Privacy Policy
BreakersDNA is a transparency platform — Section 5 spells out exactly what is public by design and what never is.
Last updated: 2026-06-12.
1. Who We Are
BreakersDNA (the “Service”) is operated by Luxe Inventions LLC (“BreakersDNA,” “we,” “us,” or “our”). BreakersDNA provides data-transparency, analytics, and documentation infrastructure for live trading-card breaks. We do not sell breaks or spots, process payments, or ship cards — those happen on third-party platforms under their own terms and privacy policies.
This policy explains what information we collect, how we use it, who we share it with, and what is — and is not — publicly visible. Transparency is the product, so parts of the Service are public by design; this policy is explicit about which parts.
2. Information We Collect
Account information. When you create an account we collect your email address, name (or display name for buyer accounts), and a password (stored only in hashed form). Breakers may also provide company and channel details (channel name, platform, sports of interest), which become part of their workspace.
Break and card data.The core of the Service is documenting breaks: product manifests, card scans captured by camera during a break (images of trading cards), card identifications, estimated values, and sale records. Sale records captured from a live break — entered by the breaker or captured from the breaker's stream via our browser extension — include the buying username on the streaming platform (for example a Whatnot username), the sale price, and the time of sale.
Buyer records entered by breakers. Breakers may add information about their buyers to their own workspace, such as a platform username, an email address, or a shipping address. That information is visible only to members of the breaker company that entered it (and to us, for operating and supporting the Service). It is never displayed publicly, with one exception: the platform username appears on public receipts and profiles as described in Section 5.
Automatically collected data. Like most web services we collect log and usage data (IP address, browser type, pages viewed) and use cookies for authentication. We use an error-and-performance monitoring service (Sentry) that receives technical details when something breaks and records a sample of in-app sessions (page interactions) to help us debug problems. Security-relevant actions (logins, administrative changes, manual price overrides) are recorded in audit logs that include IP address and browser information.
Help assistant.If you use the in-app help assistant, the messages you type are processed by an AI provider to generate a response. Don't put sensitive personal information in help chats.
3. How We Use Information
We use the information above to operate the Service: authenticate you, document breaks, identify cards, generate estimates and transparency reports, send transactional email (verification, receipts, claim decisions, break summaries), provide support, secure and debug the platform, and meet legal obligations. New breaker accounts may also receive a short onboarding email sequence, which has its own unsubscribe link.
We do not sell your personal information, and we do not share it with third parties for their own advertising or marketing.
4. AI Processing
Card identification and valuation are AI-assisted. When a card is scanned during a break, the captured card image and card-related text (player, set, year, card number) are sent to third-party AI and computer-vision providers — currently including OpenAI — solely to identify the card and estimate its value. Card-description text may also be sent to card-catalog and pricing services (such as Card Hedger) to match cards and retrieve market data. These requests contain card data, not your account details.
We do not use your personal information to train AI models of our own, and we use these providers under API terms rather than granting them rights to your data for their own purposes. We cannot speak for third-party providers' internal practices beyond the terms they publish; see their respective privacy policies for details.
5. What Is Public — and What Never Is
BreakersDNA exists to make break results verifiable, so some information is public by design:
- Break pages and receipts. Completed and live break pages, and per-spot receipt pages, are publicly viewable. A receipt shows the card, the sale price, the buying platform username, the captured card image (and clip, if recorded), and the channel that ran the break. Receipt pages are not search-engine indexed by default.
- Buyer profiles. A public profile page may exist for a platform username, showing aggregate stats and top pulls. Buyers can claim their username, set a display name, hide their detailed history, or hide the profile entirely (see Section 8).
- Channel pages and directories. Breaker channels, their break history, and directory listings are public. Companies can opt out of directory listing in settings.
The following are never displayed publicly: your email address, password, shipping addresses, a breaker's cost basis or margins, and internal platform identifiers.
6. Who We Share Information With
We share information only with service providers that we use to run the platform, and only to the extent needed for them to provide their service to us:
- Hosting and storage — Vercel (web hosting), Amazon Web Services (image and file storage, processing, content delivery), and Supabase (database and authentication).
- Email delivery — Mailgun, which processes recipient addresses and message content for the emails described in Section 3.
- AI and card-data providers — as described in Section 4 (card images and card text only).
- Monitoring and debugging — Sentry, which receives error reports and a sample of session recordings (in-app page interactions), with authentication credentials and sensitive parameters filtered out before sending.
We may also disclose information if required by law or legal process, to protect the rights, safety, or property of BreakersDNA or others, or as part of a merger, acquisition, or sale of assets (in which case this policy continues to apply to previously collected data until changed). We do not sell personal information to anyone.
7. Cookies and Analytics
We use essential cookies to keep you signed in (set by our authentication provider, Supabase). We do not run third-party advertising or analytics cookies.
8. Your Choices and Controls
- Email — receipt and onboarding emails contain unsubscribe links, and receipt-email preferences can be managed in Settings. Transactional emails required to operate your account (such as verification and password reset) are not optional.
- Buyer profile visibility — buyers can hide their detailed public history or hide their public profile entirely, and can set a public display name. Hide requests can be made from the profile page or via our contact channels.
- Directory listing — breaker companies can opt out of the public breaker directory in company settings.
- Access, correction, deletion — you can download a copy of the personal data linked to your account, and delete your account, from Settings → Privacy & Data. Deleting your account disables your login and hides any public buyer profiles linked to it. You can also contact us (Section 12) for correction of inaccurate information or help with a deletion request. Note that break records are a shared historical record: deleting your personal information does not remove a breaker's documented record that a sale occurred, but it removes the association with you.
Depending on where you live, you may have additional rights under local law (such as the GDPR or the California Consumer Privacy Act). We honor valid requests under applicable law through the contact channels in Section 12.
9. Data Retention
We retain account information while your account is active, and break documentation (including captured card images and sale records) for as long as it serves its purpose as a historical transparency record. We do not currently run automated deletion schedules; you can delete your account from Settings → Privacy & Data, or ask us (Section 12) to remove personal information. Audit logs and backups are retained for security and operational purposes.
10. Security
Data is encrypted in transit (TLS) and at rest. Access within the platform is permission-bound and enforced at the database layer with row-level security, so one company's private data is not visible to another. Credentials and API tokens are stored only as cryptographic hashes, and sensitive administrative actions are recorded in audit logs. See our Security page for more detail. No system is perfectly secure; we cannot guarantee absolute security.
11. Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.
12. Changes and Contact
We may update this policy as the Service evolves; the “Last updated” date above reflects the most recent revision. Material changes will be reflected on this page before they take effect.
For privacy questions or requests, contact us via the channels listed at /contact.