Sortle.io Privacy Policy

1. Introduction

Sortle.io ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Pokemon TCG card scanning and inventory management service ("Service").

This policy applies to users in Australia, New Zealand, United States, Canada, United Kingdom, and the European Union, and complies with applicable privacy laws including the Australian Privacy Act 1988, New Zealand Privacy Act 2020, Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), UK Data Protection Act 2018, and EU General Data Protection Regulation (GDPR).

2. Information We Collect

2.1 Account Information

• Email address (required for account creation)
• Username (chosen by you)
• Password (encrypted and stored securely)
• Profile information (avatar, display preferences)
• Account creation and last activity dates

2.2 Pokemon Card Data

• Scanned card information (card names, sets, numbers, rarities)
• Collection data (quantities, conditions, values)
• Pricing information (assigned values, market data)
• Inventory management data (stock levels, locations)

2.3 Card Images (OPT-IN ONLY)

2.4 eBay Marketplace Integration (When Connected)

When you connect your eBay account:

• eBay User ID and account verification status
• OAuth access tokens (encrypted)
• Business policies (shipping, return, payment policies)
• Listing data (products listed through our platform)
• Performance metrics (listing views, sales data)
• Inventory synchronization data

2.5 Technical Information

• IP address and general location (country/region)
• Device information (browser type, operating system)
• Usage analytics (pages visited, features used)
• Session data (login times, activity duration)
• Error logs (for debugging and service improvement)

3. How We Use Your Information

3.1 Service Delivery

• Provide card scanning and inventory management services
• Maintain and sync your Pokemon card collections
• Enable marketplace integrations (eBay, Shopify)
• Process card valuations and market data

3.2 Account Management

• Create and maintain your user account
• Authenticate users and prevent unauthorized access
• Provide customer support and respond to inquiries
• Send service-related communications

3.3 Service Improvement

• Analyze usage patterns to improve our services
• Develop new features and functionality
• Perform quality assurance and testing
• Ensure security and prevent fraud

4. Marketplace Compliance

4.1 eBay Account Changes

Account Deletion: If you delete your eBay account:

• eBay automatically notifies us via webhook
• We immediately remove all eBay integration data
• Your card collection data remains unaffected
• All eBay credentials are permanently deleted

Account Closure: If eBay closes your seller account:

• We receive automatic notification
• eBay integration is disabled
• Your account status is updated
• You are notified of the closure

5. Your Privacy Rights

5.1 Universal Rights (All Jurisdictions)

• Access: Request copies of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Portability: Receive your data in machine-readable format
• Opt-out: Unsubscribe from marketing communications

5.2 Enhanced Rights (EU/UK/California)

• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Automated decision-making: Opt-out of automated profiling
• Data Protection Officer: Contact our DPO with concerns

6. Data Export and Deletion

6.1 Data Export (GDPR Compliance)

You can request a complete export of your data:

• Request: Via Settings > Data Management
• Format: JSON format with all personal data
• Timeline: Available within 5-10 minutes
• Access: Download link valid for 30 days

6.2 Complete Data Deletion

To delete all your data:

• Request: Via Settings > Data Management
• Confirmation: Type "DELETE ALL MY DATA" exactly
• Timeline: Complete deletion within 10 minutes
• Scope: All data including backups and logs
• Irreversible: This action cannot be undone

7. Consent and Withdrawal

7.1 Image Storage Consent

• Opt-in required: Images only stored with explicit consent
• Easy withdrawal: Disable in Settings > Image Storage
• Immediate deletion: Existing images deleted upon opt-out

7.2 eBay Integration Consent

• OAuth consent: Clear explanation before eBay connection
• Data sharing disclosure: What data is shared with eBay
• Disconnect option: Remove integration at any time

8. Data Security

We protect your information using industry-standard security measures:

• Encryption: All data encrypted in transit and at rest
• Access controls: Role-based access with multi-factor authentication
• Regular security audits: Vulnerability assessments and penetration testing
• Secure infrastructure: Hosted on secure cloud platforms with monitoring

9. Data Retention

• Account data: Retained while account is active, deleted after 3 years of inactivity
• Card images: Deleted immediately when opt-out selected
• eBay integration data: Removed when disconnected
• GDPR exports: Available for 30 days, then deleted
• Legal compliance data: 7 years as required by law

10. Children's Privacy

Our services are not intended for users under 13 (US), 14 (Australia), or 16 (EU). We do not knowingly collect personal information from children. If we become aware of child data collection, we will delete the information immediately and terminate the account.

11. Updates to This Policy

We may update this Privacy Policy to reflect changes in laws, new features, or improved practices. Material changes will be communicated via email notification (30 days notice), in-app notifications, and website announcements.