1. Introduction
CardVault: TCG Card Scanner ("App," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our iOS application.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, Apple ID (via Sign in with Apple)
- Profile Information: Username, profile picture, bio, location (optional)
- Card Collection Data: Card images, grades, values, purchase history, notes
- Feedback & Support: Messages sent through support email, feedback forms, and bug reports
2.2 Information Collected Automatically
- Device Information: Device model, OS version, unique device identifier, IP address
- Usage Data: Features used, pages visited, time spent, crash logs
- Location Data: General location (country/region) for localization purposes
- Camera & Photo Library: Image data from card scans (processed locally, then sent to cloud for recognition)
2.3 Third-Party Services
We use the following services that may collect data:
| Service | Purpose |
|---|
| Firebase (Google) | Authentication, data storage, analytics, crash reports, cloud functions |
| Apphud | Subscription management, purchase receipts |
| AppsFlyer | Attribution, user acquisition analytics |
| Amplitude | Product analytics, user behavior |
We request App Tracking Transparency (ATT) permission before collecting your IDFA for attribution purposes.
3. How We Use Your Information
- App Functionality: Manage your card collection, track values, display marketplace data
- Authentication & Security: Verify identity, prevent fraud, secure your account
- Cloud Sync: Synchronize your collection across devices
- Analytics & Improvements: Understand usage, fix bugs, improve features
- Subscriptions: Process payments and manage premium features
- Notifications: Send push notifications about price alerts, new features
- Legal Compliance: Comply with laws, enforce agreements
4. Data Sharing
We do not sell your personal data. We share data only with:
- Service Providers: Firebase, Apphud, AppsFlyer, Amplitude (as described above)
- Legal Requirements: Law enforcement, court orders, or legal obligations
- Business Transfers: In case of merger, acquisition, or asset sale
5. Data Retention
- Account Data: Retained while you use the app; deleted 90 days after account deletion
- Collection Data: Retained until you delete or export it
- Logs & Analytics: Automatically deleted after 90 days
- Backup Data: May be retained in backups for up to 1 year
6. Data Security
We implement industry-standard security measures including:
- SSL/TLS encryption for data transmission
- Firestore security rules for access control
- Encrypted local cache storage
No method of transmission is 100% secure. We cannot guarantee absolute security of your data.
7. Your Privacy Rights
Depending on your location, you may have the right to:
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Request deletion of your data
- Portability: Receive data in a portable format
- Opt-Out: Unsubscribe from marketing communications
To exercise these rights, contact us at: support@cardvault.app
8. Camera & Card Scanning
- Card images are initially processed on your device
- Only recognized card data is sent to our servers for identification
- Original images are not permanently stored on our servers unless you choose to save them
- You control which photos are uploaded
9. Offline Storage
- Your collection is cached locally in encrypted storage
- Offline mode works without internet connection
- Data syncs automatically when connection is restored
10. Children's Privacy
The App is not intended for children under 13. We do not knowingly collect data from children under 13. If we discover that we have collected information from a child under 13, we will delete it promptly.
11. California Residents (CCPA)
If you are a California resident, you have additional rights including the right to know what data is collected, request deletion, and opt out of data sales. We do not sell personal data.
Contact: support@cardvault.app
12. European Residents (GDPR)
If you are in the EU, UK, or EEA, GDPR applies. Our legal bases for processing:
- Consent: Marketing, analytics, ATT tracking
- Contract: Providing app services, subscriptions
- Legitimate Interest: Security, fraud prevention
- Legal Obligation: Tax compliance, legal requests
13. Changes to This Policy
We may update this Privacy Policy periodically. Changes are effective immediately upon posting. Your continued use of the App constitutes acceptance of the updated policy.
Third-Party Privacy Policies