LEGAL

Security

Last updated: July 8, 2026

This page is maintained by CollectorIQ to answer common security questions about the platform. It is not an independent certification.

Account protection

  • Email + password authentication with leaked-password (HIBP) checks at signup.
  • Google single sign-on supported.
  • Password reset via email with time-limited recovery links.
  • Sessions are stored in secure, http-only cookies where the runtime allows.

Data handling

  • All traffic is served over TLS.
  • Data is encrypted at rest by our managed database provider.
  • Row-level security policies scope every read and write to the owning user.

Payments

Payments are processed by Stripe. CollectorIQ never sees or stores your full card number, CVC, or bank credentials.

Subprocessors

  • Cloudflare — edge hosting and network.
  • Supabase — managed Postgres, authentication, storage.
  • Stripe — subscription billing.
  • Lovable AI Gateway — AI research and scanning features.
  • eBay Marketplace Insights — market comps data.

Reporting a vulnerability

If you believe you've found a security issue, email security@collectoriq.com. Please give us a reasonable time to investigate and remediate before public disclosure.

Shared responsibility

Keep your device and email account secure, use a unique password for CollectorIQ, and be cautious of phishing. We will never ask for your password via email.

This page is maintained by CollectorIQ. Content is provided as-is and is not legal advice.