← Back to HomePrivacy Policy
Last updated: June 8, 2026
Introduction
SlabTracked ("we," "us," or "our") provides a submission-tracking and listing platform for graded collectibles — including comics, trading cards, magazines, video games, and other slabbed items graded by services such as CGC and PSA. This policy explains what information we collect, how we use it, and the choices you have. It covers both the SlabTracked web application and the SlabTracked browser extension. By using SlabTracked, you agree to this policy.
1. Information We Collect
Account information
- Name and email address
- Password (hashed; never stored in plain text)
- Subscription tier and billing details (processed by Stripe)
- Dealer/business information, if you provide it
Submission & collectible data
- Invoice and submission details from your grading accounts
- Cert numbers, grades, and certification data
- Item titles, issue/set numbers, and variant information
- Grading status updates and shipment tracking
- Images of your items and certification pages
Marketplace data
- eBay listing drafts and templates
- Whatnot inventory data (if connected)
- Shopify store connections (if configured)
Optional grading-account credentials
If you choose to enable auto-login in the browser extension, the grading-account email and password you enter are stored locally in your browser's extension storage on your own device and are used solely to sign in to your own CGC or PSA account. See "Browser extension" and "Data storage & security" below.
Usage information
- Login times and feature usage within the web app
- Browser and device information
- Error and diagnostic logs
2. Browser Extension
The SlabTracked browser extension runs locally in your browser and acts only on pages of the specific grading and marketplace sites listed below, and only while you are signed in to your own accounts. It does not track your general browsing history and does not read or collect data from sites outside the list below.
Permissions and why they are used
| Permission | Purpose |
|---|
| storage | Store your settings, sync state, and (optionally) auto-login credentials locally |
| scripting | Read submission/cert/tracking data and assist with listing entry on supported pages |
| tabs, tabGroups | Open and group the background tabs used for syncing and PSA relay |
| cookies | Detect your existing CGC/PSA session so we can sync; never transmitted to third parties |
| downloads | Save exports and certification images to your device when you request them |
| clipboardWrite | Copy values such as cert numbers when you invoke a copy action |
| webNavigation | Detect navigation on supported sites so content scripts run at the right time |
| notifications | Alert you when a tracked submission changes status |
| alarms | Schedule periodic background syncs |
| declarativeNetRequest | Set a request header on your own PSA grading-API requests for API compatibility |
Sites the extension works with
- CGC (cgccomics.com) — sync your submission and certification data
- PSA (psacard.com, collectors.com) — sync your PSA submission data and session
- eBay (ebay.com) — help you create and manage listings
- FedEx (fedex.com) — read delivery status of your grading shipments
- Whatnot (whatnot.com) — help you add and edit your inventory
- SlabTracked (slabtracked.com) and your own cloud storage — sign you in and sync your data to your account
- Telegram / Discord — only contacted if you provide your own bot token or webhook for notifications
3. How We Use Your Data
- Sync and display your grading submissions and statuses
- Send status notifications by email and, if you opt in, Telegram or Discord
- Help you pre-fill marketplace listings with your item data and images
- Track shipments
- Provide analytics such as turnaround times and grade distribution
- Process subscription billing
- Maintain, secure, and improve the service
4. Data Storage & Security
- In transit — data between your browser and our servers is encrypted with TLS
- At rest — our database is hosted on Supabase with encryption at rest
- Passwords — hashed and never stored in plain text
- Server-stored grading credentials — where credentials are stored on our servers to support optional features, they are encrypted at rest using AES-256-GCM
- Extension auto-login credentials — if you enable auto-login, those credentials are kept in your browser's local extension storage on your device and are used only to log in to your own grading accounts; you can remove them at any time from the extension
- Payment data — we never store full card numbers; payments are handled by Stripe
5. Data Sharing
We do not sell, rent, or share your personal data with third parties for advertising or marketing, and your synced collectible data is associated only with your own SlabTracked account. We share data with service providers only as needed to operate SlabTracked:
- Stripe — subscription payments (privacy policy)
- Supabase — database hosting (privacy policy)
- Vercel — application hosting (privacy policy)
- Telegram / Discord — only if you opt in and provide your own credentials, to deliver notifications to yourself
6. Your Rights
- Access — view your data through your dashboard or request a copy
- Correction — update inaccurate information
- Deletion — request deletion of your account and associated data
- Export — download your submission data in a portable format
- Opt out — disable notifications or data sync at any time
To exercise these rights, email privacy@slabtracked.com.
7. Data Retention
- Active accounts — data retained while your account is active
- Cancelled subscriptions — data retained on the free tier per your plan
- Deleted accounts — data deleted within 30 days of your request
- Backups — encrypted backups retained for up to 90 days for disaster recovery
8. Cookies & Local Storage
We use session cookies for authentication and browser/extension storage to remember your preferences and keep synced data available locally. The extension stores data locally on your device and communicates with our servers only to sync your own data. You can clear this data at any time through your browser settings.
9. Children's Privacy
SlabTracked is not intended for children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact privacy@slabtracked.com and we will delete it.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. Continued use of SlabTracked after changes constitutes acceptance of the updated policy.