Privacy Policy

Effective: 5 July 2026

CardLoft (“CardLoft”, “we”, “us”) is a web application for identifying, valuing, organising, and trading collectible trading cards. It is operated by Matthew Barnes in Australia. This policy explains what information we collect, how we use it, who we share it with, and the choices you have. By using CardLoft at cardloft.app, you agree to this policy.

Information we collect

How we use your information

eBay integration

Connecting eBay is optional. If you choose to connect your eBay account:

AI processing of card photos

To identify and value a card, the photo and card details you submit are processed by third-party AI services (including Google and Anthropic). We use these services only to return the identification, valuation, or generated image you requested. Photos submitted to the Card Me / Cardify image tools are sent to the model to generate your card and are not retained by us.

Who we share information with

We do not sell your personal information. We share it only with service providers that help us run CardLoft, and only as needed:

Cookies and local storage

CardLoft uses cookies and browser storage to keep you signed in, remember your active profile and preferences, cache data for performance, and support analytics and abuse prevention. You can clear these through your browser, though some features may stop working.

Data retention and your choices

Children and supervised profiles

CardLoft supports supervised profiles that a guardian creates and manages. Supervised profiles are intended to be set up and overseen by a responsible adult, who is responsible for the information added to them. CardLoft is not directed to children without guardian involvement.

Security

We use measures including access rules on our database, app-integrity checks, and server-side storage of sensitive tokens (such as your eBay token) to protect your information. No method of transmission or storage is completely secure, but we work to protect your data.

International data transfers

CardLoft is operated from Australia and runs on Google Cloud infrastructure. Your information may be stored and processed on servers located outside your country, including by the service providers listed above.

Changes to this policy

We may update this policy from time to time. When we do, we will change the effective date above, and significant changes may be highlighted in the app.

Contact

Questions about this policy or your data? Contact us at contact@cardloft.app.