Privacy Policy

Last updated: March 9, 2026

Card Pilot ("we", "our", "us") operates the Card Pilot application at app.getcardpilot.com. This policy describes what data we collect, how we use it, and your rights regarding that data.

1. Data We Collect

When you use Card Pilot, we collect and store:

• Account information: your email address and a hashed password, used for authentication.
• Product and inventory data: card names, conditions, quantities, images, and listing details that you create or import through the app.
• Shopify store data: product, order, and inventory information accessed through Shopify's API with your authorization. We use this to sync your inventory and detect sales.
• eBay listing data: product and order information accessed through eBay's API with your authorization.

2. Data We Do Not Collect

Card Pilot does not collect, store, or process:

• Customer personal information (names, addresses, payment details) from your Shopify or eBay stores
• Payment or credit card information (billing is handled by our payment processor)
• Browsing history or tracking cookies beyond session authentication

3. How We Use Your Data

We use the data we collect to:

• Provide the Card Pilot service: inventory management, listing creation, sale detection, and cross-channel synchronization
• Authenticate your account and maintain your session
• Generate market values for your inventory using third-party data providers
• Improve the service through aggregate, non-identifiable usage patterns

4. Data Storage and Security

Your data is stored on servers located in France (OVH). All connections are encrypted via TLS. Sensitive credentials (such as Shopify and eBay API tokens) are encrypted at rest using AES-256. Database access is restricted to authenticated application processes only.

5. Third-Party Services

Card Pilot integrates with the following third-party services to provide its functionality:

• Shopify: product, order, and inventory synchronization
• eBay: listing and order management
• Google Gemini: AI-powered card image recognition (images are processed but not retained by Google)
• JustTCG: market value data for trading cards
• Cloudflare: CDN, DNS, and image storage
• Resend: transactional email delivery

We do not sell, rent, or share your data with third parties for advertising or marketing purposes.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account or request data deletion, we will remove your data within 30 days, except where we are legally required to retain it.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your account and associated data
• Export your inventory data via CSV export

To exercise any of these rights, contact us at [email protected].

8. Shopify Data Handling

When you connect your Shopify store, Card Pilot accesses product, inventory, order, and location data through Shopify's API. We use this data solely to synchronize your inventory and detect sales. We respond to all Shopify mandatory compliance webhooks (customer data requests, customer redaction, and shop redaction) within the required timeframes. We do not store Shopify customer personal information.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of Card Pilot after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this privacy policy or your data, contact us at