Privacy Policy
Last updated: March 6, 2026
VendBuddy ("we," "our," or "us") operates the VendBuddy website and mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
Account Information
When you create an account, we collect your email address and, optionally, your display name. If you sign in with a third-party provider (Google, Discord, or Apple), we receive your name and email from that provider. We do not store your passwords — authentication is handled securely by Supabase Auth.
Vendor Business Data
If you use VendBuddy as a vendor, we store the data you enter to manage your business: card inventory, deals, events, pricing, barcode labels, and related records. This data is associated with your vendor account and isolated from other vendors via row-level security.
Card Images (Camera)
When you use the card scanner, your device camera captures a photo of the card. The image is sent to our server for AI-based identification (card name, set, and number). Images are processed in real time and are not stored permanently on our servers. No images are shared with third parties.
Automatically Collected Information
We collect crash reports and basic performance diagnostics via Sentry to identify and fix bugs. This data includes device type, OS version, app version, and error stack traces. It does not include personally identifiable information. We do not use advertising identifiers or track you across other apps or websites.
2. How We Use Your Information
- To provide, operate, and maintain the Service
- To create and manage your account
- To process transactions and manage subscriptions via Stripe
- To send transactional communications (e.g., password resets)
- To identify and fix bugs via crash reporting
- To respond to your support inquiries
- To enforce our terms and protect against misuse
3. How We Share Your Information
We do not sell, rent, or trade your personal information. We share data only with the following service providers that are necessary to operate the Service:
- Supabase — database hosting and authentication
- Stripe — payment processing (we never see or store your full card number)
- Sentry — crash reporting and error tracking
- Anthropic (Claude) — AI card identification from camera images
- Expo / EAS — mobile app build and update delivery
We may also disclose information if required by law, legal process, or to protect the rights and safety of our users.
4. Public Profiles
Vendors can opt in to a public profile at /v/{handle}. When enabled, your display name, bio, and in-stock inventory are publicly visible. You can disable your public profile at any time from your profile settings.
5. Data Retention
We retain your account and business data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., financial transaction records).
6. Data Security
We use industry-standard security measures to protect your data, including encrypted connections (TLS), row-level security policies on all database tables, and secure authentication via Supabase Auth. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Withdraw consent for optional data processing
To exercise any of these rights, contact us at support@vendbuddy.app.
8. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.
9. Third-Party Links
The Service may contain links to third-party websites (e.g., TCGPlayer, Amazon affiliate links). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy, contact us at: