Privacy Policy

CardDex ("we," "us," or "our") is a trading card collection tracker and market intelligence platform operated by DannyBartokLLC. CardDex is available as a web application at carddex.gg and as a native mobile application on the Apple App Store (iOS) and Google Play Store (Android).

Contact us at support@carddex.gg for any privacy-related questions.

Account data: When you create an account, we collect your email address, display name, and optional profile photo. If you sign in via Google or Apple, we receive your name and email from those providers — we do not receive your passwords.

Collection data: Cards you add to your collection including card IDs, conditions, grades, purchase prices, notes, and any photos you upload of your cards.

Scan data: A log of cards you scan using the Buying Buddy or card scanner, including the card identified, TCG game, and timestamp. Camera images are processed in real time for card identification and are not stored on our servers after processing.

Payment data: Subscription billing is handled by Stripe. We do not store your credit card number or full payment details. We receive your subscription status, renewal dates, and billing email from Stripe.

Usage data: Page views, feature interactions, session duration, and error events collected via analytics tools to improve the product.

Device data (mobile apps): When you use our iOS or Android app, we may collect your device type, operating system version, app version, and crash reports. We do not collect your device's unique advertising identifier (IDFA/GAID).

Camera and permissions (mobile apps): The CardDex mobile app requests access to your camera solely to scan trading cards. We do not store, upload, or analyze camera images beyond the card identification request. Camera access is optional — you can manually search for cards without it. We do not access your photo library.

Push notifications (mobile apps): If you opt in, we may send push notifications for features such as price alerts, set updates, and account activity. You can disable notifications at any time in your device settings.

Log data: IP address, browser or app version, and timestamps collected automatically when you access the service.

We use your data to:

• Create and manage your account across web and mobile platforms
• Display your collection, prices, set completion, and trading tools
• Process and manage your Pro subscription payments
• Identify trading cards via camera scan and return price data
• Send transactional emails (account confirmation, password reset, subscription receipts, trial expiration reminders)
• Send push notifications if you have opted in
• Monitor app performance and fix errors
• Respond to support requests
• Improve the product based on aggregated usage patterns

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

CardDex supports signing in with Apple and Google as alternatives to email/password authentication.

Sign in with Apple: When you use Sign in with Apple, Apple may provide us with a unique identifier and optionally your name and email. You may choose to hide your email — in that case Apple provides a private relay email address. We respect this and use it only for account-related communications.

Sign in with Google: When you use Google Sign-In, we receive your name, email address, and profile photo from Google. We do not receive access to your Google account beyond basic profile information.

In both cases, we do not receive or store your password. Authentication is handled by the respective provider.

CardDex integrates with the following services that may process your data:

• Supabase — Database, authentication, and file storage. Privacy Policy
• Stripe — Payment processing for Pro subscriptions. Stripe is the merchant of record for all subscription transactions. Privacy Policy
• Apple — App Store distribution (iOS), Sign in with Apple, and push notifications via APNs. Privacy Policy
• Google — Google Play Store distribution (Android), Google Sign-In, and push notifications via FCM. Privacy Policy
• Scrydex — Card identification and pricing data. Card images submitted for scanning are processed by Scrydex's Vision API and are subject to Scrydex's data handling policies.
• PSA — Graded card verification via the PSA public API. Cert numbers you look up may be logged by PSA.
• Sentry — Error monitoring and crash reporting across web and mobile. Privacy Policy
• Google Analytics / PostHog — Aggregated usage analytics. Privacy Policy
• Vercel — Web hosting and edge infrastructure. Privacy Policy

CardDex Pro subscriptions are purchased and managed exclusively through our website at carddex.gg. We do not offer in-app purchases through the Apple App Store or Google Play Store. All billing is handled by Stripe.

If you subscribed through the web, you can manage or cancel your subscription at any time from your account settings at carddex.gg.

We retain your data for as long as your account is active. If you delete your account:

• Your personal information and collection data will be deleted within 30 days
• Financial transaction records are retained for up to 7 years as required by law
• Anonymized, aggregated usage statistics may be retained indefinitely

Depending on your location, you may have the following rights:

• Access: Request a copy of the data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Delete your account and data from within the app (Settings → Delete Account) or by emailing support@carddex.gg
• Portability: Request an export of your collection data in a standard format
• Opt out of push notifications: Disable in your device settings at any time
• Opt out of analytics: Use your browser's Do Not Track setting or a browser extension

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your rights, contact support@carddex.gg.

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict, or object to processing of your personal data. Our legal basis for processing is your consent (for optional features) and contract performance (to provide the service you signed up for).

To exercise your GDPR rights or to lodge a complaint, contact support@carddex.gg.

CardDex is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at support@carddex.gg and we will delete it promptly.

We take reasonable measures to protect your data including encrypted connections (HTTPS/TLS), hashed credentials, and row-level security on our database. However, no system is completely secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorized access to your account.

Our web app uses cookies and browser local storage to keep you logged in and remember your preferences. We also use analytics cookies. You can clear these at any time via your browser settings. Our mobile apps use local storage on-device for session management and do not use tracking cookies.

We may update this policy as our product evolves (including with new platform launches, features, or legal requirements). We will notify you of significant changes via email or an in-app notice. The "last updated" date at the top reflects the most recent revision.

Questions or requests? Email us at support@carddex.gg. We aim to respond within 5 business days.