Card Pulse Beacon

Sign In

Privacy Policy

Last updated: May 6, 2026

1. Scope

This Privacy Policy explains how Card Pulse Beacon ("Card Pulse Beacon", "we", "us", or "our") collects, uses, shares, and protects personal information when you use our website, web application, and related services (collectively, the "Services").

Card Pulse Beacon is the data controller for personal data processed under this Privacy Policy.

By using the Services, you acknowledge that your information will be handled as described in this policy.

2. Information We Collect

We collect information in the following categories:

  • Account information: email address, authentication/session data provided by our authentication provider, and account identifiers. Passwords are handled by our authentication provider and are not stored by us.
  • Google Sign-In data: if you choose to sign in with Google, we receive information needed to authenticate your account, including your Google account email address, Google account identifier, and basic profile information such as name and profile picture.
  • Profile and settings data: notification preferences, watchlist items, search preferences, and related account settings.
  • Communications data: alert delivery status, unsubscribe preferences, and related delivery metadata where applicable.
  • Notification delivery data: push subscription details (such as endpoint identifiers and public keys used for push delivery) and webhook destination metadata when you enable notification integrations.
  • Content you submit: feedback submissions, support messages, and other information you choose to provide.
  • Technical and usage data: IP address, browser and device information, request metadata, app interactions, and security logs generated while using the Services, and may include approximate location inferred from IP address.
  • Security verification data: information associated with anti-abuse and bot protection checks (including hCaptcha where applicable).
  • Marketplace listing data: active eBay listing data we receive from eBay APIs, such as listing titles, prices, shipping details, listing URLs, item IDs, item locations, listing start/end times, images, and condition details.

We collect information you provide directly, information automatically collected from your device/browser, and information from our service providers (for example, authentication and security providers) in connection with operating the Services.

3. How We Use Information

We use collected information to:

  • provide, operate, and maintain the Services;
  • authenticate users and secure accounts and sessions;
  • store and sync watchlists, alerts, and user preferences;
  • respond to support requests and product feedback;
  • send service-related communications (for example, verification emails, alerts, and security notices);
  • detect, investigate, and prevent abuse, fraud, and unauthorized access;
  • comply with applicable legal obligations and enforce our terms.

We use Google Sign-In data only to authenticate your account, secure sessions, and operate the Services. Card Pulse Beacon does not use Google Sign-In to access your Gmail, Google Drive, Google Calendar, contacts, or other Google services.

4. Legal Bases (EEA/UK Users)

If you are in the EEA or UK, we generally process personal data under one or more of these legal bases:

  • Performance of a contract (for example, creating and maintaining your account and requested features).
  • Legitimate interests (for example, platform security, service reliability, and fraud prevention).
  • Legal obligations (for example, responding to lawful requests).
  • Consent where required by law.

5. How We Share Information

We do not sell personal information. We may share personal information with service providers and processors that help us operate the Services, including:

  • Hosting and infrastructure providers (such as Vercel).
  • Database and authentication providers (such as Supabase).
  • Security and bot protection providers (such as hCaptcha).
  • Error monitoring and diagnostics tools when enabled by our configuration (such as Sentry).
  • Privacy-friendly web analytics providers that measure aggregate, non-personal site usage (such as Vercel Analytics).
  • Email delivery providers to send alerts and service communications, where applicable (such as Brevo).
  • Messaging and notification integration providers to deliver notification integrations you enable (such as Discord).
  • Browser/device push delivery services used to deliver web push notifications when enabled (for example, push services operated by browser vendors).
  • Marketplace data providers such as eBay, when we request active listing data, listing details, and related search results for eBay features.

We may also disclose information when required by law or when reasonably necessary to protect rights, safety, and security, and in connection with a merger, acquisition, financing, reorganization, bankruptcy, or asset sale, subject to applicable legal requirements.

We do not sell Google user data or use Google Sign-In data for advertising.

6. eBay Listing Data and Links

When you use eBay listing features, Card Pulse Beacon requests active listing and listing-detail data from eBay APIs in application-token mode. We use this data to show active listings, support eBay alert setup, identify listings you have already seen for alert dedupe, and send listing-alert notifications you configure.

eBay listing data may include listing titles, item IDs, item-group IDs, listing URLs, prices, shipping details, listing start and end times, images, item location, and condition information. eBay API responses can include public seller metadata; Card Pulse Beacon does not display seller names or feedback, does not use seller metadata for alerts or profiling, and redacts it from persisted eBay caches and app responses. We do not use eBay member account tokens, order data, messages, or other eBay account-linked user data in these features.

We cache eBay live-search and item-detail data for short periods to operate the Services reliably and reduce repeated API calls. Persisted eBay caches are short-lived and redacted where practical. Seen-listing IDs used for alert dedupe are retained only while needed: rows with a listing end timestamp are eligible for cleanup 7 days after listing end, and rows without listing end metadata are eligible for cleanup after 30 days.

If you open an eBay listing link from the Services, you leave Card Pulse Beacon and interact with eBay directly. eBay may process your information according to its own eBay Privacy Notice.

7. Cookies and Similar Technologies

Card Pulse Beacon does not use first-party advertising cookies. For aggregate, privacy-friendly web analytics we use Vercel Analytics, which does not use cookies, does not track visitors across sites, and does not collect personal information. Vercel Analytics generates an anonymous, rotating visitor hash derived from the incoming request to estimate unique visits, and the hash is not linked to your account or to any persistent identifier. You can review Vercel's handling of this data in the Vercel Analytics Privacy and Compliance documentation.

We do use operational logs and diagnostics to maintain reliability and protect the Services. Operational telemetry may include server logs, error reports, and performance metrics (for example, timestamps, request IDs, and device and browser details). These diagnostics are not cookie-based analytics.

We and our service providers may use cookies or similar technologies for authentication, security, and core functionality.

We do use browser storage features (such as localStorage) for core functionality, including items like search history, UI settings, and temporary cooldown timers.

If we change our analytics configuration in a material way (for example, by adopting a provider that uses cookies or collects personal information), we will update this Privacy Policy.

Some third-party security services may use cookies or similar storage technologies on pages where those services are active. This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.

Our Services currently do not respond to browser "Do Not Track" signals in a standardized way.

8. Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, meet legal obligations, resolve disputes, and enforce agreements. Retention periods vary depending on the type of data and purpose of processing.

9. Security

We use technical and organizational safeguards intended to protect personal information from unauthorized access, disclosure, alteration, and destruction. No system is completely secure, and we cannot guarantee absolute security.

10. International Transfers

Depending on your location, your information may be processed in countries other than your own. Our service providers may process data in the United States and other countries. Where required, we use appropriate safeguards for cross-border data transfers, including approved transfer mechanisms such as Standard Contractual Clauses and equivalent UK transfer addenda where applicable.

11. Your Rights and Choices

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal information, and to object to or restrict certain processing.

California residents may have rights under California privacy laws, including rights to know, delete, correct, and limit certain uses of personal information, subject to legal exceptions.

At this time, we do not sell personal information or share personal information for cross-context behavioral advertising.

To submit a privacy request, contact us at cardpulsebeacon@gmail.com. We may need to verify your identity before completing a request, and we aim to respond within the timeframe required by applicable law. Where required by law, you may also have the right to appeal our decision on a privacy request.

California residents may designate an authorized agent to submit requests on their behalf, subject to verification and applicable legal requirements.

12. Children's Privacy

The Services are not directed to children, and we do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us so we can take appropriate action.

13. Third-Party Links

Our Services may contain links to third-party websites and platforms. We are not responsible for the privacy practices of third-party services.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and take any additional notice steps required by law.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at cardpulsebeacon@gmail.com.