Privacy Policy

Your privacy is important to us. This policy explains how we handle your data.

India Compliance Note: This Privacy Policy template has been adapted to align with Indian legal and regulatory considerations, including the Digital Personal Data Protection Act, 2023 (DPDP Act), Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and related Indian consumer protection and e-commerce regulations. Businesses should still obtain independent legal review before implementation.

 

Welcome to PTCG. We are committed to protecting your privacy and safeguarding the personal information entrusted to us through our trading card grading, authentication, encapsulation, marketplace, membership, and related services.

This Privacy Policy explains how we collect, use, disclose, process, store, and protect your information when you interact with our website, mobile applications, customer support channels, grading submission systems, promotional campaigns, events, and any other products or services operated by us (collectively, the “Services”).

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to:

  • Visitors to our website;

  • Customers submitting trading cards or collectibles for grading or authentication;

  • Users creating online accounts;

  • Buyers and sellers using our marketplace or vault services;

  • Participants in promotions, contests, surveys, or events;

  • Individuals communicating with our customer service team;

  • Business partners, dealers, vendors, and affiliates interacting with us.

This Privacy Policy does not apply to:

  • Third-party websites linked through our Services;

  • Independent dealers or resellers not controlled by us;

  • Payment processors operating independently;

  • Social media platforms or external communities.

We encourage you to review the privacy practices of third-party services separately.

2. Information We Collect

We may collect several categories of information depending on how you interact with our Services.

2.1 Personal Information You Provide

We may collect personal information that you voluntarily provide, including:

  • Full name;

  • Email address;

  • Billing address;

  • Shipping address;

  • Telephone number;

  • Date of birth;

  • Government-issued identification when required for fraud prevention or compliance;

  • Username and password;

  • Account profile information;

  • Payment-related details;

  • Communication preferences;

  • Customer service correspondence;

  • Photos, scans, or descriptions of collectibles;

  • Insurance declarations and shipment documentation.

2.2 Submission and Collectible Information

When you submit collectibles for grading or authentication, we may collect:

  • Trading card details;

  • Set names and release information;

  • Serial numbers;

  • Certification numbers;

  • Card images and scans;

  • Estimated values;

  • Ownership or provenance documentation;

  • Shipment tracking information;

  • Historical grading data;

  • Condition reports.

2.3 Payment Information

Payments may be processed by third-party payment processors. We may receive limited information related to transactions, such as:

  • Transaction identifiers;

  • Payment confirmation;

  • Partial card details;

  • Billing metadata;

  • Refund status.

We do not store full payment card numbers unless specifically disclosed and secured according to applicable industry standards.

2.4 Automatically Collected Information

When you access our Services, we may automatically collect:

  • IP address;

  • Browser type;

  • Device identifiers;

  • Operating system;

  • Language settings;

  • Access times;

  • Pages viewed;

  • Clickstream data;

  • Referral URLs;

  • Geographic location data;

  • App usage analytics;

  • Session identifiers;

  • Cookie and tracking technology data.

2.5 Information from Third Parties

We may receive information from:

  • Payment processors;

  • Shipping providers;

  • Marketplace partners;

  • Authentication databases;

  • Fraud prevention vendors;

  • Social media platforms;

  • Marketing and analytics providers;

  • Public databases;

  • Event organizers.

3. How We Use Your Information

We may use your information for legitimate business and operational purposes, including to:

  • Provide grading and authentication services;

  • Process submissions and returns;

  • Create and manage customer accounts;

  • Process payments and refunds;

  • Verify identity and prevent fraud;

  • Communicate service updates;

  • Respond to inquiries and customer support requests;

  • Provide shipment tracking;

  • Maintain grading population reports;

  • Generate certification records;

  • Operate marketplace or vault services;

  • Improve grading consistency and quality assurance;

  • Conduct analytics and research;

  • Monitor service performance;

  • Personalize user experiences;

  • Send promotional communications;

  • Administer promotions and loyalty programs;

  • Enforce our Terms and Conditions;

  • Protect the rights, property, and safety of the Company and others;

  • Comply with legal obligations.

We may aggregate or anonymize information for statistical, research, or operational purposes.

4. Legal Bases for Processing

Depending on your jurisdiction and applicable Indian law, we process personal information based on:

  • Consent provided by the user;

  • Performance of contractual obligations;

  • Compliance with legal obligations;

  • Legitimate uses permitted under applicable law;

  • Fraud prevention and security purposes;

  • Compliance with law enforcement or regulatory requests.

4.1 Compliance with Indian Laws

Where applicable, we process personal data in accordance with:

  • The Digital Personal Data Protection Act, 2023 (DPDP Act);

  • The Information Technology Act, 2000;

  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;

  • Consumer Protection Act, 2019;

  • Applicable taxation, anti-money laundering, and e-commerce regulations.

Where consent is required under Indian law, consent may be obtained electronically through:

  • Website forms;

  • Account registration;

  • Submission agreements;

  • Checkbox acknowledgements;

  • Digital communications;

  • Electronic signatures.

Users may withdraw consent at any time by contacting us, subject to legal and contractual limitations.

5. Cookies and Tracking Technologies

We use cookies, pixels, SDKs, analytics tools, and similar technologies to:

  • Maintain user sessions;

  • Remember preferences;

  • Improve site functionality;

  • Analyze traffic patterns;

  • Personalize content;

  • Deliver advertising;

  • Measure campaign effectiveness;

  • Prevent fraud and abuse.

5.1 Types of Cookies We Use

Essential Cookies

Necessary for operation of the Services.

Performance and Analytics Cookies

Help us understand user behavior and improve functionality.

Functional Cookies

Remember user preferences and settings.

Advertising Cookies

Used to provide relevant advertising and measure marketing effectiveness.

You may control cookies through browser settings; however, disabling certain cookies may affect functionality.

6. Marketing Communications

We may send promotional emails, newsletters, event announcements, grading specials, or product updates.

You may opt out of marketing communications at any time by:

  • Clicking the unsubscribe link;

  • Updating account preferences;

  • Contacting customer support.

Even if you opt out of marketing messages, we may still send transactional or service-related communications.

7. Sharing and Disclosure of Information

We may disclose information in the following circumstances:

7.1 Service Providers

We may share information with trusted vendors and contractors who assist with:

  • Payment processing;

  • Shipping and logistics;

  • Data hosting;

  • Security monitoring;

  • Analytics;

  • Marketing;

  • Customer support;

  • Cloud infrastructure;

  • Identity verification.

These parties are contractually obligated to protect your information.

7.2 Business Transfers

Information may be transferred during:

  • Mergers;

  • Acquisitions;

  • Asset sales;

  • Bankruptcy proceedings;

  • Corporate restructuring.

7.3 Legal and Regulatory Compliance

We may disclose information when required to:

  • Comply with laws or regulations;

  • Respond to lawful requests;

  • Enforce our agreements;

  • Protect rights and safety;

  • Investigate fraud or misconduct.

7.4 Marketplace and Public Information

Certain collectible-related information may be publicly visible, including:

  • Certification numbers;

  • Grading details;

  • Population reports;

  • Public registries;

  • Card images;

  • Historical sales information.

This information may remain visible even after account closure where necessary for authentication integrity and market transparency.

8. Data Retention

We retain information for as long as necessary to:

  • Provide Services;

  • Maintain grading records;

  • Comply with legal obligations;

  • Resolve disputes;

  • Prevent fraud;

  • Enforce agreements;

  • Preserve historical authentication integrity.

Retention periods may vary depending on:

  • Applicable law;

  • Transaction history;

  • Regulatory requirements;

  • Security needs;

  • Operational requirements.

Even after deletion requests, certain information may be retained in backups, archives, audit logs, or immutable certification systems where legally permitted.

9. Data Security

We implement commercially reasonable administrative, technical, operational, and physical safeguards designed to protect personal information.

Security measures may include:

  • Encryption;

  • Access controls;

  • Secure authentication systems;

  • Multi-factor authentication;

  • Secure payment processing;

  • Network monitoring;

  • Vulnerability testing;

  • Employee confidentiality obligations;

  • Physical facility protections;

  • Restricted database access;

  • Logging and audit systems.

Where applicable under Indian law, we endeavor to maintain reasonable security practices and procedures consistent with recognized industry standards and the Information Technology Act, 2000 and associated rules.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries outside India where our service providers, cloud infrastructure providers, logistics partners, affiliates, or technology vendors operate.

These jurisdictions may have different data protection laws than India.

Where required, we implement reasonable safeguards for international transfers, including:

  • Contractual protections;

  • Data processing agreements;

  • Access restrictions;

  • Security controls;

  • Vendor due diligence.

By using our Services, you acknowledge and consent to the transfer, storage, and processing of your information outside India where legally permissible.

11. User Rights and Choices

Subject to applicable law, including the Digital Personal Data Protection Act, 2023, users may have rights regarding their personal information, including:

  • Right to access information about processing;

  • Right to correction and updating;

  • Right to erasure of personal data;

  • Right to withdraw consent;

  • Right to grievance redressal;

  • Right to nominate another individual in accordance with applicable law;

  • Right to request details regarding data sharing;

  • Right to complain to applicable regulatory authorities.

To exercise these rights, users may contact us using the contact information provided below.

We may verify identity before processing requests.

Certain rights may be restricted where retention is necessary for:

  • Legal compliance;

  • Fraud prevention;

  • Authentication integrity;

  • Taxation and accounting obligations;

  • Security and dispute resolution;

  • Ongoing contractual obligations.

12. Indian User Disclosures

For users located in India, the following additional disclosures apply:

12.1 Consent-Based Processing

By submitting personal information through our Services, users consent to collection, storage, processing, and use of information for the purposes described in this Privacy Policy.

12.2 Grievance Officer

In accordance with applicable Indian laws, users may contact our designated Grievance Officer regarding complaints or concerns relating to processing of personal information.

Grievance Officer: [Insert Name]
Email: [Insert Email]
Address: [Insert Address]
Response Time: [Insert Timeframe]

12.3 Sensitive Personal Data or Information

Where applicable, certain categories of information may be treated as sensitive personal data or information under Indian regulations.

We take reasonable steps to:

  • Limit collection to necessary purposes;

  • Protect sensitive information;

  • Restrict unauthorized access;

  • Maintain appropriate safeguards.

12.4 Data Retention in India

We may retain records as required under:

  • Taxation laws;

  • Anti-fraud requirements;

  • Accounting standards;

  • Consumer protection obligations;

  • Legal and regulatory investigations.

13. EEA, UK, and International Users

If you are located outside India, including within the European Economic Area (EEA) or the United Kingdom, additional rights may apply under local data protection laws, including GDPR.

Where legally required, we may:

  • Provide additional notices;

  • Obtain specific consent;

  • Facilitate data access requests;

  • Support deletion or portability requests.

International users acknowledge that information may be processed in India and other jurisdictions where our service providers operate.

14. Children’s Privacy

Our Services are not directed to children under the age required by applicable law without parental consent.

We do not knowingly collect personal information from children unlawfully. If you believe a child has provided personal information improperly, please contact us so we can take appropriate action.

15. Third-Party Services and Links

Our Services may contain links to third-party websites, marketplaces, auction houses, payment services, social media platforms, or integrations.

We are not responsible for:

  • Third-party privacy practices;

  • Third-party security;

  • Content on external services;

  • Independent business operations.

Your interactions with third-party services are governed by their own terms and privacy policies.

16. Artificial Intelligence and Automated Processing

We may use automated systems, machine learning tools, or image analysis technologies to assist with:

  • Fraud detection;

  • Image enhancement;

  • Submission processing;

  • Quality assurance;

  • Data categorization;

  • Customer support automation.

Automated tools are generally used to support—not replace—human review in grading and authentication decisions unless otherwise disclosed.

17. Security Incident and Breach Notification

In the event of a security incident involving personal information, we may:

  • Investigate the incident;

  • Mitigate potential harm;

  • Notify affected individuals;

  • Notify regulators or authorities where required by law;

  • Implement corrective measures.

Notification timing and content may vary depending on applicable legal requirements and the nature of the incident.

18. User-Generated Content and Community Features

If our Services include forums, showcases, registries, comments, or marketplace features, information you voluntarily post may become publicly accessible.

You should exercise caution when sharing personal information publicly.

We are not responsible for information disclosed voluntarily through public features.

19. Shipment, Insurance, and Risk Information

To facilitate grading submissions and returns, we may collect and share information with shipping carriers and insurance providers.

This may include:

  • Shipment addresses;

  • Tracking numbers;

  • Declared values;

  • Insurance claims information;

  • Signature confirmations;

  • Customs documentation.

Users are responsible for ensuring accuracy of shipment and insurance information.

20. Fraud Prevention and Authentication Integrity

To preserve trust in the collectibles ecosystem, we may maintain permanent or long-term records relating to:

  • Certification authenticity;

  • Fraud investigations;

  • Counterfeit detection;

  • Tampering reports;

  • Provenance disputes;

  • Grading audits.

We reserve the right to share relevant information with law enforcement, marketplace partners, insurers, or affected parties when necessary to combat fraud or protect the integrity of grading systems.

21. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

Changes may occur due to:

  • Legal developments;

  • Operational changes;

  • Technology updates;

  • New services;

  • Security improvements.

When changes are made, we may:

  • Update the effective date;

  • Post revised policies on our website;

  • Provide notices through email or account notifications where required.

Your continued use of the Services after updates constitutes acceptance of the revised Privacy Policy unless prohibited by law.

22. Contact Information

If you have questions, concerns, requests, or grievances regarding this Privacy Policy or our handling of personal information, please contact:

[Company Name]
[Registered Office Address]
[City, State, PIN Code]
India
Email: [Privacy Email Address]
Phone: [Phone Number]
Website: [Website URL]

Grievance Officer

Pursuant to applicable Indian law, users may also contact our designated Grievance Officer:

Name: [Insert Name]
Email: [Insert Email]
Phone: [Insert Phone Number]
Address: [Insert Address]

23. Additional Jurisdiction-Specific Disclosures

Depending on where you reside, additional privacy rights or disclosures may apply under local laws.

These may include:

  • Consumer privacy rights;

  • Data localization requirements;

  • Biometric information disclosures;

  • Marketing consent requirements;

  • Cookie consent obligations;

  • Government reporting obligations.

Where required, jurisdiction-specific supplements may be provided separately and incorporated into this Privacy Policy.

24. Acceptance of This Policy

By accessing or using our Services, submitting collectibles, creating an account, or otherwise interacting with us, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of information as described herein.

If you do not agree with this Privacy Policy, you should discontinue use of the Services.

Disclaimer

This Privacy Policy template is provided for informational purposes only and does not constitute legal advice. Privacy laws vary by jurisdiction, and businesses should consult qualified legal counsel to ensure compliance with all applicable laws and regulations.