CardWatchAU

CardWatchAU

Privacy Policy

Last updated: 2 May 2026

CardWatch ("we", "us") operates the website at cardwatch.com.au, a free Pokémon Trading Card Game portfolio and stock-tracking tool for the Australian market. This policy explains what we collect, how we use it, and the choices you have. We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles.

What we collect

  • Google account information when you sign in: email address, display name, and profile picture as supplied by Google OAuth. We do not see your Google password.
  • Collection data you enter: cards and sealed products you mark as owned or watched, purchase prices and dates, notes, variant and condition information, and grading data.
  • Card scan images (when you use the scan feature): uploaded photos are stored only long enough to identify the card and then retained for up to 90 days for quality review, after which they are automatically deleted.
  • Notification preferences: the email address (or Telegram chat) you have linked, which retailers you have subscribed to, and a per-message log of whether each notification was sent, rate-limited, failed, or unsubscribed.
  • Operational logs: server logs of HTTP requests, job runs, and errors. These contain truncated user identifiers but no full personal data.

What we do with it

Personal information is used solely to operate the service: to render your portfolio and price history, to deliver the alerts you have subscribed to, to authenticate you, and to debug incidents. We do not sell your information, do not share it with advertisers, and do not run third-party analytics or tracking pixels on signed-in pages.

Third parties

The service relies on these third parties:

  • Google OAuth for sign-in. Google receives the fact that you are signing in to CardWatch and provides us with the account profile listed above.
  • Amazon Web Services (Sydney region) for hosting, our database, and email delivery via Amazon SES. Email metadata (recipient address, subject, send timestamp) is processed by AWS; email content is rendered server-side and transmitted to AWS only for the duration of the send.
  • Telegramwhen you opt to receive alerts via the CardWatch bot. Linking your account stores your Telegram chat ID; message content is delivered to Telegram's servers for routing.
  • Public catalogue and pricing sources: pokemontcg.io, eBay AU, and various AU retailer websites. These relationships do not involve sharing your personal information; we only retrieve public catalogue and listing data from them.

Cookies

We set a single encrypted authentication cookie (cardwatch-session) when you sign in. It is encrypted with a server-side secret, marked HTTP-only, secure, and SameSite=Lax, and is used purely to keep you signed in across page loads. We do not use third-party cookies, advertising cookies, or analytics cookies.

Data retention

Your account data is retained for as long as your account exists. Card scan images are deleted automatically after 90 days. Notification delivery logs are retained for 12 months for support and abuse investigation; aggregate counts may be retained longer.

Your rights

Under the Australian Privacy Principles you can ask us to access, correct, or delete the personal information we hold about you. Email privacy@cardwatch.com.auwith the subject "CardWatch privacy" and we will respond within 30 days. To stop receiving notifications without deleting your account, click the "Unsubscribe" link in any alert email or disable the channel from your CardWatch settings page.

Security

Data in transit is encrypted with TLS. The database runs in a private AWS network and is not exposed to the public internet. We do not store payment card information; if a paid tier is offered in future, billing will be handled by an external processor (Stripe) and we will only retain a subscription identifier, not card numbers.

Changes

We may revise this policy. Material changes will be announced on the site and take effect 30 days after publication. Continued use of CardWatch after that date constitutes acceptance.

Contact

Questions or requests: privacy@cardwatch.com.au.

Terms of Service · Back to CardWatch