Gemaura

Privacy Policy

Last updated: June 2026

1. Introduction

Gemaura ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your data. It applies to all users of our Service globally, including users in the European Union (GDPR) and California (CCPA).

2. Data We Collect

We collect the following data when you use Gemaura:

  • Account data: Your email address and encrypted password, provided when you register.
  • Card images: The front and back images you upload for grading. These are stored to power your grading history.
  • Grade history: The grades and analysis generated for each submission, including date and result.
  • Usage data: Number of grades used per billing cycle, plan type, and billing dates.
  • Payment data: Payments are processed by a third-party payment provider. We do not store your card number or billing details.

3. How We Use Your Data

  • To provide the grading service and display your grading history
  • To manage your account and subscription
  • To improve our AI model (using anonymized, aggregated data only)
  • To send you important account notifications (no marketing without consent)
  • To comply with legal obligations

4. Data Storage and Security

Your data is stored securely using Supabase, hosted on AWS infrastructure. We use industry-standard encryption in transit (TLS) and at rest. Access to your data is restricted to your account only via Row Level Security.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, your data — including uploaded images and grade history — will be permanently deleted within 30 days.

6. Sharing Your Data

We do not sell your data. We share data only with:

  • Supabase — database and authentication provider
  • Payment processor — to handle subscription payments

All third-party providers are bound by data processing agreements.

7. Your Rights (GDPR / CCPA)

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict certain processing
  • Export your data in a portable format

To exercise any of these rights, contact us at privacy@[YOURDOMAIN]. We will respond within 30 days.

8. Cookies

We use only essential cookies required for authentication (session tokens). We do not use tracking or advertising cookies.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests, contact us at privacy@[YOURDOMAIN].