Privacy Policy

Last updated: September 20, 2025

1. Introduction

Slab ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered card grading service. By using Slab, you consent to the data practices described in this policy.

2. Information We Collect

Personal Information

Account Data: Email address, name (if provided)
Authentication: Magic link authentication tokens
Billing Information: Processed securely through Stripe (we do not store credit card numbers)

Card Data

Images: Front and back photos of trading cards you upload
Analysis Results: AI-generated grades, condition assessments, and card details
Metadata: Upload timestamps, scan history, and notes you add

Usage Information

Service Usage: Number of scans, subscription tier, feature usage
Technical Data: Browser type, device information, IP address
Analytics: Page views, feature interactions, performance metrics

3. How We Use Your Information

Service Delivery: Process and analyze your card images to provide grading estimates

Account Management: Maintain your account, manage subscriptions, and track usage limits

Service Improvement: Enhance AI accuracy, develop new features, optimize performance

Communication: Send service updates, respond to inquiries, provide customer support

Security: Detect fraud, prevent abuse, maintain platform integrity

Legal Compliance: Fulfill legal obligations and respond to lawful requests

4. Data Storage and Retention

Image Retention Policy

Premium Users (Pro/Unlimited): Images retained for 30 days
Free Users: Images retained for 7 days
Automatic Deletion: Images permanently deleted after retention period
Manual Deletion: Users can request immediate deletion at any time

Account Data: Retained as long as your account is active plus 90 days after deletion

Analytics Data: Aggregated and anonymized after 12 months

Backup Systems: Deleted data may persist in backups for up to 30 additional days

5. Data Security

Encryption: All data transmitted using SSL/TLS encryption (HTTPS)

Storage Security: Images and data stored in secure Supabase infrastructure with encryption at rest

Access Controls: Role-based access control and authentication for all internal systems

Payment Security: PCI-compliant payment processing through Stripe

Security Monitoring: Regular security audits and vulnerability assessments

Note: While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Third-Party Services

We use trusted third-party services to operate our platform:

Supabase: Database hosting, authentication, and file storage

Stripe: Payment processing and subscription management

OpenAI: AI model for card analysis (images processed, not stored by OpenAI)

Vercel: Application hosting and edge functions

Each service has its own privacy policy. We only share the minimum data necessary for service operation.

7. Your Rights and Choices

Data Rights

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information
Deletion: Request deletion of your account and associated data
Portability: Receive your data in a machine-readable format
Objection: Opt-out of certain data processing activities

To exercise these rights, contact us at privacy@tryslab.com. We will respond within 30 days.

8. Cookies and Tracking

Essential Cookies: Required for authentication and basic functionality

Analytics Cookies: Help us understand service usage and improve user experience

Preference Cookies: Remember your settings and preferences

Do Not Track: We respect browser "Do Not Track" signals

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

9. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal information.

We may share information only in these circumstances:

Service Providers: With trusted third parties who assist in operating our service
Legal Requirements: When required by law, subpoena, or court order
Protection: To protect rights, property, or safety of Slab and users
Business Transfer: In connection with merger, acquisition, or asset sale
Consent: With your explicit permission

10. Children's Privacy

Age Requirements: Service intended for users 13 years and older

Parental Consent: Users 13-17 require parental permission

COPPA Compliance: We do not knowingly collect data from children under 13

If we discover data from a child under 13, we will promptly delete it. Parents can contact privacy@tryslab.com to request deletion of their child's information.

11. International Data Transfers

Our service is operated from the United States. If you access Slab from outside the US, your data will be transferred to and processed in the US. By using our service, you consent to this transfer and processing in accordance with US laws.

12. California Privacy Rights

California residents have additional rights under the CCPA:

Right to know what personal information we collect and how it's used
Right to delete personal information
Right to opt-out of data sales (we do not sell data)
Right to non-discrimination for exercising privacy rights

To exercise these rights, contact privacy@tryslab.com or call 1-800-XXX-XXXX

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice on our service. Your continued use after changes indicates acceptance. We encourage you to review this policy regularly.

14. Contact Information

For privacy-related questions or concerns:

Email: privacy@tryslab.com

General Support: support@tryslab.com