retrieve current and sold listing prices for trading cards. No personal user data is shared with eBay; only card search queries are sent. eBay Privacy Notice
  • YGOProDeck API (card database) — We use this public API to look up Yu-Gi-Oh card names, images, and details. No personal user data is shared with YGOProDeck.

We do not use any advertising networks, tracking pixels, or analytics services such as Google Analytics.

4. Data Storage and Security

  • All account data, posts, and messages are stored in a Supabase PostgreSQL database with row-level security (RLS) policies ensuring users can only access data they are authorized to see.
  • Uploaded images and videos are stored in Supabase Storage (backed by AWS S3).
  • Data is encrypted at rest and in transit (TLS/SSL).
  • Passwords are hashed using Supabase Auth's bcrypt implementation and are never stored or transmitted in plain text.
  • While we implement reasonable security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security.

5. Cookies

Nostalgicard uses only essential cookies required for the Service to function:

  • Authentication session cookies: Used to keep you signed in. These are set by Supabase Auth and expire when your session ends or after an extended period of inactivity.

We do not use advertising cookies, tracking cookies, or any third-party cookie-based analytics.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

For All Users

  • Access and update: You can view and edit your profile information, bio, avatar, and country at any time through the Settings page.
  • Delete content: You can delete your own posts, comments, and messages.
  • Account deletion: You may request complete deletion of your account and associated data by contacting us at the email below.

For EU/EEA Residents (GDPR)

Under the General Data Protection Regulation, you have additional rights including:

  • Right to access a copy of all personal data we hold about you.
  • Right to rectification of inaccurate data.
  • Right to erasure ("right to be forgotten").
  • Right to restrict or object to processing.
  • Right to data portability.
  • Right to lodge a complaint with your local data protection authority.

Our legal basis for processing personal data is your consent (provided when creating an account) and our legitimate interest in operating the Service.

For California Residents (CCPA)

  • Right to know what personal information we collect and how it is used.
  • Right to request deletion of your personal information.
  • Right to non-discrimination for exercising your privacy rights.
  • We do not sell your personal information. We have not sold personal information in the preceding 12 months and have no plans to do so.

7. Children's Privacy

Nostalgicard is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If we become aware that a child under 13 has provided us with personal information, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

Users between the ages of 13 and 18 should review this policy with a parent or guardian before using the Service.

8. Data Retention

  • Account data is retained for as long as your account remains active.
  • If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain it.
  • Uploaded images associated with deleted posts are removed from Supabase Storage.
  • Server logs maintained by our hosting providers may be retained according to their own retention policies.

9. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share data only in the following circumstances:

  • Service providers: With the third-party services listed in Section 3, solely to operate the Service.
  • Legal requirements: If required by law, court order, or governmental authority.
  • Safety: To protect the rights, property, or safety of Nostalgicard, our users, or the public.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify users by posting a notice on the Service or updating the "Last updated" date at the top of this page. Your continued use of Nostalgicard after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, please contact us at:

admin@nostalgicard.com

Terms of Service|Back to Nostalgicard