Deckmate Privacy Policy

1. Introduction

Welcome to Deckmate ("the App"), provided by Deckmate ("we," "us," or "our"). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your information when you use our mobile application and its related services (collectively, the "Services").

By creating an account and using the App, you agree to the collection and use of information in accordance with this policy.

This policy is written to comply with the UK General Data Protection Regulation (UK GDPR). We act as the data controller for the personal data we process through our Services.

Our contact email for all privacy-related matters is: hello@deckmate.app

2. Information We Collect and Legal Basis for Processing

We collect several different types of information for various purposes to provide and improve our Service to you. For each type of data, we rely on the following legal bases under UK GDPR:

a) Personal Data You Provide to Us:

           
• Account Information: When you create a Deckmate account, we require you to provide certain information, including your email address, a username, and a password. Only hashed passwords are stored; we cannot access your actual password.                
                     
  • Legal Basis: Performance of contract (to provide the Services you've requested)
                 
             
           
• User Preferences: We collect your preferred market source (e.g., UK, EUR, US) to tailor your experience.                
                     
  • Legal Basis: Performance of contract and legitimate interests (to provide personalised services)
                 
             
       

b) User-Generated Content:

           
• Card Images: When you scan or upload a Pokémon card, we store the image of that card. We only store an image if a card is successfully detected. This data is essential for the core functionality of tracking your collection. These images may also be used in an anonymised or aggregated form to improve our card recognition algorithms and service functionality, where permissible under our legitimate interests.                
                     
  • Legal Basis: Performance of contract (core app functionality) and legitimate interests (service improvement)
                 
             
       

c) Usage and Technical Data (Automatically Collected):

           
• Scan Data: We collect information on the cards you scan to help power our Services.                
                     
  • Legal Basis: Performance of contract and legitimate interests (service improvement)
                 
             
           
• Analytics and Technical Data: To help us diagnose problems and improve the App, we collect standard technical and usage data. This includes:                
                     
  • Device information (e.g., device model, operating system version)
                     
  • Crash reports and performance data
                     
  • Analytics about how you interact with our App (e.g., features used, time spent in the App)
                 
                 
                     
  • Legal Basis: Legitimate interests (service improvement and technical support)
                 
             
       

d) Data from Third Parties:

           
• Deal Information: Our "Live Deals" feature is powered by eBay. Or more specifically, a third-party service that provides data scraped from public listings on eBay. We do not share your personal data with this provider, and you are not required to log in to use this feature.                
                     
  • Legal Basis: Legitimate interests (providing valuable market information to users)
                 
             
       

e) Rewarded Advertising Data:

           
• We may collect certain data to serve you with personalised rewarded ads. When you choose to watch a rewarded ad by pressing the designated button, a user ID and device ID are shared with our advertising partner to help select and show you relevant advertisements.                
                     
  • Legal Basis: Legitimate interests (to monetise the app and provide additional features or rewards to users in exchange for watching an ad). You can object to this processing at any time.
                 
             
       

3. How We Use Your Information

We use the information we collect for the following purposes:

           
• To Provide and Maintain our Service: To create your account, manage your digital collection, and allow you to log in.
           
• To Personalise Your Experience: To use your market preference to show you relevant data.
           
• To Serve Rewarded Ads: To present you with personalised, rewarded advertisements when you choose to view them.
           
• To Improve Our App: To understand how our users interact with Deckmate, to diagnose and fix technical issues, and to inform future development.
           
• To Communicate With You: To send you important service-related notices, and to respond to your support requests and inquiries sent to hello@deckmate.app.
           
• To Provide Push Notifications: To send you "Live Deal" alerts and other service-related notifications. We obtain your explicit consent before sending marketing notifications. You can opt-out of notifications at any time through your device settings or by contacting us.
       

4. How We Store and Secure Your Information

Data Storage: Your personal data and card images are stored using Supabase cloud infrastructure, with servers located in the European Union to ensure adequate data protection standards.

Data Security: We are committed to protecting your data. We implement appropriate technical and organisational measures, such as encryption in transit and at rest, access controls, and regular security assessments to safeguard your information from unauthorised access, alteration, disclosure, or destruction. However, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure.

Data Breach Notification: In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, as required by UK GDPR.

5. Who We Share Your Information With

We do not sell your personal data. We may share your information with the following third-party service providers who help us operate our App. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. All data processing agreements include appropriate safeguards and restrictions.

           
• Supabase (Data Processor): For cloud database and storage services. Data is processed under a data processing agreement that ensures GDPR compliance. You can view their privacy policy for more details.
           
• Google AdMob (Data Processor): To serve personalised, rewarded ads. AdMob may collect and process device IDs, IP address, and other non-personally identifiable information to help select ads. You should review their privacy policy for more details.
           
• Expo / Firebase (Data Processor): To facilitate the delivery of push notifications. These services receive a device token to send notifications, but this is not linked to your personal identity by us. You should review their respective privacy policies for more details on their data practices.
           
• RevenueCat (Data Processor): For subscription management and processing. RevenueCat may store information such as your email, country, locale, platform version, and SDK version related to your subscription. You should review their privacy policy for more details.
           
• Sentry (Data Processor): For error tracking and debugging. Sentry helps us identify and fix app issues. It may record redacted videos of errors (no text is shown), along with platform version and device information. You should review their privacy policy for more details.
       

6. Your Data Protection Rights (UK GDPR)

You have the following rights over your personal data. Subject to legal exceptions, you have the right to:

           
• Access Your Data: You have the right to request a copy of the personal data we hold about you. Much of your information (username, card collection) is visible within the App. For a full rundown of all data, please email us.
           
• Correct Your Data: You have the right to have inaccurate personal data corrected. To change your email address, you must contact us at hello@deckmate.app.
           
• Delete Your Data (Right to be Forgotten): You have the right to request the deletion of your account and all associated personal data. To do so, you must email your request to hello@deckmate.app. We will complete deletion within 30 days unless legal obligations require us to retain certain data.
           
• Data Portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you in a structured, commonly used, and machine-readable format.
           
• Object to Processing: You have the right to object to processing based on legitimate interests.
           
• Withdraw Consent: Where we rely on consent (such as for marketing notifications), you have the right to withdraw consent at any time.
           
• Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters. You can contact them at ico.org.uk.
       

To exercise any of these rights, please contact us at hello@deckmate.app. We will respond to your request within one month.

7. Data Retention

We will retain different types of personal data for the following periods:

           
• Account Data: Retained while your account is active and for one year after account deletion or prolonged inactivity.
           
• Card Images and Collection Data: Retained while your account is active and deleted upon account closure.
           
• Technical and Analytics Data: Retained for up to 2 years for service improvement purposes.
           
• Communication Records: Retained for up to 3 years for customer service purposes.
       

Where we are required to retain data for legal or regulatory purposes, we will retain such data for the minimum period required by law.

8. Cookies and Tracking Technologies

Our App primarily uses essential device identifiers and technologies necessary for its core functionality and analytics. Any non-essential tracking technologies that may come into use will be subject to appropriate consent mechanisms where required by law. You can generally manage app-specific permissions and tracking preferences through your device settings.

9. Children's Privacy

Our Service is not directed to individuals under the age of 16. Deckmate is intended for collectors.

We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your child has provided us with Personal Data without your consent, please contact us immediately at hello@deckmate.app. If we become aware that we have collected Personal Data from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers immediately.

10. App Permissions

           
• Camera: We request permission to use your camera so you can scan your Pokémon cards. We do not use the camera for any other purpose and do not store camera access beyond individual scanning sessions.
           
• Photo Library: We request permission to access your photo library so you can upload existing images of your Pokémon cards. The App only accesses images you specifically select to upload.
           
• Push Notifications: We request permission to send you notifications about deals and app updates. You can manage these permissions through your device settings.
       

11. Consent Management

For processing activities that require consent (such as marketing communications and certain analytics), we will:

           
• Obtain clear, specific consent before processing.
           
• Provide easy ways to withdraw consent.
           
• Maintain records of consent given.
           
• Respect withdrawal of consent promptly.
       

For processing based on legitimate interests, such as for serving personalised, rewarded ads, you have the right to object to this processing. Your action of pressing the button to view a rewarded ad is considered a clear and intentional affirmative action to receive the associated reward.

You can manage your consent preferences by contacting us at hello@deckmate.app or through in-app settings where available.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. For significant changes, we will provide a more prominent notice (such as an in-app notification or email where we have your consent to do so).

You are advised to review this Privacy Policy periodically for any changes. Continued use of the Service after changes indicates acceptance of the updated policy.