The short version
We do not store your photos. A photo is used only to identify your card during a single request, then discarded. To read the card, the photo is sent to OpenAI. We do not have accounts or run advertising, and the analytics we use are cookieless and aggregate.
Photos you take
Your photo is compressed in your browser and sent to our server only to identify the card. We never write your photo to disk or to any storage — it exists only in memory while your request is processed, then is discarded when the request ends.
To avoid re-processing an identical photo, our identification cache stores a one-way SHA-256 hash of the image (a short fingerprint) alongside the resulting card details. The hash cannot be turned back into your photo, and the image itself is never saved. These cached entries expire automatically after 30 days.
AI card identification
To read the card in your photo, the image is sent to OpenAI, which provides the AI model that identifies the card. Under OpenAI's API data-usage policies, data submitted through their API is not used to train their models and is retained only briefly for abuse and misuse monitoring before deletion. OpenAI processes the image under its own policies, which we do not control; you can review them at openai.com/policies/api-data-usage-policies.
Device identifier & search limits
To enforce a limit of 5 searches per day, we generate a device fingerprint and keep a daily counter. The counter is stored temporarily and expires automatically after 24 hours. This identifier is not linked to your name, an account, or any contact information — we do not collect those.
Bot protection
Each search runs a Cloudflare Turnstile check to block automated abuse. Turnstile processes data under Cloudflare's privacy policy.
Pricing lookups
To find recent sale prices, we send the identified card's text details (player, year, set, card number, and grade) to the eBay API. Your photo is never sent to eBay. Recent price results are cached for up to 6 hours to avoid repeated lookups.
Analytics & performance
We use Vercel's privacy-friendly analytics to understand aggregate traffic and to measure real-world performance (such as how quickly pages load). We also record anonymous, aggregate counts of how identification performs — for example, how often a photo isn't a card, or when we need to ask for the back of a card. These measurements use no cookies, set no cross-site identifiers, and never include your photo, your device fingerprint, or any personal data.
What we don't do
- No accounts, logins, or passwords.
- No advertising or tracking cookies, and no cross-site tracking.
- We do not sell or share your data for marketing.
Changes to this policy
We may update this policy as the service evolves. The “Last updated” date above reflects the most recent version.
Contact
Questions about this policy? Contact us at support@deeprangelabs.com.