Privacy Policy
Last updated: 2026-05-02
Who we are
BallnX ("we", "our", "the service") is a football card tracking and price analytics platform operated by Yoland Moutama, based in Stockholm, Sweden. The data controller is the publisher named in the Legal Notice.
What data we collect
Information you provide directly:
- Email address, when you subscribe to the waitlist or newsletter
- Payment information, if you subscribe to a paid plan (processed by our payment provider, Lemon Squeezy — we never see or store your card details)
Information collected automatically:
- Anonymized usage analytics via Umami, a self-hosted open-source analytics tool. Umami stores hashed (not cleartext) daily visitor identifiers and does not set tracking cookies. No personal data is sent to third parties.
- Standard server logs (IP address, user agent, timestamp, requested URL) maintained by our hosting provider for security and debugging purposes. These logs are kept for a maximum of 30 days and are not used for profiling.
Card scans and catalog contributions:
- When you upload a card photo to /identify, we store the image and the identification result for up to 30 days under a private token-only URL (not indexed). You can request earlier deletion by contacting us.
- If you submit a card via the "Add this card to the catalog" form on a no-match scan, we keep the structured fields you provide (player, year, set, parallel, numbered, flags, optional note and email) plus the image you uploaded. By ticking the consent box on the form, you confirm you have the right to share this image as a catalog reference. Submissions are reviewed by a human; rejected submissions are kept only for spam-prevention purposes; approved submissions may have the image and metadata published as part of the public BallnX catalog.
- If you provide a "wrong match" or "I know which card this is" correction, we keep the correction event so the identification pipeline can learn from it. No personal data is published.
Browser-local storage (no server transmission):
ballnx_anon_session— a random opaque token (no personal data) used to attribute pre-signup card scans to the matching user account when you sign up later. Stored in browserlocalStorage, scoped to theballnx.comorigin, sliding 7-day expiry. Cleared automatically after the post-signup transfer or when you clear your browser storage.ballnx_lot_anonymous— the running lot of cards you've scanned before signing up (canonical card identifiers, estimated values, scan timestamps). No personal data ; no email, IP, or fingerprint. Used only to display your "Your lot so far" sticky banner and the /lot page on this device. Cleared automatically after post-signup transfer to your collection, when you press "Clear lot" on /lot, or when you clear your browser storage.
- When you click an eBay listing link, eBay may set its own cookies on your device as part of the eBay Partner Network program. This is governed by eBay's own privacy policy. These cookies are only set with your prior consent (see Cookie banner).
What we do not collect
- We do not sell, rent, or share your email with third parties.
- We do not use advertising cookies or third-party trackers on our pages.
- We do not build user profiles or track cross-site activity.
Why we collect this data
| Purpose | Legal basis (GDPR) |
|---|---|
| Sending waitlist and newsletter emails | Your explicit consent |
| Processing paid subscriptions | Performance of a contract |
| Anonymized analytics (Umami) | Legitimate interest (understanding traffic without tracking individuals) |
| Server logs | Legitimate interest (security and service continuity) |
| eBay affiliate cookies | Your consent via cookie banner |
How long we keep your data
| Data | Retention |
|---|---|
| Waitlist / newsletter email | As long as you remain subscribed, or until you request deletion. Inactive accounts (no opens, no clicks) are purged after 3 years. |
| Payment records | As required by applicable tax law (typically 10 years) |
| Anonymized analytics | Aggregated only, no expiry |
| Server logs | 30 days maximum |
| Card scans (raw upload) | 30 days from upload, then auto-deleted from server uploads directory |
| Card scans (anonymized copy for algorithm training) | To improve our card identification algorithm, we retain an anonymized copy of your scan image together with the tuple you confirmed (player + set + year). These records are linked only to a random session identifier and never to your account, email, or personal information. Retention : indefinite. You can request deletion at any time via the GDPR section below — your records are soft-deleted immediately and the underlying images are removed within 30 days. |
| Catalog contributions (pending or rejected) | Up to 12 months for spam prevention & audit; deleted earlier on request |
| Catalog contributions (approved + promoted) | Image and metadata become part of the public catalog; submitter email is purged once promotion is complete |
| User corrections (wrong match / catalog pick) | Retained as anonymous training signal for the identification pipeline |
Your rights under GDPR
You can, at any time:
- Access the data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (right to be forgotten)
- Request a portable copy of your data
- Object to processing based on legitimate interest
- Withdraw consent where consent is the legal basis
To exercise any of these rights, email hello@ballnx.com. We will respond within 30 days.
If you believe we are not handling your data properly, you can lodge a complaint with your national data protection authority (in France: CNIL, https://www.cnil.fr).
International transfers
Our hosting is located in Germany (Hetzner). Our email provider may be located in the EU or in countries with adequate data protection as recognized by the European Commission. We do not transfer your data to countries without adequate protection.
Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent version. Material changes affecting your rights will be communicated by email to subscribers.
Contact
For any privacy-related question: hello@ballnx.com