Privacy Policy

Last updated: May 12, 2026

1. Information We Collect

We collect information you provide directly and information generated by your use of the app:

• Account information — email address and password (stored securely via Supabase Auth)
• Collection data — cards you add, scan images, pricing history, wishlists, and grading submissions
• Camera usage — photos captured during card scanning are uploaded to process your request and stored in your account; we do not use them for any other purpose
• Purchase information — subscription tier and scan pack purchases are processed by Apple or Google; we receive only confirmation of your entitlements via RevenueCat, not your payment details
• Usage analytics — anonymized event data (features used, screens visited) collected via PostHog to help us improve the app
• Crash reports — error data collected via Sentry when the app crashes, including device type and OS version, to help us fix bugs
• Email signups — if you submit your email on our website, we store it to send product updates

2. How We Use Your Information

• Provide, operate, and improve The Card Ledger app and services
• Process AI card scanning and pricing requests on your behalf
• Manage your subscription and scan quota
• Send push notifications you have opted into (price alerts, feature updates)
• Respond to support requests
• Detect and prevent fraud or abuse
• Analyze aggregate usage patterns to improve features (data is anonymized)

We do not sell your personal information to third parties.

3. Third-Party Services

We use the following third-party services to operate the app. Each has its own privacy policy:

• Supabase — database, authentication, and file storage (supabase.com/privacy)
• RevenueCat — subscription and in-app purchase management (revenuecat.com/privacy)
• Google Gemini / OpenAI — AI models used to analyze card images and generate pricing; card images and metadata are sent to these services to process your scan requests
• PostHog — anonymous product analytics (posthog.com/privacy)
• Sentry — crash and error reporting (sentry.io/privacy)
• Apple / Google — in-app purchases and push notifications are handled through their respective platforms

4. Data Retention

We retain your account and collection data for as long as your account is active. You may delete your account at any time from the app (Profile → Settings → Delete Account), which permanently removes all your data from our systems within 30 days.

Crash reports and analytics data are retained for up to 90 days in aggregated or anonymized form.

5. Your Rights

Depending on your location, you may have the following rights:

• Access — request a copy of your personal data
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and data
• Portability — request your collection data in a portable format
• Opt-out — opt out of marketing emails at any time via the unsubscribe link

To exercise any of these rights, contact us at contact@thecardledgerapp.com.

6. Children's Privacy

The Card Ledger is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it promptly.

7. Data Security

We use industry-standard security measures including encrypted connections (HTTPS/TLS), row-level security on our database, and secure credential management. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page and, where appropriate, by sending an in-app notification. Continued use of the app after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

• Email: contact@thecardledgerapp.com
• Website: thecardledgerapp.com