Menu
Casa Cards & Collectibles logo

Privacy Policy

Last updated: March 23, 2026

1. Introduction

Casa Cards & Collectibles (“we,” “us,” or “our”) operates the website at casa-cards.com (the “Site”). This Privacy Policy explains what personal information we collect, how we use it, and your rights regarding that information.

By using the Site or placing an order, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect information you provide directly to us, including:

  • Account information — name, email address, and password (stored as a one-way bcrypt hash; we never store your plaintext password)
  • Order information — shipping address, billing address, and order history
  • Payment information — payment is processed entirely by PayPal. We never see, receive, or store your card number, CVV, or full payment details.
  • Communications — messages you send us through the contact form
  • Marketing preferences — whether you have subscribed to our newsletter (opt-in only)

We also collect certain information automatically when you visit the Site:

  • IP address and approximate location (city/region level)
  • Browser type and version
  • Pages visited, referring URL, and time spent on pages (via Google Analytics, with your consent)
  • Session cookies necessary for login and cart functionality

3. How We Use Your Information

We use the information we collect to:

  • Process and fulfill your orders, including sending order confirmation and shipping notification emails
  • Manage your account and authenticate your identity
  • Respond to your messages and customer service requests
  • Send transactional emails (order confirmations, shipping updates, password resets)
  • Send marketing emails, but only if you have opted in — you can unsubscribe at any time
  • Prevent fraud and abuse
  • Improve the Site using aggregated, anonymized analytics data
  • Comply with legal obligations

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

4. Third-Party Services

We use the following third-party services to operate the Site. Each has its own privacy policy governing how they handle data:

  • PayPal — payment processing. PayPal securely handles all payment data and is PCI-DSS compliant. paypal.com/privacy
  • Resend — transactional and marketing email delivery. resend.com/privacy
  • Supabase — database hosting. Your order and account data is stored in a Supabase-managed PostgreSQL database. supabase.com/privacy
  • Vercel — website hosting and CDN. Vercel processes server request logs that may include your IP address. vercel.com/legal/privacy-policy
  • eBay API — we sync our product listings from eBay using their API. No personal customer data is shared with eBay through this integration. eBay Privacy Policy
  • Google Analytics 4 — site analytics (page views, session data). This script only loads if you have accepted analytics cookies via our consent banner. policies.google.com/privacy
  • Cloudflare Turnstile — bot and spam protection on login and contact forms. cloudflare.com/privacypolicy

5. Cookies

We use two categories of cookies:

  • Strictly Necessary — session and authentication cookies required for the Site to function (login sessions, cart state). These are always active and cannot be disabled.
  • Analytics — Google Analytics 4 cookies that help us understand how visitors use the Site. These are only set after you accept analytics cookies via our cookie consent banner. You can withdraw consent at any time by clearing your browser cookies.

You can control cookies through your browser settings or our consent banner. Disabling strictly necessary cookies will prevent you from logging in or using the cart.

6. Data Retention

  • Order records are retained for 7 years to satisfy tax and accounting obligations, even if you delete your account.
  • Account data (name, email, addresses) is retained until you request deletion. You can delete your account from your account profile page.
  • Marketing email subscriptions are retained until you unsubscribe.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your personal data
  • Portability — export your data in a machine-readable format (available from your account profile)
  • Restriction — request that we limit how we process your data
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, email us at orders@casa-cards.com. We will respond within 30 days.

8. Your Rights (CCPA — California Residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Delete your personal information
  • Opt out of the sale of personal information — we do not sell your personal information to any third party
  • Non-discrimination — we will not discriminate against you for exercising these rights

To submit a CCPA request, email orders@casa-cards.com.

9. Data Security

We take security seriously and implement appropriate technical and organizational measures, including:

  • HTTPS encryption for all data in transit
  • Passwords stored as bcrypt hashes (never in plaintext)
  • Payment data handled exclusively by PayPal (PCI-DSS compliant)
  • Database access restricted to server-side code only
  • Rate limiting on authentication and sensitive API endpoints

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Children’s Privacy

The Site is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Continued use of the Site after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

For privacy-related questions, requests, or concerns, please contact us at: orders@casa-cards.com

Casa Cards & Collectibles • Pittsburgh, PA