rotos
Join waitlist
rotos.com

Privacy Policy

Last updated: 2026-05-22

About rotos

rotos.com (“rotos”, “we”, “us”) is a software-as-a-service tool for trading-card sellers. It helps you scan card images, identify them via eBay's image search, generate pricing comps, and publish listings to your own eBay seller account through eBay's official Sell APIs. This policy explains what data we collect, how we use it, and how you can control it.

Data we collect

  • Email address. Used only for magic-link sign-in and transactional account email (e.g. receipt confirmations). We never sell, rent, or share your email with marketers.
  • eBay OAuth tokens. When you authorize a seller account, eBay issues access and refresh tokens. Refresh tokens are stored encrypted at rest using AES-256-GCM. Access tokens are short-lived (~2 hours) and refreshed automatically as needed.
  • Card images you upload.Front and back images of each card you scan are stored on our servers to (a) send to eBay's image-search API, (b) display in your bulk-edit view, and (c) attach to listings when you publish. Images are retained while the associated draft or listing exists in your account. If you delete a draft, its images are removed from our storage.
  • Listing data. Drafts, titles, prices, comp prices, condition selections, and publish history are stored so you can review and edit before publishing, and so we can show you the result.
  • Billing data. If you subscribe, we store a Stripe customer ID, subscription status, plan tier, and the timestamp of the most recent payment. We do not see or store credit card numbers — Stripe handles all card data directly. See Stripe's privacy policy.
  • Server logs. Standard request logs (IP address, user agent, request path, response status) retained for up to 30 days for diagnostics and abuse prevention.
  • Cookies. A single session cookie set after sign-in (HTTP-only, secure, SameSite Lax) lets the site recognize you on return visits. No tracking cookies, no third-party analytics, no ad-network cookies.

How we use it

  • To run the service: identify cards, generate comp prices, store drafts, publish to eBay.
  • To bill subscriptions via Stripe.
  • To diagnose errors, investigate abuse, and maintain reliability.
  • To send transactional email related to your account (sign-in links, billing receipts).

We do not sell your data, profile you, or use it for marketing. We do not allow third parties to advertise to you through rotos.

Third parties we share data with

We share the minimum amount of data necessary with these providers to run the service:

  • eBay (api.ebay.com): card images are sent for image search; titles are sent for text search and comp price lookups; full listing payloads are sent when you publish. Governed by eBay's privacy notice.
  • Stripe (stripe.com): subscription billing and payment processing.
  • Resend (resend.com): transactional email delivery for magic-link sign-in and receipts.

Where data lives

All rotos data is stored on servers we operate. We use industry-standard hosting, full-disk encryption, and TLS for all client/server communication. Refresh tokens are additionally encrypted at the row level so a compromise of the database file alone does not expose credentials.

Your rights and how to delete

You can, at any time:

  • Disconnect your eBay account from inside the dashboard — this revokes our refresh token and removes the stored eBay credentials.
  • Cancel your subscription from the Stripe billing portal linked in the dashboard.
  • Email us at the address below to request full deletion of your rotos account, including all drafts, images, listing history, and billing metadata. We will action the request within 30 days.

If you delete your eBay account, eBay sends us an account-closure notification through their Marketplace Account Deletion / Closure webhook. On receipt, we permanently delete all data associated with that eBay user from our systems.

Children

rotos is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

If we make material changes, we'll update the “Last updated” date at the top and, for active subscribers, send a notice by email at least 14 days before changes take effect.

Contact

Questions or deletion requests: support@rotos.com.