Privacy Policy
Last updated: November 30, 2026
This Privacy Policy explains how Henning Automotive Group LLC ("we," "us," "our") collects, uses, shares, and protects information when you use Ryder's Ultimate Vendor Portal (the "Service"). By using the Service you agree to this Policy.
1. Information we collect
From you, when you sign up or use the Service
- Account information: email address, password (hashed; we never see plaintext), business name, shop slug.
- Business profile:owner name, address, phone, contact email, EIN, UBI, sales-tax number, reseller's certificate number, optional banking info.
- Inventory and sales data: cards you intake, stock numbers, cost basis, sale prices, customer names and phone numbers entered for purchase orders.
- Scan images: photos of cards you scan, stored in your private bucket.
- Communications: messages you send to support.
Automatically, when you use the Service
- Device & usage: IP address, browser type, pages viewed, timestamps, and home-screen install state. We use these for security, debugging, and aggregate analytics.
- Cookies / local storage: session tokens, your active game tab, your onboarding-completed flag, and a local cache of your catalog and inventory (so the app works offline).
From third parties
- Stripe processes subscription payments and sends us back the subscription status, last-4 digits of your card, and billing email. We never see your full card number.
- Card catalog APIs (pokemontcg.io, Scryfall, YGOPRODECK, PriceCharting) provide public card metadata; no personal information is exchanged with them.
2. How we use information
- Provide, operate, and improve the Service.
- Process payments and manage your subscription.
- Send transactional emails (receipts, password resets, security alerts).
- Respond to support requests.
- Detect and prevent fraud, abuse, and security incidents.
- Comply with legal obligations.
3. How we share information
We share information only with the following:
- Service providers who help us operate the Service: Supabase (database, auth, file storage), Vercel (web hosting), Stripe (payments), Resend (transactional email). Each is bound by contract to use the data only on our behalf.
- Legal authorities when required by valid legal process or to protect rights, safety, or property.
- A successor in connection with a merger, acquisition, or sale of assets, subject to confidentiality.
We do not sell or rent personal information to third parties.
4. Your business's customer data
When you record a sale or generate a customer purchase order, you may enter customer contact information (name, phone, email). You are the data controller for that information; we process it on your behalf solely to provide the Service. You are responsible for having any required consents or notices in place with your own customers.
5. Data retention
- Active accounts: we retain your data for as long as your account is active.
- Closed accounts: business data is retained for 30 days after cancellation (in case you want to reactivate), then permanently deleted, except where retention is required by law (e.g. tax records).
- Backups: deleted data may persist in encrypted backups for up to 90 days before being overwritten.
6. Security
We use industry-standard safeguards: TLS in transit, encryption at rest, row-level security to isolate each shop's data from other shops, and audit logging of administrative actions. No system is impenetrable; please use a strong, unique password and notify us immediately at the support address below if you suspect unauthorized access.
7. Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your account and associated personal information, subject to legal retention requirements.
- Export your data in a machine-readable format.
- Object to or restrict certain processing, and withdraw consent where processing is based on consent.
Exercise these rights via the in-app account controls or by emailing the address below. We respond within 30 days. We will not discriminate against you for exercising a privacy right.
California residents (CCPA / CPRA)
In the last 12 months we have collected the categories of information described in Section 1 for the purposes in Section 2. We do not sell or share personal information for cross-context behavioral advertising. California residents may submit verifiable consumer requests via the support email.
8. Children
The Service is for businesses and is not directed to children under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided personal information to us, contact us and we will delete it.
9. International transfers
We are based in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. By using the Service you consent to that transfer.
10. Changes to this Policy
We may update this Policy from time to time. Material changes will be announced via the email on file or an in-app notice at least 30 days in advance. The "Last updated" date at the top reflects the current revision.
11. Contact
Privacy questions or requests? Email privacy@ryderspokemonchecklist.com.
Henning Automotive Group LLC — PLACEHOLDER street address — PLACEHOLDER city, WA — USA