Privacy Policy
Last updated: July 2026
This policy explains what chck.ai collects when you use the service, why we collect it, and what control you have over it. It should be read together with our Terms of Service.
What we collect
- Account data: email address, display name, and authentication identifiers from sign-in providers (e.g. Google) when you choose to use them.
- Guest grading data: when you grade without an account, we store the submitted images, resulting outputs, and limited device/session identifiers (such as an anonymous guest ID and IP-derived rate-limit signals) needed to operate and abuse-protect the guest flow.
- Card images and metadata: photos you upload, capture, drag-and-drop, or import from a public listing URL, together with the resulting grades, sub-grades, valuations, and descriptive fields (player, year, brand, card number, variant).
- Imported listing content: when you paste or drop a public listing URL (for example eBay), we fetch the listing page server-side and extract candidate images, title, and basic metadata to pre-fill grading. We do not log into marketplaces on your behalf and do not access private or account-gated listings.
- Ownership evidence: files you upload to support a claim. These are stored in a private bucket visible only to you and to chck.ai reviewers.
- Billing data: when you subscribe, Stripe processes your payment and shares limited customer and subscription metadata with us. We do not store full card numbers.
- Operational data: logs, error reports, and event records (including request metadata and coarse device information) used to run, debug, secure, and rate-limit the service.
How we use it
- To run grading sessions, mint certificates, and let you review your history.
- To fetch and process public listing content you explicitly ask us to import.
- To review and resolve ownership claims.
- To process payments, grant credits, and send transactional emails about your account.
- To monitor abuse, enforce rate limits, prevent fraud, and improve the accuracy and safety of our grading models.
What is public
Certificates you issue are public by design — anyone with the slug can view the card metadata, images attached to the certificate, and grade. Guest-grading results are not published unless you explicitly issue a certificate. Claim evidence, billing data, email-driven notifications, guest identifiers, and your grading history are not public. Revoked certificates are removed from the public registry.
Third-party marketplaces
chck.ai is not affiliated with eBay or any other marketplace, grading company, or rights holder. When you import a public listing, we act on your instruction to retrieve publicly accessible content. Your interactions with any linked marketplace remain governed by that marketplace's own terms and privacy policy.
Sub-processors
We use a small set of vendors to operate the service: Supabase (database, auth, storage), Stripe (payments), Resend (transactional email), and the Shoebox Grading Gateway and associated model providers (algorithmic grading and valuation). They process data on our behalf under their own privacy terms.
Retention
Account data is retained while your account is active and for a limited period afterwards to satisfy legal, accounting, and dispute-resolution needs. Guest grading data and imported listing content are retained for a shorter operational window and may be purged automatically. You can request deletion of your account and associated data at any time; see contact below.
Your rights
You can request access to, correction of, or deletion of your personal data, and you can object to certain uses. Email us and we will respond within a reasonable timeframe.
Children
chck.ai is not directed to children under 13 (or the equivalent minimum age in your jurisdiction) and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will delete it.
Contact
Privacy questions: privacy@chck.ai.
