Legal

Privacy Policy

Effective: May 15, 2026  ·  Last updated: May 15, 2026

The short version. VaultedTCG does not have user accounts, does not run analytics, does not use any advertising or tracking SDKs, and does not store your inventory, sales, photos, or notes on any server. Everything stays on your iPhone. The only data that ever leaves your device is the search query or scanned card image you explicitly send to look up pricing or identify a card.

1. Who we are

VaultedTCG is an iOS application and accompanying website (vaultedtcg.io) operated by Adir J. Cohen. For privacy questions, contact support@vaultedtcg.io.

2. What we collect from you

Nothing about you personally. The App does not ask for your name, email, phone number, address, payment information, or any other personally identifiable information. There is no account to create, no login, no profile.

3. What stays on your device

All of the following is stored locally in a private database on your iPhone using Apple’s SwiftData framework, and is never transmitted off your device by VaultedTCG:

If you uninstall the App, this data is deleted by iOS along with the App. We have no copy and cannot recover it. Use the built-in CSV export to back up your data.

4. What leaves your device, and why

The App makes outbound network requests in only the following situations, and only the data described:

None of these requests contain your name, account, location, contacts, or any other data from your device beyond what is described above.

5. Permissions the App may request

You can revoke either permission at any time in iOS Settings → VaultedTCG.

6. Analytics, advertising, tracking

None. No analytics SDKs (no Firebase, no Mixpanel, no Amplitude, etc.). No advertising networks. No tracking pixels. No fingerprinting. We do not know how often you use the App, which features you use, or whether you use it at all. The App does not request the iOS App Tracking Transparency permission because it does no tracking.

7. Cookies and similar technologies

The mobile App does not use cookies. The website at vaultedtcg.io is a static informational site. It does not set tracking cookies; any cookies set are limited to those used by the hosting provider (Netlify) and the DNS provider (Cloudflare) for normal site delivery and security (e.g. bot mitigation), governed by their respective privacy policies.

8. Children’s privacy

VaultedTCG is not directed at children under 13 and we do not knowingly collect personal information from children. The App does not collect personal information from anyone, regardless of age.

9. TestFlight (beta only)

While VaultedTCG is in beta, Apple’s TestFlight service may collect crash reports and feedback you submit through TestFlight. This is governed by Apple’s Privacy Policy, not by VaultedTCG. We see only the crash reports and feedback you choose to send.

10. International users

The App is operated from the United States. Our backend is hosted on Supabase (which uses AWS infrastructure). When you use the search, pricing, or scan features, the request is processed in the United States. By using the App you consent to that processing. We do not transfer or store any personal data, so cross-border transfer rules (such as those under GDPR) generally do not apply to inventory data — but the request metadata (e.g. your IP, your search query, the card image you scan) is necessarily transmitted to our backend and to the third-party services described in Section 4 in order to fulfill your request.

11. Your rights

Because we do not collect or store personal information about you on any server, there is generally no personal data for us to access, correct, or delete on your behalf. You can:

If, in the future, we add account-based features (cloud sync, login, etc.), this Privacy Policy will be updated before those features go live to describe what is collected, why, and your rights regarding it.

12. Data security

Your data is stored locally on your iPhone, protected by the device’s standard iOS sandboxing and (if enabled) device passcode and biometric authentication. Network requests to our backend and to third-party services are made over HTTPS. We have no servers that store user inventory, sales, photos, or notes, so there is nothing on our side that can be breached and exposed.

13. Changes to this policy

If anything ever changes about how the App handles data, this page will be updated and the “Effective” date at the top will change. Material changes will be communicated to active users through the App, TestFlight notes, email, or this page when feasible.

14. Contact

Privacy questions, requests, or complaints? Email support@vaultedtcg.io. We respond within 30 days.