N
nostalgic.cards
Waitlist
← back to home

Privacy Policy

Last updated: April 14, 2026

Nostalgic Cards is a small family-run subscription service for vintage Pokémon trading cards. We take privacy seriously, partly because we have to, and partly because we’d be embarrassed to do otherwise in front of our kid. This page describes what we collect, why, and how to get us to stop.

Short version: we collect the minimum needed to ship you a box of cards and handle your subscription. We don’t sell data to advertisers, and our third-party list is short and common. Contact: hello@nostalgic.cards.

What we collect

When you subscribe

  • Email address — for order updates, magic-link sign-in, and the occasional service-related email (shipping confirmation, credit earned, etc.).
  • Name and shipping address — collected at checkout, stored so we can mail you cards.
  • Payment method — never touches our servers. Card details go directly to Stripe, our payment processor. We store only a reference ID (a cus_... string) so we know which Stripe customer is you.

Automatically, when you use the site

  • Session cookies— short random tokens we use to remember you’re signed in. No tracking across sites.
  • Referral cookie— if you arrive via a friend’s referral link (/r/<code>), we drop a cookie that expires after 30 days so we can credit your friend if you subscribe.
  • Server logs — standard stuff: IP address, user agent, timestamps, paths. Kept for debugging + security for 30 days, then rotated out.

We don’t use Google Analytics, Facebook Pixel, TikTok pixels, or any other ad/analytics tracker. If we add product analytics later (e.g., PostHog, Plausible), we’ll update this page first.

Who we share data with

We use a small number of third parties to run the business. Each one sees only the minimum needed for its job.

  • Stripe — payment processing + subscription management. Sees: email, name, billing + shipping address, card details (direct from your browser), transaction history.
  • Resend — sends our transactional emails (magic link, welcome, credit earned, shipping). Sees: your email address, email contents.
  • Neon — our database host. Stores: everything above in encrypted databases.
  • Google Cloud — hosts the website + admin dashboard (Cloud Run, Secret Manager).
  • Carriers (USPS, UPS, FedEx) — whichever we use to ship your box. They see name + shipping address.

We do notsell, rent, or trade your information to anyone. We don’t share it with advertisers. We don’t have a “data partners” program.

How long we keep data

  • Active subscription:as long as you’re subscribed, plus up to 7 years for tax + accounting records (required by law).
  • After you cancel: we keep your order history for tax purposes. Personal details beyond that are deleted or anonymized within 30 days of your written request.
  • Server logs: 30 days.

Your rights

Regardless of where you live, you can email us at hello@nostalgic.cards to:

  • See a copy of everything we have on you
  • Correct anything wrong
  • Delete your account (subject to the tax-record exception above)
  • Cancel your subscription (also doable yourself via the billing portal at nostalgic.cards/account)

If you’re in California, the EU, the UK, or another jurisdiction with specific privacy statutes (CCPA, GDPR, etc.), you have additional rights under those laws and we’ll honor them. Email us for a full data export or to exercise them.

Children

Nostalgic Cards is intended for adults. We do not knowingly collect information from anyone under 13. The cards are often purchased forchildren, but the account belongs to the adult. If you believe we’ve accidentally collected information about a child, email us and we’ll delete it.

Security

We store data encrypted at rest + in transit. Card details never touch our servers (Stripe handles that directly from your browser). Admin access to the database is gated by allowlisted Google accounts with two-factor auth. We aren’t a bank, but we take this as seriously as a side project reasonably can.

Changes to this policy

If we change this policy in a way that meaningfully affects how we handle your data, we’ll email active subscribers with the diff and a plain-English summary. Small typo-level fixes we won’t spam you about, but the “Last updated” date at the top will change.

Contact

hello@nostalgic.cards. We’re a real family, not a corporation, and we try to answer quickly.