Legal

Privacy Policy

LAST UPDATED · MAY 23, 2026

This Privacy Policy explains what we collect, what we do with it, and what we never do. By using Popinspect you consent to the practices described here. If you don't agree, please don't use the service.

What we collect

  • Account info — your email address and (optionally) first name. Managed by our identity partner Clerk. Authentication never sees your password in plaintext.
  • Pre-grade content — the photos you upload for inspection, plus any metadata you attach (series, figure name, variant, notes). Images live in DigitalOcean Spaces; metadata lives in our database.
  • Payment metadata — for PayPal purchases we store the order id, the pack purchased, amount, and the email PayPal returns. We never store card numbers — PayPal handles payment data on their side.
  • Usage data — Google Analytics (event-level, no card data). We track page views, sign-up, login, begin_checkout, purchase, pre-grade started/completed, contact submissions, and onboarding completion. Anonymous IP truncation is enabled.

What we don't do

  • We don't sell your data.
  • We don't share your photos with third parties beyond OpenAI for the model call.
  • We don't use your photos to train the model unless you explicitly opt in via support.
  • We don't embed cross-site trackers, ad pixels, or session replay tools.

Sub-processors

The third parties we share data with are limited to the providers that make the service work:

  • Clerk — authentication, session management
  • OpenAI — computer-vision model that performs the pre-grade analysis
  • PayPal — payment processing
  • DigitalOcean — hosting + image storage (Spaces)
  • Vercel — frontend hosting + edge CDN
  • Google Analytics — anonymized usage analytics (GA4)
  • SendGrid — transactional email (only if you trigger one)

Each sub-processor has its own privacy policy. Their handling of your data is bounded by their respective Data Processing Agreements.

Public reports

When you click Share on a pre-grade report, we mint a public token. Anyone with that token can see the score, the breakdown, and the photos. Your email and account info are NEVER exposed on a shared report. You can revoke the share token at any time from the report (deletes the link; existing copies stop working).

Retention

Pre-grade reports and the photos behind them stay in your vault for the life of your account. If you delete your account, we delete your photos and reports within 30 days, except where retention is required by law (payment records — 7 years for tax purposes).

Your rights

You can: (a) download your data, (b) request deletion, (c) opt out of analytics, (d) correct personal information. Send a request to privacy@popinspect.com and we'll respond within 30 days. EU residents: this policy is intended to comply with the GDPR. California residents: we honor CCPA "do not sell" (we don't sell anyway).

Cookies

We use only first-party cookies needed for the site to function (Clerk session, theme, consent) plus the Google Analytics cookie. No advertising cookies. No cross-site trackers.

Children

Popinspect is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe we have, contact us and we'll delete it.

Changes to this Policy

We'll post material changes here at least 14 days before they take effect, and email active users for any change that affects what data we collect.

Contact

Privacy questions: privacy@popinspect.com · General support: popinspect.com/contact.

POPINSPECT INC. · NOT AFFILIATED WITH PSA / CGC / BECKETT / FUNKO

Privacy Policy · Popinspect