Privacy Policy
This Privacy Policy describes how Gemmr (“we,” “us,” or “Gemmr”) collects, uses, stores, and shares information about you when you use gemmr.com or any service we provide (collectively, the “Service”). By using the Service you agree to the practices described here. If you do not agree, do not use the Service.
1. Information we collect
1.1 Information you provide directly
When you create a Gemmr account, we collect the email address, username, and (for email/password accounts) the password you provide. If you sign in using a third-party identity provider such as Google or Discord (“SSO providers”), we receive your email address and basic profile information (name, profile picture URL when available) from that provider. We do not receive your password from SSO providers.
You may optionally provide additional profile information including a display name, biography, and social media handles. These fields are optional and you control what you share.
1.2 Card images and grading data
The core function of the Service is artificial-intelligence-based pre-grading of trading cards. When you submit a scan, you upload one or more images of a trading card. These images and the grading predictions we generate from them (sub-grades, predicted grades across grading services, verdict, written notes) are stored in our database and image storage. You can delete individual scans at any time from the scan detail page. You can also mark scans public or private; public scans are visible at your public profile URL.
1.3 Usage information
We collect information automatically when you use the Service, including IP address, browser type, device information, pages viewed, scans submitted, and timestamps. We use this for security, abuse prevention, and product improvement.
1.4 Cookies and similar technologies
We use cookies and similar technologies to maintain your session, remember your preferences (such as theme), and operate the Service securely. Authentication cookies are essential for the Service to function. We do not use third-party advertising or behavioral tracking cookies.
1.5 Payment information
When payment functionality is enabled, payments are processed by Stripe, Inc. We do not store your credit card number, CVV, or full payment credentials on our servers. Stripe stores and processes that information under its own privacy practices. We retain limited transaction metadata (amount, date, plan purchased, last four digits of card) so we can show you your billing history and operate your subscription.
2. How we use your information
We use the information we collect to:
- Provide, operate, and improve the Service, including generating AI-based grading predictions on your card images
- Authenticate you, maintain your account, and protect your account from unauthorized access
- Display your public profile (if you choose to make it public) and any scans you choose to make public
- Communicate with you about your account, including sending verification, password-reset, security, and service-related emails
- Send you optional product updates, changelog announcements, and Discord community invitations (you can opt out at any time)
- Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Use
- Process payments and operate subscription billing (when applicable)
- Comply with legal obligations
3. AI processing of card images
To generate grading predictions, we send your card images to a third-party large language model provider, currently Anthropic, PBC (“Anthropic”), via its API. Anthropic processes images solely to return grading analysis to us and operates under its own privacy and data-handling policies. We have configured our integration to use Anthropic’s API for inference only; under our current agreement Anthropic does not use your inputs to train its models.
If Anthropic’s terms change, or if we add or change AI processing providers, we will update this policy. AI-generated grading predictions are estimates, not certifications — see our Terms of Use for the full disclaimer.
4. How we share information
We do not sell your personal information. We share information only as follows:
- Service providers. We share information with vendors who help us operate the Service, including: Supabase, Inc. (database, authentication, and image storage), Vercel, Inc. (web hosting), Anthropic, PBC (AI grading inference), Resend, Inc. (transactional email), and Stripe, Inc. (payments, when enabled). Each provider only receives the information necessary to perform its function and is contractually obligated to protect it.
- Public content. Information you mark as public (your profile page, scans you choose to make public, social handles you share, your username) is visible to anyone who visits the relevant URL. Public scans may also be discoverable via search engines.
- Legal compliance. We may disclose information if required by law, subpoena, or court order, or to protect the rights, property, or safety of Gemmr, our users, or the public.
- Business transfers. If Gemmr is acquired, merged, or undergoes a business transfer, your information may be transferred as part of that transaction. We will notify you of any such transfer that materially changes how your information is handled.
5. Data retention
We retain your account information for as long as your account is active. If you delete your account, we delete or anonymize associated personal information within 30 days, except where we are required to retain certain records for legal, accounting, security, or fraud-prevention purposes. Card images and scans you delete are removed from active storage promptly; backup copies may persist in time-limited backups for up to 90 days.
6. Your rights and choices
You have the right to access, correct, export, or delete your personal information. You can:
- Update your profile and preferences from your Settings page
- Change your username one time, and your password at any time
- Delete individual scans from each scan’s detail page
- Link or unlink Google/Discord sign-in methods from Settings
- Request account deletion by emailing hello@gemmr.com
- Request a copy of the personal information we hold about you by emailing hello@gemmr.com
Depending on where you live, you may have additional rights under applicable law, including the California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR), or other regional privacy laws. To exercise these rights, contact us at hello@gemmr.com.
7. Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at hello@gemmr.com and we will delete it promptly. Users between 13 and 18 should have parental permission before using the Service.
8. Security
We take reasonable measures to protect your information, including encryption in transit (HTTPS), encryption at rest for sensitive data, password hashing, role-based database access, and routine security review of our infrastructure. No system is perfectly secure, however, and we cannot guarantee that unauthorized access will never occur. If we become aware of a breach affecting your personal information, we will notify you as required by applicable law.
9. International users
Gemmr is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States and possibly other countries where our service providers operate. By using the Service you consent to this transfer.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or via a notice in the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
11. Contact
If you have questions about this Privacy Policy or how we handle your information, contact us at hello@gemmr.com.