B&M Cards

Legal

Privacy Policy

Last updated [DATE]

This Privacy Policy explains what information B&M Cards (operated by [ENTITY NAME]) collects when you use bandmcards.com, why we collect it, who we share it with, and the choices you have.

1. Information we collect

1.1 Information you give us

  • Account details. Your name and email address when you redeem an invite and create an account.
  • Shipping address. Collected through Stripe at checkout and used to fulfill orders.
  • Bid & offer history. Each bid you place and offer you make is stored as part of your account record.

1.2 Information we generate

  • Order history. Items you have purchased, paid for, and received.
  • Server logs. IP address, user-agent, and timestamps for security and abuse prevention.
  • Card photographs. Photos of cards we list are uploaded by our admins for grading preparation and listing display. These are images of the merchandise, not of you.

2. Why we use this information

  • To fulfill orders, process payments, and ship items.
  • To prevent fraud, abuse, and unauthorized access to your account.
  • To send transactional email (order confirmations, shipping updates, outbid notices, dispute resolution).
  • To send optional digests of newly listed cards, which you can turn off in your account settings.
  • To meet our tax, accounting, and legal obligations.

3. Payment information

Payment card data is collected and processed by Stripe under Stripe’s own privacy practices. We never see, store, or handle your full card number, CVC, or bank credentials. We receive only the limited transaction metadata we need to recognize a payment, issue a refund, or investigate a dispute.

4. Cookies & local storage

We use a minimal number of first-party cookies and storage keys:

  • A signed session token (JWT) so you stay logged in between visits.
  • A preference for your watchlist and saved-for-later state.
  • A short-lived “added to cart” toast indicator.

We do not use third-party advertising cookies or cross-site tracking pixels.

5. Service providers

We share information with the following processors only to the extent necessary to operate the Site:

  • Stripe— payment processing and tax calculation.
  • EasyPost— shipping label generation and tracking via USPS.
  • Resend— transactional and digest email delivery.
  • Anthropic— used internally by our admin tools to assist with grading prep and listing copy. We do not send buyer information to Anthropic.
  • Neon— hosted Postgres database where your account data lives.
  • Vercel— hosting and edge delivery of the Site itself.

6. Marketing communications

As an invite-only marketplace, the only marketing email we send is an optional periodic digest of newly listed cards. You can opt out at any time from your account settings or by using the unsubscribe link in any digest. Transactional emails (order, shipping, dispute, and account-security messages) are not optional.

7. Data retention

We keep your account information while your account is active and for up to seven years after closure to satisfy tax-record obligations and to handle late disputes or chargebacks. You may request earlier deletion subject to those obligations — see Section 9.

8. California & other state privacy rights

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you certain rights regarding your personal information. We do not sell your personal information, and we do not share it for cross-context behavioral advertising. To exercise a “Do Not Sell or Share” right or any other CCPA right, email us at support@bandmcards.com. We extend comparable rights to residents of other states with similar privacy laws.

9. Your rights

You may request access to, correction of, or deletion of your personal information by emailing support@bandmcards.com. We will respond within thirty (30) days. We may need to verify your identity before acting on the request.

10. Children

The Site is not directed to anyone under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

11. Security

We protect your information with TLS in transit, hashed and salted passwords (bcrypt), least-privilege access controls, audit logging on administrative actions, and routine review of our infrastructure. No system is perfectly secure, but we work to keep ours close.

12. International transfers

B&M Cards operates only in the United States and currently ships only within the United States. Our infrastructure is U.S.-hosted. If we expand to other countries in the future, we will update this Policy.

13. Changes & contact

We may update this Policy from time to time. Material changes will be announced by email and reflected in the “Last updated” date above. For any privacy question, email support@bandmcards.com.

TermsPrivacyReturnsContact