G.G. GambitAll legal documents →

Legal

Privacy Policy

How Nouvos Solutions LLC collects, uses, shares, and protects information about you in connection with G.G. Gambit.

Effective: May 16, 2026 · Version: 2026-05-16

This Privacy Policy explains how Nouvos Solutions LLC ("Nouvos," "we," "us," or "our") collects, uses, discloses, and safeguards information when you use G.G. Gambit and related products and services (collectively, the "Service"). Capitalized terms not defined in this Privacy Policy have the meanings given to them in our Terms of Service.

If you do not agree with this Privacy Policy, please do not use the Service. You can also reach our privacy team at privacy@nouvos.one.

1. Information We Collect

1.1 Information you provide directly

  • Account information. Your email address, password (hashed), display name, role (Collector or Store), tier (Free, Pro, Business), and similar identifiers needed to create and maintain your Account.
  • Profile and business information. Optional information you choose to provide, including dealer handle, shipping preferences, store name, store address, region of operation, and bio.
  • Card and inventory data. Cards you scan, add to inventory, list, wishlist, or otherwise transact through the Service, including condition, language, quantity, cost basis (if entered), and notes.
  • Scan images. Photographs of physical Cards you capture or upload for identification through our scanning pipeline.
  • Marketplace activity. Listings you create or interact with, offers you make or receive, messages, transaction history, ratings, and reviews.
  • Payment information. Card and bank-account details are collected and processed by our payment processor, Stripe, Inc. We receive limited metadata such as the last four digits of a card, expiration month/year, and the internal Stripe customer/subscription IDs, but do not store full payment numbers on our systems.
  • Communications. Correspondence with our support, legal, or privacy teams (including the email itself and any attachments).
  • Consent records. Records of your acceptance of these documents, your age confirmation, and your marketing-communications preferences.

1.2 Information collected automatically

  • Device and usage data. IP address (truncated where required by law), device model and operating system, app version, language and locale, timezone, referring URL, pages visited, features used, and timestamps.
  • Diagnostic data. Crash reports, error logs, and performance metrics used to diagnose and fix issues.
  • Cookies and similar technologies. See our Cookie Policy for details.
  • Approximate location. Derived from your IP address. We do not collect precise GPS location unless you opt in through a feature that explicitly requests it.

1.3 Information from third parties

  • Authentication providers. If you sign in through a third-party identity provider, we receive the information that provider supplies (typically your email and a stable identifier).
  • Pricing data sources. TCGPlayer, the Pokémon TCG API, eBay, and similar sources supply pricing context but do not provide personal information about you.
  • Payment processor. Stripe provides payment-status updates, payout records, and dispute information related to your transactions.
  • Marketplace counterparties. If you are a buyer or seller, we receive information from the other party necessary to complete the transaction (e.g., shipping address).
  • Fraud and security services. We may receive risk signals from identity-verification or anti-fraud providers.

2. How We Use Information

We use the information described above to:

  • Provide, operate, maintain, and improve the Service, including the card-scanning pipeline, inventory and wishlist management, pricing displays, and the Marketplace.
  • Process transactions and disburse payouts, including the necessary disclosures to our payment processor and to counterparties.
  • Authenticate you and protect the security of your Account, including detecting and preventing fraud, abuse, and unauthorized access.
  • Communicate with you about your Account, transactional events (e.g., listing updates, settlement notices), and important Service updates.
  • Provide customer support and respond to your requests.
  • With your consent or as otherwise permitted by law, send marketing and promotional communications. You can opt out at any time using the unsubscribe link or in your Account settings.
  • Conduct analytics, research, and feature development. Where reasonably feasible we use aggregated or de-identified data for these purposes.
  • Comply with legal obligations, respond to lawful requests, enforce our Terms, protect our rights and the rights of others, and maintain records required by applicable law (e.g., tax, anti-money-laundering, audit).
  • Train and evaluate machine-learning models used in the Service, including image recognition. We do not sell scan images to third parties. REVIEW Confirm with counsel that model training on user scan images is consistent with our intended marketing position.

3. Legal Bases for Processing (EU/UK Users)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the legal bases on which we process your personal data are: (a) performance of a contract with you (operating the Service); (b) our legitimate interests, including securing the Service, preventing fraud, improving features, and pursuing business operations; (c) your consent for processing that requires it (such as certain marketing communications and optional cookies); and (d) compliance with legal obligations.

4. How We Share Information

We do not sell your personal information for monetary consideration. We share information in the following circumstances:

  • With other Users when required by the Service. For Marketplace transactions, we share the limited information each party needs to complete the transaction (display name or handle, listing details, shipping address, reputation metadata).
  • With service providers. Vendors who process information on our behalf, including Supabase (databases and authentication), Vercel (hosting and edge delivery), Stripe (payments), Anthropic and other AI providers (card-image recognition), email and notification providers, and analytics providers. We require these vendors to handle personal information in accordance with this Privacy Policy and applicable law.
  • With pricing-data partners. We send card identifiers (not personal information) to pricing sources to retrieve current market values.
  • For legal reasons. When we believe disclosure is required to comply with a subpoena, court order, or other legal process; to enforce our Terms; to investigate suspected fraud or violations of law; or to protect the rights, property, or safety of Nouvos, our Users, or the public.
  • In connection with a business transaction. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.
  • With your consent. For purposes other than those described in this Policy, when you have given us specific consent.

5. Your Privacy Rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Ask us to correct inaccurate or incomplete data.
  • Deletion. Ask us to delete your personal information, subject to legal retention requirements (see Section 7).
  • Portability. Request a copy of the personal information you provided to us in a structured, commonly-used, machine-readable format.
  • Restriction or objection. Ask us to restrict or object to our processing of your personal information in certain circumstances.
  • Withdraw consent. Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing done before the withdrawal.
  • Non-discrimination. California residents have the right not to receive discriminatory treatment for exercising their privacy rights.

To exercise these rights, contact privacy@nouvos.one. We may need to verify your identity before fulfilling your request. We will respond within the timeframe required by applicable law.

California residents also have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know the categories of personal information collected and the right to opt out of certain disclosures characterized as "sale" or "sharing" under the CCPA. As stated above, we do not sell personal information for monetary consideration; if our practices change we will provide an opt-out mechanism in compliance with the law.

6. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided personal information to us, please contact privacy@nouvos.one and we will take steps to delete it.

7. Data Retention

We retain personal information for as long as is necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law (for example, for tax, accounting, dispute-resolution, or audit purposes). When personal information is no longer needed, we delete or anonymize it. Specific timelines:

  • Active Account data: retained while your Account is active.
  • Scan images: retained for the operation of your inventory and for up to twelve (12) months thereafter for model-quality and dispute purposes. REVIEW
  • Transaction records: retained for at least seven (7) years to satisfy tax and financial-records obligations.
  • Audit log entries: retained indefinitely as compliance records, with the actor identifier replaced by a non-reversible token after account deletion.
  • Deleted accounts: after deletion, personal data is removed or anonymized following the schedule above; some backups may persist for up to ninety (90) days.

8. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include: encryption in transit (TLS) and at rest, role-based access controls, security headers, rate limiting, anomaly monitoring, and regular review of our infrastructure. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. International Data Transfers

We are based in the United States. If you access the Service from outside the United States, your information will be transferred to, processed, and stored in the United States and potentially in other jurisdictions where we or our service providers operate. Where required by law, we use appropriate safeguards (such as the European Commission's Standard Contractual Clauses) to legitimize these transfers.

10. Automated Decisions and Profiling

We use machine-learning models to identify Cards from scan images and to compute pricing estimates. These automated processes do not produce legal or similarly significant decisions about you. We may also use automated tools for fraud prevention, account security, and platform-abuse detection; in those cases, our decisions are reviewed by qualified personnel before any account-level enforcement.

11. Third-Party Sites

The Service may link to third-party websites or services. Their privacy practices are governed by their own policies and not by this Privacy Policy. Please review their policies before sharing information.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice in the Service before the change takes effect. The "Effective" date at the top of this Policy indicates when it was last revised. Your continued use of the Service after the Effective date constitutes acceptance of the revised Policy.

13. Contact Us

Questions, requests, or complaints about this Privacy Policy can be sent to:

Nouvos Solutions LLC
Attn: Privacy
on file with the Illinois Secretary of State
Email: privacy@nouvos.one

EU/UK residents may also lodge a complaint with their local data protection authority.