Privacy Policy

Last updated: June 27, 2026

Card Gallery ("Card Gallery," "we," "us," or "our") provides a mobile application and related web services (collectively, the "Service") that let collectors catalog, display, cast, and share their graded trading card collections. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

Information you provide

Account information. When you create an account, we collect your email address and authentication credentials. If you sign in with Apple, we receive the identifier (and, if you allow it, the name and email) that Apple shares with us.
Collection data. The cards you add — including certification numbers, card details, images, grades, values, and any collections, frames, or showcases you create.
Communications. If you contact support, we keep the messages you send and our replies.

Information collected automatically

Usage and device data. Basic technical information needed to operate and secure the Service, such as device type, operating system, app version, and diagnostic/crash information.
Casting sessions. When you cast to a TV or publish a showcase, the cards and display settings for that session are stored so the receiving screen or web page can render them.

Stored on your device

Your card vault is stored primarily on your device. Some data is synced to our servers to power features that can't run on the phone alone — public showcases, the TV cast receiver web page, and value/stat enrichment.

2. How We Use Your Information

To provide, maintain, and improve the Service;
To create and manage your account and authenticate you;
To enrich your cards with images, market values, and player/team statistics;
To power casting to your TV and the public showcases you choose to publish;
To respond to your support requests;
To protect against fraud, abuse, and security threats; and
To comply with legal obligations.

3. How Your Information Is Shared

We do not sell your personal information. We share information only as described below:

Service providers. We use trusted vendors to run the Service, including Supabase (authentication, database, and storage), Apple (Sign in with Apple and app distribution), and Cloudflare (web hosting and content delivery). These providers process data on our behalf under their own terms and privacy commitments.
Data sources. To enrich cards we query third-party data providers (for example, card-population and grading data, and sports statistics services). We send the minimum needed (such as a certification number or player name) to retrieve details.
Public showcases. If you choose to publish a showcase or share a link, the cards and details in that showcase become viewable by anyone with the link. You control whether to publish and what it contains.
Legal and safety. We may disclose information if required by law or to protect the rights, safety, and security of our users and the Service.
Business transfers. If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Your Choices & Rights

Privacy controls. Public sharing is off by default. You decide whether to publish a showcase and can unpublish it at any time.
Access and deletion. You can request access to or deletion of your account and associated data by contacting us at the email below. Deleting your account removes your synced data from our systems.
Device permissions. You can control camera, local network, Bluetooth, and Face ID permissions in your device settings.
Regional rights. Depending on where you live (for example, the EEA/UK or California), you may have additional rights to access, correct, port, or delete your information, and to object to or restrict certain processing. Contact us to exercise these rights.

5. Data Retention

We keep your information for as long as your account is active or as needed to provide the Service. When you delete your account, we delete or de-identify your synced personal data, except where we must retain it to comply with legal obligations, resolve disputes, or enforce our agreements.

6. Security

We use reasonable administrative, technical, and organizational measures to protect your information, including encryption in transit and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

7. Children's Privacy

The Service is not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

8. International Users

We operate the Service from the United States and may process and store information in the United States and other countries. By using the Service, you understand your information may be transferred to and processed in locations with data-protection laws different from your own.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect means you accept the updated policy.

10. Contact Us

Questions about this Privacy Policy or your data? Contact us at support@cardgallery.io.