Part of The Trading Card Club

Visit Our Store
The Trading Card Club Grading PSA Submission Service
Start Submission Log In
Menu

Process

How It WorksGrading Prep Service
FAQPricingAboutContact Us
Start Submission Log In

Legal

Privacy Policy

This policy explains how The Trading Card Club Grading collects, uses, stores, and shares information when you use thetradingcardclubgrading.com, create an account, submit cards, pay an invoice, contact us, or pick up an order in store.

Last updated March 8, 2026 No sale of personal information Stripe checkout for payments

What we collect

Account details, contact information, card submission records, invoice/payment status, support messages, and essential session data.

What we do not store

We do not store full payment card numbers or CVV data. Payments are handled through Stripe Checkout.

Main providers

Cloudflare for hosting, Supabase for authentication and database services, Stripe for payments, and Resend for transactional email.

Important third parties

Google may receive data when Maps, Google Fonts, or optional Google sign-in are used. PSA receives information needed to complete grading submissions.

1. Scope

This policy applies to information handled through this grading website and the related submission-management service, including online account creation, order tracking, invoicing, contact forms, status emails, and in-store submission check-in records tied to this site.

This policy does not control third-party sites or services that are merely linked from this site, including The Trading Card Club main website, social platforms, Stripe-hosted checkout pages, PSA systems, or Google properties. Those services may have their own privacy notices and terms.

2. Information We Collect

Account and profile information

  • Name, email address, phone number, street address, city, state, and ZIP code
  • Account credentials and authentication session data
  • Notification preference settings stored in your account profile
  • Optional Google account information if Google sign-in is enabled and used

Passwords are processed through Supabase Auth and are not stored in plaintext by us.

Submission and order information

  • Service tier, submission number, card count, and submission dates
  • Card details such as year, brand, set, card number, player or character name, and color or parallel details
  • Declared value, grade-prep selections, minimum desired grade, and later-added grading results or PSA cert numbers
  • Status history, batch assignments, pickup readiness, and other operational notes

Payment and billing information

  • Invoice totals, fees, payment status, issue dates, and paid dates
  • Stripe checkout session identifiers and payment method labels
  • We do not store full payment card numbers, expiration dates, or CVV codes

Support and check-in records

  • Contact form submissions, including your name, email, subject, and message contents
  • Email delivery logs tied to submission updates and invoice notices
  • In-store check-in records, including verified card count, signed customer name, acknowledgement text, timestamp, and admin notes

We receive most of this information directly from you, from your use of the service, from staff actions taken to manage your order, from payment confirmations sent by Stripe, and from authentication workflows handled by Supabase or optional Google OAuth.

3. How We Use Information

  • Create and secure customer accounts, maintain login sessions, and support password recovery
  • Accept, review, check in, track, and complete PSA grading submissions
  • Generate invoices, reconcile payments, and maintain business and accounting records
  • Send submission confirmations, status updates, invoice notices, payment confirmations, and support replies
  • Coordinate in-store drop-off and pickup workflows and document verified card counts
  • Prevent fraud, misuse, unauthorized access, and service abuse
  • Comply with legal obligations, resolve disputes, and enforce our terms

Based on the current implementation of this site, we do not use it to sell personal information or to run third-party behavioral advertising.

4. Cookies and Similar Technologies

This site uses essential cookies for authentication. Without them, account login, protected pages, and certain account functions will not work properly.

tcc_access_token

Used to authenticate a logged-in user session. Set as an HttpOnly cookie with SameSite=Lax and a max age of up to 14 days.

tcc_refresh_token

Used to refresh an authenticated session. Set as an HttpOnly cookie with SameSite=Lax and a max age of up to 14 days.

tcc_auth_return_to

Short-lived cookie used in the optional Google sign-in flow to remember the page you should return to after authentication. Max age is 10 minutes.

Third-party services may also use their own cookies or similar technologies when you interact with them. Examples include Stripe-hosted checkout, embedded Google Maps, Google Fonts loaded by the site, and optional Google sign-in. We do not control those third-party technologies.

At the time of this update, this site does not intentionally deploy a standalone analytics platform, advertising pixels, or a retargeting cookie stack. Your browser and infrastructure providers may still automatically process IP address, device, browser, and request-log data as part of normal internet operations.

5. How We Share Information

We share information only when needed to run the service, fulfill your request, or comply with legal and operational requirements.

Provider or recipient Why it is used Examples of data involved
Cloudflare Hosting, CDN, request routing, and site security IP address, browser metadata, and request logs handled in the normal delivery of the site
Supabase Authentication, database storage, password recovery, and account management Account details, order records, contact submissions, notification logs, and related profile data
Stripe Hosted payment checkout and payment confirmation webhooks Invoice identifiers, amounts due, checkout metadata, and payment information you provide directly to Stripe
Resend Transactional email delivery Email addresses, subjects, and message content for submission confirmations, status notices, invoice notices, and contact forwarding
Google Embedded map, web fonts, and optional Google OAuth login IP address, user agent, map requests, font requests, and profile or auth details if Google sign-in is used
PSA Operationally required grading partner for submission fulfillment Card details, declared values, service level details, and other information necessary to process the grading order

We may also share information with advisors, insurers, acquirers, successors, law enforcement, or regulators if reasonably necessary for a legal obligation, fraud prevention, dispute resolution, business transfer, or protection of our rights, customers, staff, or property.

6. Payments

Customer-facing online payments are processed through Stripe Checkout. When you click to pay an invoice, you are sent to a Stripe-hosted payment flow. Stripe collects and processes your payment information directly under Stripe's own privacy and security practices.

We keep limited payment-related records needed for operations and accounting, such as invoice totals, payment status, issue and paid timestamps, the payment method label, and Stripe checkout session identifiers.

Do not send payment card numbers through the contact form or regular email.

7. Data Retention

We keep information for as long as reasonably necessary to operate the grading service, maintain your account, support order history, document pickup and payment records, comply with tax and accounting obligations, investigate fraud or misuse, resolve disputes, and enforce our agreements.

  • Account profile data may be retained while your account remains active and for a reasonable period afterward
  • Submission, invoice, grading, check-in, and status-history records may be retained longer because they are tied to operational and business records
  • Contact form messages may be retained as part of our customer-support history
  • Auth cookies persist until they expire, you log out, or they are cleared from your browser

If you ask us to delete your data, we may retain information that we are required or reasonably permitted to keep for legal, security, operational, or accounting reasons.

8. Security

We use a combination of technical, administrative, and access-control measures that are designed to protect the information we maintain. Based on the current codebase, that includes authenticated access controls, role-based admin restrictions, database row-level security, secure checkout through Stripe, and HttpOnly auth cookies for logged-in sessions.

No website, database, or transmission method is completely secure. You should use a strong password, protect your device, and notify us promptly if you believe your account has been accessed without authorization.

9. Your Choices and Rights

  • You can review and update core profile information from your account dashboard
  • You can contact us to request access, correction, or deletion of information we control, subject to legal and operational limits
  • You can log out and clear browser cookies, though account features may stop working until you sign in again
  • You can choose not to use optional Google sign-in if that feature is enabled
  • You can avoid third-party content such as Google Maps by not loading those pages or embeds

If you live in a state with specific privacy rights, you may also have rights to know, access, correct, delete, or appeal certain decisions. We will review requests in light of applicable law and the nature of the records involved.

Some communications are transactional and service-related. Even if your profile includes notification preference settings, we may still send messages that are needed to administer your account, confirm submissions, collect payment, or coordinate pickup.

10. Children's Privacy

This site and grading workflow are not directed to children under 13. If you believe a child provided personal information to us without appropriate permission, contact us and we will review the request.

11. Changes to This Policy

We may update this policy from time to time as the service changes, vendors change, new features are added, or legal requirements evolve. When we make changes, we will update the "Last updated" date on this page.

12. Contact Us

If you have questions about this policy or want to make a privacy-related request, contact us here:

The Trading Card Club Grading

745 N Gilbert Rd. Suite 106, Gilbert, AZ 85234

Email: [email protected]

Phone: 480.572.1900