Privacy Policy

OneShot Cards (the "Service", accessible at https://cards.kaibaseball.com) is an information-lookup and personal collection-management platform for Topps Now collectible cards. This Service is not affiliated with Topps Company, Inc. Card images and related metadata are sourced from publicly-accessible Topps product pages; all intellectual property remains with the respective rights holders.

When you sign in via a third-party provider (Google or LINE), we receive:

• A provider-issued unique identifier (Google sub, LINE user ID)
• Public display name and avatar URL
• Email address, if the provider authorizes it

While using the Service we may store:

• Your in-app interactions (e.g. saved/owned cards, browsing preferences, completed tasks)
• In-app interaction records after sign-in (card views, searches, filters, recommendation clicks), used to provide membership levels and improve recommendations
• Technical data needed to provide functionality and improve your experience (e.g. login state, necessary preferences)

We collect only what is necessary to provide and improve the Service. We do notcollect images beyond card thumbnails, location data, contact lists, or any other personal information unrelated to the Service's functionality.

• Authenticating you and maintaining your login session
• Displaying your collection list, task progress, and personalized content
• Providing personalized recommendations and service messages based on your activity (e.g. new card releases, cards you may be interested in)
• Debugging, quality-of-service analysis, and feature improvements

We do not sell personal data to any third party.

• Supabase — database, authentication, session management. Data is stored in Japan.
• Google Identity / LINE Login— used solely for login; subject to each provider's privacy policy.
• Cloudflare Pages— static hosting and CDN; may log standard server telemetry (IP, User-Agent) per Cloudflare's policy.
• Topps / Shopify CDN — image source; requests for card images are routed to their servers.

We store your login session in your browser (managed by Supabase) and use cookies along with third-party tools for analytics, personalization, and Service-related marketing. You can decline tracking via your browser settings, or remove your login state by signing out or clearing your browser data.

Account data is retained until you actively delete or disable your account. You may email [email protected] to request to access, copy, correct, or delete your personal data; we will respond within 30 days.

All traffic is encrypted via HTTPS. Database access is gated by Supabase Row Level Security (RLS) — your collection/task records are accessible only to your own account. We apply commercially reasonable measures but cannot guarantee absolute security of data transmission over the internet.

The Service is not directed to children under 13. If we become aware of unintentional collection of a minor's data, we will delete it promptly.

We may revise this Policy. Material changes will be announced on this page with an updated "Last updated" date. Continued use of the Service constitutes acceptance of the revised Policy.

Questions about this Policy? Email us at [email protected].