Privacy Policy

Last updated: April 1, 2026

This Privacy Policy describes how DeckTrace ("we", "us", "our") collects, uses, and protects your personal information when you use the DeckTrace mobile application ("App").

1. Data Controller

DeckTrace is the data controller for the personal data processed through the App.

Contact: info@decktrace.com

2. Data We Collect

Information You Provide

Email address — Account creation, authentication, communication
Password — Account authentication (stored as a hash, never in plain text)
Country — Localized pricing and shipping cost calculations
Portfolio data — Products, quantities, purchase prices, sold prices, grading info
Watchlist data — Target prices, alert preferences, grading filters
Contact messages — Responding to your support requests

Information Collected Automatically

Value snapshots — Recording daily portfolio value for historical charts
Subscription status — Managing access to Pro features
Device type (iOS/Android) — App functionality and subscription management

Information from Third Parties

Apple / Google (via RevenueCat) — Subscription purchase and renewal events
Google / Apple Sign-In (optional) — Name, email address for account creation via OAuth

3. How We Use Your Data

We use your personal data to:

Provide and maintain the App's core functionality
Calculate portfolio values using live marketplace pricing
Send price alert notifications
Process and manage subscriptions
Respond to support requests
Improve the App and fix issues

We do not use your data to sell to third parties, serve targeted advertisements, build advertising profiles, or make automated decisions that affect you.

4. Legal Basis for Processing (GDPR)

Contract performance — Account data, portfolio data, watchlist data, subscription data
Legitimate interest — Value snapshots, usage analytics for App improvement
Consent — Marketing communications (if applicable), OAuth sign-in

5. Data Sharing & Third-Party Services

We share data with the following service providers, solely to operate the App:

Supabase — All account and app data (EU — Frankfurt)
RevenueCat — Anonymous user ID, subscription events (USA with EU data processing)
Resend — Email address, message content (USA)
Google (Gemini AI) — User-submitted prompts only (USA)

We do not share your portfolio data, watchlist data, or financial information with any third party.

6. Data Retention

Account data, portfolio & watchlist data, value snapshots — until you delete your account
Contact messages — 12 months after resolution
Subscription records — as required by tax/legal obligations

When you delete your account, all associated data is permanently removed from our systems within 30 days.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

Access — Request a copy of your personal data
Rectification — Correct inaccurate personal data
Erasure — Delete your personal data (available in-app)
Restriction — Restrict processing of your personal data
Portability — Receive your data in a structured, machine-readable format
Objection — Object to processing based on legitimate interest
Withdraw consent — Where processing is based on consent

To exercise these rights, contact us at info@decktrace.com. We will respond within 30 days.

8. Data Security

All data is transmitted over HTTPS/TLS encryption
Passwords are hashed and never stored in plain text
Database access is secured with row-level security policies
Authentication tokens are managed securely via Supabase Auth
We conduct regular security reviews of our infrastructure

9. International Data Transfers

Some of our service providers are located in the United States. Where data is transferred outside the EU/EEA, we ensure adequate safeguards are in place through Standard Contractual Clauses (SCCs) and the service provider's privacy framework certifications.

10. Children's Privacy

DeckTrace is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it.

11. Cookies & Tracking

The DeckTrace mobile app does not use cookies. We do not use third-party analytics or advertising SDKs. We do not track you across other apps or websites.

12. App Tracking & Advertising

DeckTrace does not participate in cross-app or cross-website tracking
We do not use the Apple IDFA or any equivalent advertising identifier
We do not serve advertisements of any kind within the App
No data collected by DeckTrace is used for advertising or marketing purposes by third parties

13. Apple Privacy Nutrition Labels

Data Not Used to Track You: DeckTrace does not track you. No data collected by the App is used for tracking purposes.

Data Linked to You: Email Address (Contact Info), Country (User Content), Purchase History (Purchases).

Data Not Linked to You: Portfolio data, Watchlist data, Value snapshots (User Content).

Data Not Collected: Precise/coarse location, physical address, phone number, health/fitness data, payment info, photos, videos, audio, gameplay content, browsing/search history, device ID, advertising identifier, contacts, SMS/call logs, or biometric data.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

Right to Know — Request disclosure of collected data categories and sources
Right to Delete — Request deletion of your personal information
Right to Non-Discrimination — We will not discriminate against you for exercising CCPA rights
DeckTrace does not sell your personal information
DeckTrace does not share data for cross-context behavioral advertising

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or via email. Continued use of the App after changes constitutes acceptance.

16. Contact Us

For privacy-related questions or to exercise your rights:

Email: info@decktrace.com

Subject line: Privacy Request — [Your Request]