Slab AdvisorSlab AdvisorReturn to Slab Advisor

Privacy Policy

Last updated: April 11, 2026

1. Introduction

Slab Advisor LLC (“Slab Advisor,” “we,” “us,” or “our”) operates the Slab Advisor website and application (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are based in the State of Washington, United States.

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address — used for authentication and account communications
  • Password — securely hashed; we never store or have access to your plain-text password
  • Google profile information (if you sign in with Google) — name, email address, and profile picture
  • Username — chosen by you during account setup

2.2 User-Generated Content

When you use the Service, you may provide:

  • Card collection data — cards and sealed products you add to your collection
  • Binder organization — how you organize your collection into binders
  • Card images — photos you upload for AI-powered card identification and grading
  • Grading results — AI-generated grades for your cards
  • Portfolio data — collection valuations calculated from market pricing

2.3 Payment Information

When you make a purchase (subscription, credit packs, or physical products), payment processing is handled entirely by Stripe. We do not store your credit card numbers, bank account details, or other payment credentials on our servers. We receive and store:

  • Stripe customer ID (for managing your subscription)
  • Purchase history and subscription status
  • Transaction amounts

2.4 Shipping Information

If you purchase a physical product through our drop system, we collect your shipping address via Stripe Checkout. This information is stored solely for order fulfillment purposes.

2.5 Usage and Analytics Data

We use PostHog for product analytics. With your consent, we collect:

  • Pages visited and features used
  • Session duration and interaction patterns
  • Device type and browser information

You can opt out of analytics tracking at any time through the cookie consent banner. If you decline cookies, PostHog switches to a privacy-preserving cookieless mode that uses server-side hashing with no persistent identifiers. No personal data is collected in cookieless mode.

2.6 Error and Performance Data

We use Sentry for error tracking and performance monitoring. Sentry collects:

  • Error logs and stack traces when something goes wrong
  • Browser and device information for debugging
  • Performance metrics (page load times, etc.)

No personally identifiable information (PII) is sent to Sentry. Sentry is used solely to help us detect and fix bugs in the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage your subscription
  • Authenticate your identity and secure your account
  • Identify and price your trading cards using AI
  • Calculate portfolio valuations based on market data
  • Fulfill physical product orders and ship purchases
  • Send important account notifications (security alerts, subscription changes)
  • Monitor and fix errors in the Service
  • Analyze usage patterns to improve features (with your consent)
  • Prevent fraud and enforce our Terms of Service

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only with the following service providers who are necessary to operate the Service:

  • Supabase — database hosting and authentication (stores your account and collection data)
  • Stripe — payment processing (handles all payment transactions securely)
  • PostHog — product analytics (only with your consent; cookieless mode available)
  • Sentry — error tracking (no personal data sent by default)
  • Vercel — application hosting
  • Pirate Ship — shipping and fulfillment (receives your shipping address to deliver physical product orders)

We also use third-party services for card identification and pricing. These services receive only card images or product identifiers — no personal information is shared with them:

  • Ximilar — receives card images for AI-powered identification
  • TCGPlayer / PokemonTCG.io — pricing data fetched using product identifiers only

We may also disclose your information if required by law, court order, or governmental authority.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain certain records (e.g., transaction records for tax purposes).

Card images uploaded for grading are stored for as long as your account is active. You can delete individual cards and their associated data from your collection at any time.

6. Your Rights

You have the right to:

  • Access your personal data through your account dashboard
  • Correct inaccurate information by updating your profile
  • Delete your account and associated data through the account settings page
  • Opt out of analytics tracking via the cookie consent banner
  • Export your data by contacting us

To exercise any of these rights, you can use the in-app account settings or contact us at the email address provided below.

7. Cookies and Tracking Technologies

We use the following cookies:

  • Authentication cookie(required) — maintains your login session. This is a functional cookie necessary for the Service to work.
  • Analytics cookie(optional) — used by PostHog for product analytics. You can accept or decline this cookie. If declined, we use privacy-preserving cookieless tracking with no persistent identifiers.

We do not use advertising cookies or third-party tracking cookies.

8. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS for all connections)
  • Encryption at rest (database encryption via Supabase)
  • Row Level Security (RLS) policies to ensure users can only access their own data
  • Secure password hashing (never stored in plain text)
  • Server-side validation for all sensitive operations

While we strive to protect your data, no method of electronic transmission or storage is 100% secure.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

  • Email: support@slabadvisor.com
  • Business: Slab Advisor LLC, Washington, United States

© Slab Advisor LLC. All rights reserved.

Privacy PolicyTerms of ServiceRefund PolicyContact