Skip to main content

Privacy Policy

Last updated: January 2026

1. Information We Collect

When you use NGUYENER, we collect:

  • Account Information: Name, email, and profile picture from your OAuth provider (Google or Discord)
  • Card Images: Photos you upload for grading (stored securely on our servers)
  • Grading History: Records of cards you've graded and their results
  • Usage Data: Anonymous analytics to improve the Service

2. How We Use Your Information

We use your information to:

  • Provide and improve the card grading service
  • Maintain your grading history and collections
  • Display leaderboards and achievements
  • Send important service updates (no marketing emails)

3. Data Storage

Your data is stored on secure servers hosted on Oracle Cloud Infrastructure. Card images are stored locally on our servers and are not shared with third parties. We do not sell your data.

4. Sub-Processors

We engage the following third-party sub-processors to provide our services. Each sub-processor has been reviewed for GDPR compliance and data protection standards.

Oracle Cloud Infrastructure

Purpose: Cloud hosting and data storage (backend server, database, card images)
Data Processed: All user data, grading history, card images
Location: United States (us-ashburn-1 region)
Privacy Policy: Oracle Privacy Policy

Google LLC

Purpose: OAuth authentication for user login
Data Processed: Email address, name, profile picture (obtained with user consent)
Location: United States
Privacy Policy: Google Privacy Policy

Discord Inc.

Purpose: OAuth authentication for user login
Data Processed: Discord username, user ID, avatar (obtained with user consent)
Location: United States
Privacy Policy: Discord Privacy Policy

Pokemon Company International

Purpose: Card database lookup via Pokemon TCG API
Data Processed: None (API queries do not contain personal data)
Location: United States
Privacy Policy: Pokemon Privacy Notice

Data Processing Agreements: All sub-processors handling personal data are bound by appropriate data processing agreements ensuring GDPR compliance and adequate data protection safeguards.

5. Third-Party Services

In addition to sub-processors, we integrate with third-party services that do not process personal data:

  • Pokemon TCG API: Card data lookup (no personal data transmitted)
  • eBay Price API: Market price data (no personal data transmitted)

6. Data Retention

We retain your personal data according to the following timeline:

  • Account Data: Retained while your account is active, plus 30 days after account deletion for recovery purposes
  • Grading History: Retained while your account is active, deleted within 30 days of account deletion
  • Card Images: Deleted immediately upon your request or within 7 days of account deletion
  • Anonymous Analytics: Aggregated data retained indefinitely (cannot be linked back to you)

You may request deletion of your account and associated data at any time by contacting us via the methods listed in Section 13.

7. Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your grading history

8. GDPR Rights (European Union)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on your consent (OAuth login) and legitimate interest (service improvement)
  • Right to Erasure: Request complete deletion of your personal data
  • Right to Portability: Export your data in JSON or CSV format via your profile settings
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time by deleting your account

Data Controller: NGUYENER operates as an independent project. For GDPR inquiries, contact us via the methods listed in Section 13.

Response Time: We will respond to data subject requests within 30 days.

9. CCPA Rights (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information. There is no "sale" to opt out of.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Categories of Personal Information Collected: Identifiers (email, username), internet activity (grading history), and visual information (card images).

Do Not Sell My Personal Information: We do not sell, rent, or trade your personal information to third parties.

10. Data Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Notify affected users within 72 hours of discovering the breach (per GDPR requirements)
  • Report to relevant supervisory authorities as required by law
  • Provide details about what data was affected and steps to protect yourself
  • Document the breach and our response for compliance purposes

11. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

12. Children's Privacy (COPPA)

NGUYENER is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information. By using this service, you represent that you are at least 13 years of age.

13. Contact

For privacy-related questions or to exercise your data rights, please contact us through our GitHub repository or at the email provided in our security.txt file.

Back to Home