Privacy Policy

Last updated: June 2026

Who we are

Nevalence operates pocketvault.io (a trading name of Nevalence). Nevalence is the data controller for personal data processed through the Service. Contact: privacy@pocketvault.io.

Data we collect

• Account: email, display name, optional username, avatar, bio, socials.
• Scans: photos of cards you upload, AI grading results, and defect coordinates.
• Usage: timestamps of scans, page views, device/IP metadata, and aggregated metrics.
• Billing: processed by Stripe — we never receive or store full card numbers. We retain a customer ID, transaction status, and invoice metadata.
• Support: messages you send us.

How we use it & legal basis (GDPR)

• To provide the grading service and your vault — performance of a contract.
• To send transactional emails (grade complete, billing, disputes) — performance of a contract.
• To improve the AI grader using anonymised, aggregated data — legitimate interest.
• Fraud prevention and security monitoring — legitimate interest and legal obligation.
• Optional analytics and marketing — consent, which you can withdraw at any time.

Sharing

We do not sell your data. We share with the following categories of recipients:

• Payment processor: Stripe — billing, invoicing, fraud and tax handling.
• Hosting & storage: Supabase, Cloudflare.
• AI model providers via a secure gateway (image grading only — no PII).
• Email delivery providers for transactional emails.
• Professional advisers (legal, accounting) where strictly necessary.
• Authorities when legally required.

Public profiles

Public profile pages and shared grade cards are accessible without sign-in. You control what is public from Settings → Profile.

Cookies

We use essential cookies (auth session) and optional analytics. You can decline analytics from the banner shown on your first visit.

Your rights

• Access, correct, export, or delete your data — from Settings → Your data, or by emailing privacy@pocketvault.io.
• Object to or restrict processing, withdraw consent, and lodge a complaint with your local supervisory authority.
• We respond to verified requests within one month.

Retention

We retain account data while your account is active. Deleted accounts and their scans are purged within 30 days. Billing records are retained as required by law (typically up to 7 years). Anonymised aggregates may be retained indefinitely.

Security

We apply industry-standard technical and organisational measures — encryption in transit, access controls, and audit logging.

International transfers

Some processors operate outside the EEA/UK. Where required, transfers are protected by Standard Contractual Clauses or an adequacy decision.

Children

Not intended for users under 13.

Contact

Nevalence — privacy@pocketvault.io