Privacy Policy

Effective: [EFFECTIVE DATE] · Last updated: [LAST UPDATED DATE]

DRAFT — not legal advice. This template must be reviewed by a licensed attorney before launch, especially for compliance with GDPR (EU), CCPA (California), and other applicable privacy laws. Placeholders in brackets need to be filled in.

1. Who we are

Sleeved is operated by [LEGAL ENTITY NAME], located at [BUSINESS ADDRESS]. For privacy questions, contact [PRIVACY EMAIL].

2. What we collect

Account information — email address, name (if provided), shipping address
Transaction information — purchase history, vaulted card inventory, marketplace activity
Payment information — processed by Stripe; we do not store full card numbers
Technical information — IP address, browser type, device, pages visited (via Plausible Analytics, which is cookie-free)

3. How we use it

To fulfill your orders and ship/vault your cards
To communicate about your account, orders, and the Service
To prevent fraud and enforce our Terms
To improve the Service (aggregated analytics only)

4. Who we share with

Stripe — payment processing (stripe.com/privacy)
Resend — transactional email delivery
Shipping carriers — your name and address for delivery
PSA / grading services — for authentication and grading
We do not sell your personal information to third parties.

5. Cookies & tracking

We use Plausible Analytics, a privacy-respecting analytics tool that does not use cookies and does not track users across sites. We do not run advertising trackers.

6. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal information. To exercise these rights, email [PRIVACY EMAIL]. We respond within 30 days.

7. Data retention

We retain account and transaction information for as long as your account is active or as needed to comply with legal obligations (typically 7 years for financial records).

8. Security

We use industry-standard security including TLS encryption in transit, encrypted storage, and limited employee access. No system is perfectly secure; we cannot guarantee absolute protection.

9. Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

10. International users

Sleeved is operated from the United States. By using the Service, you consent to the transfer of your data to the U.S.

11. Changes

We will notify you of material changes by posting on the Service and (where appropriate) by email.

12. Contact

[PRIVACY EMAIL] · [BUSINESS ADDRESS]