Privacy Policy
Slabbr ("we," "us") is a Chrome extension and web service that identifies trading-card images on third-party livestreams and shows market prices. This Privacy Policy describes what we collect, why, and how to control your data.
1. What we collect
- Account info: the email address you provide when signing up. Used to authenticate you and send transactional email.
- Scan data: when you press the scan shortcut, the extension captures a single video frame from your browser and sends it to our servers, which forward it to our vision-API partner (Ximilar) for card identification. We do not store the image after the API call resolves.
- Usage counters: a per-day count of how many scans you've made, stored against your account for quota enforcement and billing.
- Payment info: if you subscribe to a paid plan, payment processing is handled by Stripe. We never see or store your card number; we only retain Stripe's customer and subscription IDs.
- Diagnostics: minimal server logs (timestamp, endpoint, response status). No request bodies, no images, no IP addresses are stored in our application logs.
2. What we do NOT collect
- We do not run analytics, tracking pixels, or third-party advertising scripts on the extension or the landing page.
- We do not read or store the content of Whatnot streams beyond the single scan frame you initiate.
- We do not sell or share your data for marketing purposes.
3. Third-party processors
Slabbr relies on a small number of vendors who process data on our behalf:
- Supabase — account auth and database hosting. Privacy policy.
- Stripe — payment processing (paid plans only). Privacy policy.
- Ximilar — vision API for card identification. Receives scan images at request time only. Privacy policy.
- JustTCG / TCGCSV — public pricing data sources. We send card identifiers (name, set, number) — never personal data — to look up market prices.
- Resend — transactional email delivery (sign-in codes, billing receipts).
- Vercel — hosting for the website and serverless functions.
4. Data retention
Account email, profile, and subscription state are retained for as long as your account exists. Daily usage counters are retained for 90 days for billing dispute resolution, then deleted. Scan images are not retained at any stage.
5. Your rights
You can request access to or deletion of your data at any time by emailing the address below. Deletion is performed within 30 days. Active subscriptions must be canceled in the Stripe customer portal before account deletion.
6. Cookies
The Slabbr extension uses chrome.storage.local on your machine to remember settings and your scan tab. The landing page does not set tracking cookies; Supabase auth and Stripe Checkout may set strictly-necessary cookies during the auth and payment flows.
7. Children
Slabbr is not directed to children under 13 and we do not knowingly collect data from them. If you believe a child has signed up, contact us and we will delete the account.
8. Changes to this policy
We will update the "Last updated" date at the top whenever this policy changes. Material changes will also be announced via email to active users.
9. Contact
Questions or requests: hello@slabbr.pro