Skip to main content

Privacy Policy

Effective Date: October 30, 2025

This Privacy Policy describes how Galaxy Card Shop LLC, doing business as GalaxyGrails.io (“GalaxyGrails.io,” “we,” “our,” or “us”), collects, uses, and safeguards your personal information when you use GalaxyGrails.io and any related services, features, or communications (collectively, the “Services”).

By using the Services, you agree to this Privacy Policy. If you do not agree, please stop using GalaxyGrails.io.

Note: GalaxyGrails.io is operated by Galaxy Card Shop LLC and partners with Stripe for payments and wallet management, and with PSA Vault for physical card storage and shipment.
GalaxyGrails.io is not affiliated with, sponsored by, or endorsed by Professional Sports Authenticator (PSA), Certified Guaranty Company (CGC), or Beckett Grading Services (BGS).

1. Scope

This Privacy Policy applies to all personal information collected through GalaxyGrails.io, including account registration, pack purchases, wallet deposits or withdrawals, buyback transactions, live event participation, and customer support.
The Services are currently available only to residents of the United States.

2. Information We Collect

2.1 Information You Provide

We collect the following types of information directly from you when you use GalaxyGrails.io:

  • Account Information: Name, email address, username, and password.
  • Payment & Billing Details: Billing address, payment method details, and transaction identifiers (processed by Stripe).
  • Shipping Information: GalaxyGrails.io securely stores your shipping address in order to (1) facilitate shipping of vault withdrawals, (2) provide required details to Stripe for payment and fraud verification, and (3) comply with tax and shipping regulations.
  • Transaction & Wallet Data: Deposits, withdrawals, buybacks, and pack purchases.
  • Communications: Emails, chat messages, and customer support interactions.
  • Verification Information: Stripe may request identity verification data (e.g., date of birth, last four digits of SSN, or ID image) for compliance with U.S. financial regulations.

2.2 Information Collected Automatically

  • Device & Usage Data: IP address, browser type, operating system, device identifiers, session times, and interaction logs.
  • Analytics & Cookies: Cookies and similar technologies help authenticate users, monitor security, and improve performance. You may disable non-essential cookies in your browser settings, though this may impact functionality.

2.3 Information from Third Parties

  • Stripe: Provides payment processing, identity verification, and transaction confirmations.
  • PSA Vault: Receives only the data necessary to ship your cards (name, shipping address, and order ID). PSA Vault does not access or store analytics, payment, or communication data.
  • Analytics & Infrastructure Providers: Offer anonymized and aggregated metrics to improve site reliability and performance.

GalaxyGrails.io does not buy, sell, rent, or trade personal information with third parties.

3. How We Use Your Information

GalaxyGrails.io uses collected information to:

  1. Operate and maintain the Services, including live pack events, wallet features, and vault storage.
  2. Process payments and payouts, managed by Stripe using your stored billing and shipping details.
  3. Fulfill shipments of cards through PSA Vault.
  4. Verify identity and prevent fraud, including a standard 7-day withdrawal hold for new deposits.
  5. Communicate with you about transactions, account updates, and support issues.
  6. Comply with legal requirements, including tax, AML, and recordkeeping laws.
  7. Improve the user experience, through analytics and feature development.
  8. Provide public event history, replays, and fairness tools, including pack-event pages, event replays, and fairness reports that may display your username and pull history to other users and visitors on GalaxyGrails.io.

GalaxyGrails.io never uses your data for third-party marketing or profiling.

GalaxyGrails.io processes personal information under the following bases:

  • Performance of a contract: To provide and fulfill your purchases, payments, and shipments.
  • Legal obligations: To comply with financial, anti-fraud, and tax laws.
  • Legitimate interests: To maintain platform security and improve services.
  • Consent: For optional communications and analytics tracking.

5. How We Share Information

5.1 Service Providers

GalaxyGrails.io shares limited information with:

  • Stripe, Inc. — for payment processing, wallet payouts, and fraud prevention. Stripe requires billing and shipping addresses for regulatory compliance.
  • PSA Vault (Collectors Universe, Inc.) — for physical card storage and shipment only. PSA Vault does not receive any financial or communication data.
  • Hosting & Infrastructure Providers — for secure site operation and performance monitoring.
  • Randomness & Fairness Providers (e.g., Chainlink VRF and related blockchain infrastructure) — for generating verifiable randomness and supporting provably fair pack events. These providers may process technical metadata such as event identifiers or VRF request IDs but do not receive your billing details, email address, or shipping address from GalaxyGrails.io.

All third parties are under contractual obligations to process data only for the specified purposes and to maintain industry-standard security measures.

GalaxyGrails.io may disclose data:

  • To comply with applicable laws, subpoenas, or government requests;
  • To enforce our Terms of Service and prevent fraud or abuse;
  • To protect the rights, property, or safety of GalaxyGrails.io or its users.

5.3 Business Transfers

In case of a merger, acquisition, or asset sale, user data may transfer as part of the transaction. Any successor entity will remain bound by this Privacy Policy.

GalaxyGrails.io does not sell or share personal data for targeted advertising.

6. Data Security

GalaxyGrails.io employs robust technical, administrative, and physical safeguards, including:

  • Encryption of data in transit and at rest;
  • Tokenization of payment information by Stripe (GalaxyGrails.io never stores full card data);
  • Encrypted storage of shipping and billing addresses;
  • Role-based access control and security monitoring;
  • Periodic audits and vulnerability assessments.

While no online system is completely secure, GalaxyGrails.io follows industry best practices to minimize risk.

7. Data Retention

GalaxyGrails.io retains personal information only as long as necessary to:

  • Provide and maintain your account and Services;
  • Satisfy legal and financial recordkeeping obligations;
  • Prevent fraud or abuse;
  • Resolve disputes and enforce agreements.

After retention periods expire, data is securely deleted or anonymized.

8. Data Breach Notification

If a data breach compromises your personal information, GalaxyGrails.io will promptly notify affected users and authorities as required by law, describing the nature of the breach, the affected data, and corrective actions taken.

9. Your Rights and Choices

Depending on your state of residence, you may have the right to:

  • Access and receive a copy of your data;
  • Correct inaccurate or incomplete data;
  • Request deletion of your data;
  • Opt out of marketing emails;
  • Appeal a denied privacy request.

Requests can be made to [email protected]. GalaxyGrails.io may verify your identity before fulfilling your request. For more details on how to close your GalaxyGrails.io account (including withdrawing wallet balances and managing cards in storage), please review our Account Management guide or contact [email protected].

10. U.S. State Privacy Rights

Residents of California, Colorado, Connecticut, Delaware, Iowa, Oregon, Texas, Utah, and Virginia may have additional rights under state law, including:

  • The right to know what data is collected and for what purposes;
  • The right to request deletion or correction;
  • The right to receive a copy of your personal data;
  • The right to opt out of any sale or targeted advertising (GalaxyGrails.io does not engage in either).

To exercise these rights, contact [email protected].

11. International Transfers

GalaxyGrails.io primarily stores and processes data in the United States.
If data is transferred internationally (e.g., via Stripe’s infrastructure), such transfers are protected using encryption and legally recognized safeguards like Standard Contractual Clauses (SCCs).

12. Children’s Privacy

GalaxyGrails.io is intended for users 18 years and older.
We do not knowingly collect data from minors under 13.
If you believe a child has provided information, please contact [email protected] to have it deleted.

GalaxyGrails.io may link to third-party services such as Stripe or PSA Vault.
We are not responsible for their privacy practices. Please review their respective policies:

14. Updates to This Policy

GalaxyGrails.io may update this Privacy Policy periodically.
The Effective Date above reflects the most recent version.
If material changes occur, GalaxyGrails.io will notify users via email or on the website.
Continued use after updates constitutes acceptance of the revised Policy.

15. Contact Us

Email: [email protected]
Mail: Galaxy Card Shop LLC
2 Benton Road, Unit G-124
Travelers Rest, SC 29690, USA

16. Affiliation Disclaimer

GalaxyGrails.io is operated by Galaxy Card Shop LLC and is not affiliated with, sponsored by, or endorsed by Professional Sports Authenticator (PSA), Certified Guaranty Company (CGC), or Beckett Grading Services (BGS).
PSA Vault provides only physical storage and shipment of cards, under the direction of GalaxyGrails.io.

17. Summary

GalaxyGrails.io collects and securely stores only the information necessary to process payments, verify identity, manage vault storage, and ship collectibles.
We never sell your information or share it for advertising.
Your data is encrypted, access-controlled, and handled with transparency and care.