Privacy Policy

Kardra ("we," "us," "our") operates the Kardra website and iOS app (the "Service"). This Privacy Policy explains our data practices. For terms of use, see our Terms of Service.

Account information. When you create an account, we collect data such as email, user ID, and profile fields you provide (for example display name or username).

Profile and community information. If you use profile/community features, we may collect your public profile preferences, chosen showcase cards, and social graph metadata (followers/following).

Card images and scan data. When you upload or scan card photos, we process those images to identify cards and generate grading/pricing outputs. We store scan-related metadata such as card identifiers, estimates, confidence, timestamps, and collection flags.

Subscription and billing information.

• Web billing: processed by Stripe.
• iOS billing: processed by Apple.

We receive limited billing metadata needed to manage access (for example subscription status, product/plan, transaction references). We do not receive or store full payment card numbers.

Device and technical information. We collect technical data such as app version, device model/OS, crash diagnostics, approximate location inferred from IP, and service logs for reliability, abuse prevention, and security.

Depending on your settings and feature use, we may request:

• Camera access (to scan cards)
• Photo library access (to upload/import card images)
• Notification permission (if and when notifications are enabled)

We use information to:

• Provide and operate the Service
• Run card scans and deliver AI outputs
• Manage accounts, subscriptions, and feature access
• Secure the Service, detect abuse, and prevent fraud
• Troubleshoot bugs and improve performance
• Comply with legal obligations
• Send service and transactional messages
• Send marketing messages only where allowed and, where required, with consent (you can opt out)

We use service providers, including AI providers, cloud hosting, analytics, and payment providers, to operate the Service. We share data with processors only as reasonably necessary to provide the Service and under contractual safeguards.

Card and market data providers may include:

• PokéTCG API
• YGOPRODeck API
• Scryfall API
• eBay-sourced sold listing data

We do not sell your personal information.

We use limited tracking technologies to run and improve the Service.

• Essential technologies for authentication, session continuity, and security
• Analytics technologies to understand performance, reliability, and feature usage
• Mobile SDK components needed for app functionality and diagnostics
• Email delivery metadata (for example, delivery/open/click events) for transactional reliability

You can manage cookies through browser settings and manage iOS app permissions through device settings. Disabling some technologies may reduce functionality.

Our Service does not currently respond to browser "Do Not Track" signals. We honor privacy rights as required by applicable law.

We may share information:

• With vendors/processors supporting Service operations
• With legal authorities when required by law or valid legal process
• To protect rights, safety, or property of users, Kardra, or others
• In a merger, acquisition, financing, or asset transfer (with appropriate protections)
• With your direction or consent

We do not sell, rent, or trade personal information to third parties for their own direct marketing.

If you enable public profile/collection settings, selected information (such as username, profile details you mark public, and selected cards) may be visible to others. You can modify visibility settings in the app.

We keep personal data for as long as needed to provide the Service and for legitimate business/legal purposes (including security, dispute resolution, and compliance).

When you request account deletion, we delete or de-identify personal data within a reasonable timeframe unless retention is legally required. Limited data may remain in backups for a defined period.

For account deletion requests, we aim to begin deletion promptly (typically within 7 days). Operational backups may retain limited data for up to 90 days before automatic overwrite, unless a longer period is required for legal, fraud-prevention, or security reasons.

Depending on your location, you may have rights to:

• Access personal data
• Correct inaccurate data
• Delete personal data
• Receive portable copies of certain data
• Restrict or object to some processing
• Withdraw consent for consent-based processing

To exercise rights, contact: getkardra@gmail.com

We may request information to verify your identity before fulfilling a request. We respond within timelines required by applicable law (typically within 30 to 45 days, depending on jurisdiction and request complexity).

You may also:

• Update profile/account details in-app
• Manage iOS permissions in device settings
• Manage subscription settings through Apple (for iOS purchases) or web billing settings (for web purchases)

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 provided information, contact us and we will take appropriate action.

We may process data in the United States and other countries where we or our processors operate. Where required, we use appropriate safeguards for cross-border transfers.

Where legally required, these safeguards may include contractual protections with service providers (such as standard contractual clauses or equivalent measures).

We use reasonable technical and organizational safeguards to protect information. No method of transmission or storage is 100% secure, and absolute security cannot be guaranteed.

Residents of certain US states (including California) may have additional rights under applicable law. We honor rights requests as required by law.

If you are in the EEA/UK, you may have rights under GDPR/UK GDPR, including complaint rights with your local supervisory authority.

We may update this Privacy Policy periodically. We will update the "Last updated" date and provide additional notice for material changes when required.

If you have concerns about our privacy practices, contact us first at getkardra@gmail.com. If you are in a jurisdiction that provides regulator complaint rights, you may also contact your local data protection authority.

For privacy questions or data requests:

getkardra@gmail.com