GradeX
Sign up

Legal

Privacy Policy

Last updated: June 16, 2026

1. Data controller

The GradeX service is published by:

Maxime Gadras, sole trader operating under the trade name GradeX.

Maxime Gadras is the data controller for the personal data collected and processed when using the GradeX service.

2. Data collected

GradeX may collect and process the following categories of data.

Account data

When creating or using an account, GradeX may process:

  • email address;
  • user identifier;
  • preferred language;
  • login information;
  • where applicable, name, profile picture or information provided through Google Sign-In if this feature is used.

GradeX does not access the user’s Gmail, Google Drive or other Google services.

Report-related data

To generate a visual condition report, the user may upload photos of cards. GradeX may process:

  • photos uploaded by the user;
  • information associated with the report;
  • results of the AI-assisted analysis;
  • generated public certificates;
  • associated QR codes and PDF files.

GradeX reports are generated only from the photos provided by the user. GradeX does not physically inspect the card.

Payment data

Payments are processed by Stripe. GradeX may receive or store certain information necessary to track purchases, such as:

  • transaction identifier;
  • purchased product or credit pack;
  • payment status;
  • amount paid;
  • purchase date.

GradeX does not store full payment card numbers. Payment information is processed by Stripe according to its own terms and privacy policy.

Technical data

GradeX may also process technical data necessary for the operation, security and improvement of the service, including:

  • IP address;
  • technical logs;
  • browser type;
  • session information;
  • application errors;
  • language preferences.

3. Purposes of processing

Data is processed for the following purposes:

  • creating and managing user accounts;
  • enabling access to the service;
  • managing credits and purchases;
  • allowing photo uploads;
  • generating AI-assisted visual condition reports;
  • creating shareable public certificates;
  • generating QR codes and PDF files;
  • ensuring service security;
  • preventing abuse or fraudulent use;
  • responding to support requests;
  • complying with applicable legal, accounting and tax obligations.

4. Legal basis

Depending on the case, processing is based on:

  • performance of a contract, when the data is necessary to provide the GradeX service;
  • GradeX’s legitimate interest, in particular to secure the service, prevent abuse and improve user experience;
  • compliance with legal obligations, including accounting, tax or payment-related obligations;
  • user consent when required, for example for certain optional features.

5. AI-assisted analysis

GradeX uses technical artificial intelligence services to analyze photos submitted by the user and generate a visual condition report.

Photos may be transmitted to technical AI service providers, including OpenAI, only to provide the analysis requested by the user.

The user understands that the result depends on the quality, clarity, accuracy and completeness of the uploaded photos. Blurry, incomplete, incorrect photos or photos that do not match the relevant card may lead to an inaccurate report.

GradeX does not use photos to physically authenticate a card, assign an official grade or estimate an official market value.

6. Public certificates

When a user generates a certificate, it may become accessible through a unique public URL.

Anyone with the public link may view the certificate unless it is revoked or deleted.

The public certificate may contain certain information from the report, such as the estimated visual condition, generated observations, images associated with the report and sharing elements such as the QR code or PDF file.

The user is responsible for sharing public certificates.

7. Recipients and service providers

Data may be processed by technical service providers necessary for the operation of GradeX, including:

  • Vercel, for website hosting and delivery;
  • Supabase, for authentication, database and storage;
  • Stripe, for payment processing;
  • OpenAI or other AI service providers, for AI-assisted analysis;
  • Google, if the user uses Google Sign-In.

These providers act only to enable the operation of the service. Some may process data outside the European Union according to their own compliance mechanisms and contractual safeguards.

GradeX does not sell users’ personal data.

8. Retention period

Account data is retained for as long as the user account exists.

Photos, reports, certificates, QR codes and PDF files are retained for as long as the account or relevant report exists, in order to provide access to the service, display reports and share certificates.

Certain data related to payments, invoices, transactions or legal obligations may be retained for a longer period in accordance with applicable accounting, tax and legal obligations.

Technical data and security logs are retained for a limited period proportionate to security, diagnostic and service operation needs.

The user may request deletion of their account or certain data by contacting GradeX at:

contact@gradex.cards

9. User rights

In accordance with applicable regulations, the user may exercise their rights over their personal data, including:

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to object;
  • right to data portability where applicable;
  • right to withdraw consent where processing is based on consent.

To exercise these rights, the user may contact GradeX at:

contact@gradex.cards

GradeX may request additional information to verify the identity of the person making the request.

The user may also lodge a complaint with the CNIL.

10. Security

GradeX implements reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration or disclosure.

However, no online service can guarantee absolute security. The user is responsible for keeping their login credentials confidential and for the use of their account.

11. Cookies and similar technologies

GradeX may use cookies or similar technologies necessary for the operation of the service, including to:

  • maintain the user session;
  • secure authentication;
  • remember certain preferences, such as language;
  • ensure the technical operation of the website.

If GradeX later uses cookies that are not strictly necessary, for example for analytics or marketing purposes, additional information will be provided and user consent will be requested when required.

12. Use by minors

GradeX is not intended to be used by children without the authorization of their legal representative.

If a parent or legal representative believes that a minor has submitted personal data to GradeX without authorization, they may contact GradeX at:

contact@gradex.cards

13. Changes to this Privacy Policy

GradeX may update this Privacy Policy to reflect changes to the service, regulations or service providers used.

The last updated date shown at the top of the page identifies the applicable version.