← Back to DeckLoot

Privacy Policy

Last updated: March 2, 2026

DeckLoot ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the DeckLoot mobile application and web service.

1. Information We Collect

• Card Photos: Images you scan for card identification (processed in real-time, not stored long-term)
• Collection Data: Cards you add to your collection, including names, sets, and pricing data
• Game Preferences: Card game types you scan (Pokémon, Magic: The Gathering, Yu-Gi-Oh!, Disney Lorcana, One Piece)
• Usage Data: App interactions, analytics, device information
• Language Preference: Your selected app language

2. How We Use Your Information

• Identify trading cards using AI-powered image recognition
• Store and manage your card collection
• Provide real-time market pricing data for your cards
• Improve app features and user experience
• Display scan history and collection statistics

We do NOT sell your personal data to third parties.

3. Use of Artificial Intelligence

DeckLoot uses third-party AI services (Claude Vision by Anthropic) to identify trading cards from photos.

Information Shared with AI Services:

• Card photos you scan
• Game type (Pokémon, Magic, Yu-Gi-Oh!, Lorcana, One Piece)
• Card details extracted from photo (name, set, number)
• Language preference for card identification

Information NOT Shared with AI Services:

• Your name, email address, or phone number
• Location data or GPS coordinates
• Payment information (no payments in app yet)
• Device identifiers (UDID, advertising ID)
• Your collection value or card inventory

Purpose: This information is shared solely to identify trading cards from photos. AI analysis happens in real-time and photos are not permanently stored by the AI service.

Data Security: All data is transmitted to AI services over secure, encrypted HTTPS connections. We do not use your personal data to train AI models. Card identification results may be cached temporarily to improve performance, but cached data is not linked to your personal identity.

Data Control: You can delete your collection and all associated data at any time from the Settings screen in the app.

4. Data Security

• All data is stored securely in Supabase with row-level security policies
• All data transmission uses HTTPS/TLS encryption
• API access requires authentication
• Card images are stored securely and only accessible to your account
• You can delete your collection and all associated data at any time

5. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a portable format
• Withdraw Consent: Opt out of optional data collection at any time

6. Third-Party Services

We use the following third-party services:

• Supabase: Secure database and storage hosting
• Claude Vision (Anthropic): AI-powered card recognition
• TCGPlayer API: Trading card pricing data (1,000 requests/day limit)
• PriceCharting API: Backup pricing data (50 requests/day limit)

Each service operates under its own privacy policy.

7. Data Retention

We retain your collection data for as long as you use the app. Card scan photos are processed in real-time and not stored long-term. If you delete your collection, all associated data is permanently removed within 30 days. Anonymized, aggregated data may be retained for analytics purposes.

8. Children's Privacy

DeckLoot is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via in-app notification. Continued use after changes constitutes acceptance.

10. Contact Us

For privacy-related questions or to exercise your rights:

📧 [email protected]