Privacy Policy

Effective Date: May 31, 2026

This Privacy Policy describes how GalaxyGrails.io LLC, a Delaware limited liability company (“GalaxyGrails.io,” “we,” “our,” or “us”), collects, uses, and safeguards your personal information when you use GalaxyGrails.io and any related services, features, or communications (collectively, the “Services”).

By using the Services, you agree to this Privacy Policy. If you do not agree, please stop using GalaxyGrails.io.

Note: GalaxyGrails.io is operated by GalaxyGrails.io LLC and partners with Stripe for payments and identity verification, and with a third-party vault custodian for physical card storage and shipment. GalaxyGrails.io is not affiliated with, sponsored by, or endorsed by any grading or vault service referenced in connection with the Services.

1. Scope

This Privacy Policy applies to all personal information collected through GalaxyGrails.io, including account registration, pack purchases, deposits or withdrawals, buyback transactions, live event participation, and customer support.
The Services are currently available only to residents of the United States.

Residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia: Please see state-specific disclosures in Section 8, "U.S. State Privacy Rights," below.

2. Information We Collect

2.1 Information You Provide

We collect the following types of information directly from you when you use GalaxyGrails.io:

Account Information: Name, email address, username, password, and (optionally) profile picture.
Payment & Billing Details: Billing address, payment method details, and transaction identifiers (processed by Stripe).
Shipping Information: GalaxyGrails.io securely stores your shipping address in order to (1) facilitate shipping of vault withdrawals via our vault custodian, (2) provide required details to Stripe for payment and fraud verification, and (3) comply with tax and shipping regulations.
Transaction & Account Data: Deposits, withdrawals, buybacks, pack purchases, points earned and redeemed, monthly leaderboard rank, and referral activity.
Communications: Emails, live chat messages, chat reactions, and customer support interactions, including any moderation actions taken on those messages (e.g., timeouts, deletions, or bans).
Verification Information: Stripe may request identity verification data (e.g., full legal name, date of birth, government-issued photo ID, and a live selfie for biometric comparison) for compliance with U.S. financial regulations. GalaxyGrails.io does not directly store copies of your identity documents or biometric data; this information is processed and retained by Stripe Identity.

2.2 Information Collected Automatically

Device & Usage Data: IP address, browser type, operating system, device identifiers, session times, and interaction logs.
Usage Information: How you interact with the Services, such as pages visited, features used, time spent on pages, and other activity within GalaxyGrails.io.
Analytics & Cookies: Cookies and similar technologies help authenticate users, monitor security, and improve performance. For more detail, see Section 7 ("Your Rights and Choices") below.

2.3 Third-Party Service Relationships

Stripe: Provides payment processing, identity verification, and transaction confirmations. We may receive transaction status, verification results, and fraud signals from Stripe.
Vault custodian: Our third-party vault custodian receives only the data necessary to ship Items (name, shipping address, and order identifier). The vault custodian does not access or store analytics, payment, or communication data.
Analytics & Infrastructure Providers: Offer anonymized and aggregated metrics to improve site reliability and performance.

GalaxyGrails.io does not buy, sell, rent, or trade personal information with third parties.

3. How We Use Your Information

GalaxyGrails.io uses collected information to:

Operate and maintain the Services, including Pack Events, Account Funds features, vault storage, the Loyalty Program, and the live chat.
Process payments and payouts, managed by Stripe using your stored billing and shipping details.
Fulfill shipments of Items through our vault custodian.
Verify identity and prevent fraud, including KYC verification through Stripe Identity and security holds on certain transactions.
Communicate with you about transactions, account updates, support issues, and (where you have opted in or are otherwise permitted) product announcements.
Comply with legal requirements, including tax, AML, and recordkeeping laws.
Improve the user experience, through analytics, A/B testing, and feature development.
Moderate live chat and other public surfaces, including via automated profanity and link filtering, rate limiting, and admin-issued timeouts, bans, or message deletions, in order to keep the community safe and on-topic.
Provide public event history, replays, fairness tools, and leaderboards, including pack-event pages, event replays, monthly points leaderboards, and fairness reports that may display your username, points balance, leaderboard rank, and pull history to other users and visitors on GalaxyGrails.io.

GalaxyGrails.io never uses your data for third-party marketing or profiling.

4.1 Service Providers

GalaxyGrails.io shares limited information with:

Stripe, Inc. — for payment processing, payouts, and fraud prevention. Stripe requires billing and shipping addresses for regulatory compliance.
Our vault custodian — for physical Item storage and shipment only. The vault custodian receives only the data necessary to fulfill shipments (e.g., name, shipping address, order identifier) and does not receive any financial or communication data.
Hosting & Infrastructure Providers — for secure site operation and performance monitoring.
Randomness and Fairness Providers — for generating verifiable randomness used in the selection of Items. These providers process technical metadata only and do not receive your billing details, email address, or shipping address from GalaxyGrails.io.

All third parties are under contractual obligations to process data only for the specified purposes and to maintain industry-standard security measures.

4.2 Legal and Regulatory Disclosures

GalaxyGrails.io may disclose data:

To comply with applicable laws, subpoenas, or government requests;
To enforce our Terms of Service and prevent fraud or abuse;
To protect the rights, property, or safety of GalaxyGrails.io or its users.

4.3 Business Transfers

In case of a merger, acquisition, or asset sale, user data may transfer as part of the transaction. Any successor entity will remain bound by this Privacy Policy.

4.4 Referred Users

If you refer another user through our referral program, your referral dashboard displays limited information about users who signed up through your referral link — their username, the date they joined, and the commissions their qualifying activity has generated for you — so you can track your referral earnings. Likewise, if you sign up through someone else's referral link, that referrer can see this limited information about your account.

GalaxyGrails.io does not sell or share personal data for targeted advertising.

5. Data Security

GalaxyGrails.io employs robust technical, administrative, and physical safeguards, including:

Encryption of data in transit and at rest;
Tokenization of payment information by Stripe (GalaxyGrails.io never stores full card data);
Encrypted storage of shipping and billing addresses;
Role-based access control and security monitoring;
Periodic audits and vulnerability assessments.

While no online system is completely secure, GalaxyGrails.io follows industry best practices to minimize risk.

6. Data Retention

GalaxyGrails.io retains personal information only as long as necessary to:

Provide and maintain your account and Services;
Satisfy legal and financial recordkeeping obligations;
Prevent fraud or abuse;
Resolve disputes and enforce agreements.

After retention periods expire, data is securely deleted or anonymized.

7. Your Rights and Choices

7.1 Email Preferences

You can opt out of marketing or promotional emails at any time by clicking the "Unsubscribe" link in any such email or by contacting [email protected]. Even if you opt out, we may still send transactional communications regarding your account, purchases, shipments, or support requests.

GalaxyGrails.io uses the following categories of cookies:

Essential / Strictly Necessary: Required for the Services to function and cannot be disabled.
Functional: Enable features like saved preferences, including a short-lived referral attribution cookie that records the referral code you arrived with so we can credit the referring user if you sign up. Disabling these may impact some functionality.
Analytics / Performance: Collect usage data to improve the Services. These can be disabled in your browser settings.
Marketing / Advertising: GalaxyGrails.io does not use marketing or targeted advertising cookies.

7.3 Do Not Track

As of the Effective Date, there is no commonly accepted standard response to Do Not Track (DNT) signals. GalaxyGrails.io does not currently respond to DNT signals.

7.4 Global Privacy Control (GPC)

Where required by applicable law, GalaxyGrails.io will honor opt-out preference signals from Global Privacy Control (GPC). For more information, visit globalprivacycontrol.org.

7.5 State-Specific Rights

Depending on your state of residence, you may have additional rights to access, correct, delete, or appeal regarding your personal information. See Section 8 ("U.S. State Privacy Rights") below for the full list and instructions on how to exercise these rights. For account closure specifically, see Section 7.6 below or the Account Management guide.

7.6 Account Closure and Right to Erasure

You may request closure of your account and deletion of your personal information at any time by emailing [email protected] with the subject line "Account Closure Request" or "Data Deletion Request." Before we can process the request, you must withdraw your Account Funds balance, accept the buyback or request shipment of any cards remaining in vault custody under your account, and resolve any pending disputes.

Once these prerequisites are complete, an authorized GalaxyGrails.io administrator will process the erasure. We will:

Remove or scramble identifying personal information associated with your account (including your name, email, username, password hash, profile picture, referral code, and identity-verification session identifier);
Revoke all active sessions and refresh tokens; and
Mark your account as deleted on our systems.

Retained records. Certain information is retained for legal, financial, anti-fraud, and tax compliance purposes even after an erasure, including: financial transactions (deposits, withdrawals, buybacks, refunds, disputes, balance ledger entries), pull and event participation history, shipment records, chat moderation logs, identity-verification status, and Stripe customer/account identifiers. These records are retained under a legal-obligation basis for the periods required by applicable law (typically 5–7 years for tax records, longer where required by AML or anti-fraud rules). Where retention is required, the underlying user identifier remains stable so the record can still be reconciled, but personally-identifying fields are scrubbed.

Stripe Identity data. Identity verification documents (government ID, selfie, biometric data) are processed and retained by Stripe Identity, not by GalaxyGrails.io, and are governed by Stripe's data-handling practices. To request deletion of verification data held by Stripe, you may contact Stripe directly at [email protected] in addition to your request to us.

8. U.S. State Privacy Rights

The following disclosures apply to residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia.

8.1 Categories of Personal Information Collected

See Section 2 ("Information We Collect") for a full description. Categories include: identifiers (name, email, address, account credentials); commercial information (transaction, purchase, points, and leaderboard history); device and internet activity information; financial information (processed by Stripe); biometric and identity-verification information (processed by Stripe Identity); sensitive personal information as defined by California law (e.g., account login credentials and payment-card information, processed in connection with operating the Services and not used for any other purpose); and user-generated content (live chat messages and moderation history).

8.2 Purposes for Collection

See Section 3 ("How We Use Your Information") for the business and operational purposes for which we collect personal information.

8.3 Retention

GalaxyGrails.io retains personal information for the period necessary to fulfill the purposes described in this Policy, unless a longer period is required by law. We may be required to retain certain data after our relationship with you ends to satisfy legal or regulatory obligations.

8.4 Sale and Targeted Advertising

GalaxyGrails.io does not sell personal information and does not share personal information for targeted advertising purposes.

8.5 Your State Law Rights

You may have the right to:

Access / Know: Confirm whether we process your personal information and request access to specific pieces we hold about you.
Correct: Request correction of inaccurate personal information.
Delete: Request deletion of personal information we have collected from you. Note that exercising this right may affect our ability to provide certain Services.
Opt-Out of Sale / Targeted Advertising: GalaxyGrails.io does not sell data or engage in targeted advertising. No opt-out is required, but you may still submit a request to confirm.
Appeal: If your request is denied, you may appeal by contacting [email protected] and including "Privacy Request Appeal" in the subject line.

We will not discriminate against you for exercising any of the above rights.

8.6 How to Exercise Your Rights

Submit a request by emailing [email protected] with the subject line "Privacy Rights Request." We may require you to provide your name, contact information, and other details to verify your identity before fulfilling a request.

9. Children's Privacy

GalaxyGrails.io is intended solely for users 18 years of age or older. If you are under 18, you may not use the Services. We do not knowingly collect personal information from individuals under 18. If you believe a minor has submitted personal information to us, please contact [email protected] and we will promptly delete it.

10. Notice of Monitoring

GalaxyGrails.io and its service providers may monitor activity on the Services for security, fraud prevention, and operational purposes. This may include logging pages visited, features used, items clicked, session duration, and other interactions. Cookies and similar technologies described in this Policy may also capture this information. By using the Services, you acknowledge and consent to this monitoring. If you do not consent, please discontinue use of the Services.

11. SMS Communications

If you provide your mobile phone number, GalaxyGrails.io may use it to send account-related SMS messages such as authentication codes, withdrawal confirmations, or support notifications. Message frequency may vary. Standard message and data rates may apply.

Opt-out: Reply STOP to any SMS from us to unsubscribe. You will receive a confirmation and no further messages will be sent.
Help: Reply HELP or contact [email protected].
Your mobile number will not be shared with third parties for marketing or promotional purposes. Text messaging opt-in data and consent will not be shared with any third party for their own purposes.

12. Links to Third-Party Sites

GalaxyGrails.io may link to third-party services such as Stripe and our vault custodian. These websites operate independently and are subject to their own privacy policies, which we encourage you to review. We are not responsible for the privacy practices of any third-party site.

Stripe Privacy Policy

13. Updates to This Policy

GalaxyGrails.io may update this Privacy Policy from time to time and will post any revisions on this page. The Effective Date at the top of this Policy reflects the most recent update. If material changes occur, GalaxyGrails.io will notify users via email or a notice on the website. Continued use of the Services after an update constitutes your acceptance of the revised Policy.

14. Contact Us

Email: [email protected]
Mail: GalaxyGrails.io LLC
16192 Coastal Highway
Lewes, DE US

1. Scope​

2. Information We Collect​

2.1 Information You Provide​

2.2 Information Collected Automatically​

2.3 Third-Party Service Relationships​

3. How We Use Your Information​

4. How We Share Information​

4.1 Service Providers​

4.2 Legal and Regulatory Disclosures​

4.3 Business Transfers​

4.4 Referred Users​

5. Data Security​

6. Data Retention​

7. Your Rights and Choices​

7.1 Email Preferences​

7.2 Cookie Preferences​

7.3 Do Not Track​

7.4 Global Privacy Control (GPC)​

7.5 State-Specific Rights​

7.6 Account Closure and Right to Erasure​

8. U.S. State Privacy Rights​

8.1 Categories of Personal Information Collected​

8.2 Purposes for Collection​

8.3 Retention​

8.4 Sale and Targeted Advertising​

8.5 Your State Law Rights​

8.6 How to Exercise Your Rights​

9. Children's Privacy​

10. Notice of Monitoring​

11. SMS Communications​

12. Links to Third-Party Sites​

13. Updates to This Policy​

14. Contact Us​