Privacy Policy

Last Updated: May 19, 2026

This Privacy Policy explains what information Vendy, Inc. collects when you use the Vendy iOS app or onvendy.com, how we use it, and the choices you have. Vendy is built for trading-card vendors and we try to keep data collection limited to what the Service actually needs.

1. Information You Give Us

Account info from your sign-in provider — when you sign in with Google, Apple, or X we receive a user ID, your email (Apple may give a private relay address), and your name / profile photo if available.
Profile data — display name, vendor name, city, state, bio, profile photo, and links you add (Instagram, Whatnot, Treasure).
Inventory and listings — card photos, scanned cert / slab data, set, grade, price, notes.
Activity — sales metrics, daily pulls, reviews and ratings you post, and messages you send to other vendors.
Connected Gmail data (only if you opt in) — if you choose to connect Gmail for Payments sync, we read payment-notification emails from Venmo, PayPal, and Zelle (last 90 days) in order to surface them in your Payments dashboard. See the "Gmail Integration" section below for full detail on what we access, how it's stored, and how to disconnect.

2. Information Collected Automatically

Device and app info — device model, iOS version, app version, language, time zone, and basic logs we use for debugging and abuse prevention.
Approximate location — used for local vendor discovery and nearby listings. We don't continuously track your location.
Push notification token — if you opt in to notifications, we store the Apple Push Notification token tied to your account so we can deliver alerts.

3. iOS Permissions

Camera — to scan slabs, certs, and raw cards. Image data captured for OCR is processed on-device using Apple Vision and is not sent to a server unless you explicitly save it (e.g. attach it to inventory).
Photo Library — only when you choose a photo for a listing or your profile.
Location — only when used for "near me" features.
Notifications — only if you opt in.

You can change any of these in iOS Settings → Vendy at any time.

4. How We Use Information

Run the Service: authenticate you, sync your inventory across devices, deliver messages, show your public profile, surface comps and "lowest listed" data
Improve and debug the app
Detect fraud, counterfeit listings, and abusive behavior
Send transactional notifications (messages, reviews, sign-in alerts) if you've enabled them
Comply with legal obligations

We do not sell your personal information.

5. What Other People See

Your public profile (display name, vendor name, city/state, bio, profile photo, links) is visible to other Vendy users
Listings you publish and reviews you write are visible to other users
Messages are visible to the recipient(s) you send them to
Email, push tokens, and the raw IDs from your sign-in provider are not shown to other users

6. Third-Party Services We Use

Supabase — authentication and database hosting
Google, Apple, X (Twitter) — sign-in providers
Apple Push Notification service — delivering notifications
Vercel — web hosting
eBay, PriceCharting — pricing data sources we query on your behalf; we don't share your personal information with them
Treasure — only when you connect your account so the events screen can show your shows
Card Ladder — your CL account, your data; details in the next section
Gmail (Google) API — read-only access to your inbox for the Payments feature, only if you connect; details in the Gmail Integration section below

7. Card Ladder Pro Integration

Card Ladder is a separate company and a separate product. Vendy can use your Card Ladder Pro account on your behalf to look up CL Values and recent sales. Because this is a sensitive integration, we want to be very explicit about how it works.

What we receive when you connect

If you connect with email + password: you type them into the Vendy "Connect Card Ladder" screen. Vendy forwards them, one time, to Card Ladder's authentication provider (Firebase) so it can issue you a session. We do not save your Card Ladder username (email) or password — they pass through our backend to Firebase and are discarded immediately.
If you connect with "Sign in with Google": we forward only the Google OAuth token CardLadder needs. We don't save your Google password (Google never gives it to anyone, including us).
From Card Ladder we get back a refresh token tied to your CL account, plus a flag indicating whether your account is on the Pro plan, plus your CL email so the app can show you who's connected.

Where the Card Ladder token lives

The refresh token is stored only on your device, in app storage scoped to your Vendy user ID (vendy_cl_auth_<userId>).
It is not written to Vendy's database, not synced to other devices, and not backed up to our servers.
It is never exposed to other Vendy users. Other vendors can't see whether you're connected, can't see your CL email, and can't see your token.
If Card Ladder rotates the token (their auth provider does this periodically), the new token is sent back to your device and replaces the old one in place.

What happens during a Card Ladder lookup

When you scan a slab or run a Card Ladder Pro lookup, your refresh token is sent from your device to Vendy's backend with that one request.
Our backend exchanges the refresh token with Card Ladder's auth for a short-lived access token, calls the relevant Card Ladder endpoint (cert info, value, sales history), and returns the result to your device.
The access token is held only in memory for the duration of that single request. The refresh token isn't logged or persisted on our side.
If Card Ladder responds that your session expired or you aren't on Pro, Vendy clears the local CL state and asks you to reconnect.

Disconnecting

You can disconnect Card Ladder from inside Vendy at any time, which deletes the local refresh token from your device. That's the only place it lives, so once it's removed your Card Ladder account is no longer reachable from this device through Vendy. Your Card Ladder account itself is unaffected — manage it directly at app.cardladder.com.

8. Gmail Integration & Google API Services Limited Use

Vendy offers an optional Payments feature that scans your Gmail inbox for payment notifications from Venmo, PayPal, and Zelle so you can reconcile card sales without leaving the app. This section explains, in plain language, exactly what we access and how Vendy's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

What you authorize

When you tap "Connect Gmail" we open Google's OAuth consent screen and request a single restricted scope: https://www.googleapis.com/auth/gmail.readonly. That scope grants Vendy read-only access to your Gmail messages and settings. You must explicitly grant consent — Vendy cannot reach your Gmail without you completing this flow.

What we actually read

Once connected, Vendy queries Gmail with a narrow filter:

(from:venmo.com OR from:paypal.com OR zelle) newer_than:90d

We fetch matching messages only. For each one we parse the sender, subject, date, and a short snippet to identify the payment direction, amount, and counterparty. We do not read, store, transmit, or analyze any email that does not match this filter.

What we never do

We do not send, draft, modify, label, archive, or delete email.
We do not read non-payment emails.
We do not transfer your Gmail data to any third party except as necessary to provide the user-facing Payments feature (e.g. our hosting and database providers, listed above), to comply with applicable law, or as part of a merger or acquisition with notice to you.
We do not use, share, or sell your Gmail data for serving advertisements, including retargeting, personalized ads, or interest-based ads.
We do not use your Gmail data to train, fine-tune, or improve generalized or non-personalized machine learning or artificial intelligence models.
We do not allow humans to read your Gmail data, except: (i) with your explicit consent for a specific message; (ii) when necessary for security purposes such as investigating abuse; (iii) when required by law; or (iv) where the data has been aggregated and anonymized for internal operations.

Vendy's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

How Gmail data is stored

Your Gmail OAuth refresh token is stored on our server (in the gmail_connections table) so we can keep syncing payments after your session expires. The token is encrypted at rest on Vendy's infrastructure; the encryption key is held server-side and is not exposed to other Vendy users.
Parsed payment metadata (sender, amount, date, source, direction, the email's Gmail thread ID) is stored alongside your Vendy account so the Payments dashboard can render. We do not store full email bodies.
Gmail data is never shown to other Vendy users. Your Payments dashboard is visible only to you.

Disconnecting and deleting your Gmail data

You can revoke Vendy's access to Gmail at any time, from either side:

Inside Vendy: open the Payments tab and tap Disconnect. This deletes our copy of your refresh token and the parsed payment metadata derived from it.
From your Google account: visit myaccount.google.com/permissions and remove Vendy. This invalidates the refresh token Google issued us; the next time Vendy tries to sync, it will fail and prompt you to reconnect.

For complete deletion of all Vendy-side data (including parsed payments), email privacy@onvendy.com and we will purge it.

9. Data Retention

We keep your data for as long as your account is active. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where we need to keep records for legal, fraud-prevention, or dispute-resolution reasons.

10. Your Choices

Edit profile info in the app at any time
Turn off camera, photos, location, or notifications in iOS Settings
Sign out from the More menu
Disconnect Card Ladder from the Card Ladder Tools screen
Disconnect Gmail from the Payments screen (deletes the refresh token and parsed payment metadata)
Request deletion of your account and personal data by emailing privacy@onvendy.com

11. Security

We use HTTPS, encrypted credentials, scoped API keys, and row-level security on our database. No system is perfectly secure, but we work to protect your data and notify you if something material changes.

12. Children

Vendy is not intended for children under 13 and we don't knowingly collect personal information from them. If you believe a child has given us personal info, contact us and we'll delete it.

13. International Users

Vendy is operated from the United States. By using the Service, you understand your information may be processed in the U.S.

14. Changes to This Policy

If we make material changes, we'll update the "last updated" date and, where appropriate, notify you in the app.

15. Contact

Questions or data requests: privacy@onvendy.com.