Short version: We collect only what we need to operate the platform. We don't sell your data. We don't share it with third parties beyond what's necessary to run the service. Canadian users have rights under PIPEDA. US users have rights under applicable state privacy laws.
AuroraVolt Cards ("AuroraVolt", "we", "us") is operated by Samuel Yaholnitsky, based in Saskatoon, Saskatchewan, Canada. We provide Pokémon TCG market intelligence tools including grading ROI analysis, sealed EV calculations, deck building, and vendor management tools.
Contact: hello@auroravoltcards.com
Account information (if you register): Email address and a hashed password, used to authenticate you and maintain your subscription. We use Clerk for authentication — your credentials are never stored in plaintext by us.
Usage data you create: Watchlists, portfolios, deck lists, tournament logs, and inventory entries you add to the platform. This data is stored so you can access it across sessions. It is yours and you can delete it at any time.
Payment information: Processed by Stripe. We never receive or store your credit card number. We receive a tokenized customer ID and subscription status from Stripe.
Technical data: IP address, browser type, and page visit data collected automatically via Netlify's infrastructure. Used for security monitoring and uptime analysis. Not linked to your identity unless required for abuse investigation.
We do not collect:
We do not use your data to train AI models. We do not sell your data to third parties. We do not use your data for behavioral advertising.
We use the following sub-processors to operate the service:
Each sub-processor is contractually bound to handle your data securely and only for the purposes we specify. We do not authorize them to use your data for their own marketing.
We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial laws. Under PIPEDA you have the right to:
To exercise any of these rights, email us at hello@auroravoltcards.com. We will respond within 30 days.
Depending on your state of residence, you may have additional rights under applicable US privacy laws (including California's CCPA/CPRA). These include the right to know what data we collect, the right to delete it, and the right to opt out of sale (we do not sell data). To exercise these rights, contact us at the email above.
AuroraVolt uses browser localStorage (not cookies) to remember your preferences, watchlist, and session state on the free tier. This data stays on your device and is never transmitted to us unless you have a logged-in account.
We do not use third-party advertising cookies. Netlify and Supabase may set essential session cookies for authenticated functionality.
We retain your account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days except where we are required to retain it for legal or accounting purposes (e.g., billing records, which we keep for 7 years per Canadian tax law).
Anonymized, aggregated usage statistics may be retained indefinitely.
We apply industry-standard security practices: HTTPS everywhere, encrypted data at rest in Supabase, Row Level Security (RLS) policies so users can only access their own data, and no API keys exposed to client-side code. Authentication is handled by Clerk with support for multi-factor authentication.
No system is perfectly secure. If you discover a security vulnerability, please disclose it responsibly to hello@auroravoltcards.com.
We will update this page when our practices change and note the effective date at the top. For material changes affecting how we use personal data, we will notify registered users by email at least 14 days in advance.
Questions, requests, or complaints about this policy:
Samuel Yaholnitsky
AuroraVolt Cards
Saskatoon, Saskatchewan, Canada
hello@auroravoltcards.com