Privacy Policy

Effective Date: May 11, 2026 · Last Updated: May 11, 2026

This Privacy Policy (the “Policy”) explains how MINER TYCOON LIMITED (“we”, “our”, or “us”) collects, uses, discloses, and safeguards information when you access or use the TCGCardsVault mobile application (the “App”) and any related services we provide (collectively, the “Services”).

By installing, accessing, or using the App, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree, please uninstall the App and discontinue use of the Services.

1. Information We Collect

1.1 Information You Provide Directly

• Collection data: Card identifiers, quantities, purchase prices, dates, notes, and other portfolio details that you choose to add to your vault.
• Photographs: Images you submit through the in-app card scanner. Images are sent to our servers solely to perform optical character recognition (OCR) and card identification, and are not retained after recognition completes.
• Customer support: Information you provide when contacting us, including the contents of your messages.

1.2 Information Collected Automatically

• Device identifiers: A stable on-device identifier (iOS Keychain UUID or Android Secure Settings ID) which we exchange with our server for a randomly generated account UUID. This is the only identifier tying you to your data.
• Device and technical data: Device model, operating system version, application version, language, region, time zone, and network type.
• Usage data: Feature usage events, screens viewed, taps on subscription and purchase flows, scan completions, and similar aggregate analytics events.
• Diagnostic data: Crash reports, exception stack traces, and performance metrics provided through Firebase Crashlytics.
• Push notification token: A device-specific token issued by Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) so we can deliver price alerts and product notifications you have opted into.

1.3 Information Collected From Third Parties

• RevenueCat: Subscription status, renewal state, transaction identifiers, and entitlement information for the purpose of validating and managing your Pro subscription.
• App Store / Google Play: Region-localized product pricing, currency, and purchase receipts when you complete a transaction.
• Singular (attribution): Probabilistic and SKAdNetwork-based attribution data, including approximate device characteristics, install referrer, and ad campaign identifiers (where available).

We do not collect your name, email address, phone number, payment card details, precise location, contacts, photos, microphone audio, calendar, or health data. All payments are processed by Apple or Google — we never see your payment instrument.

2. How We Use Information

• To provide, operate, and maintain the App and Services.
• To identify cards from photographs you submit and return matching catalog entries.
• To retrieve and display market pricing relevant to your collection.
• To deliver subscription benefits and validate purchases through RevenueCat.
• To send push notifications you have opted into, including price alerts.
• To diagnose, debug, and resolve crashes and technical issues.
• To measure aggregate App performance and improve features over time.
• To measure marketing campaign performance through Singular and SKAdNetwork in a privacy-preserving manner.
• To prevent fraud, abuse, and violations of our Terms of Use.
• To comply with applicable legal obligations.

3. App Tracking Transparency (iOS)

On iOS devices, we request your permission via the App Tracking Transparency (ATT) prompt before associating data collected from the App with third-party data for advertising or measurement purposes across apps and websites owned by other companies. You may grant or deny this permission, and you may revoke it at any time through your device’s Settings > Privacy & Security > Tracking.

If you deny ATT, we still rely on Apple’s SKAdNetwork framework for privacy-preserving aggregate attribution. SKAdNetwork postbacks do not identify you individually.

4. Push Notifications

If you grant notification permission, we use Apple’s APNs and Google’s FCM to deliver alerts you have configured (for example, when a card price crosses a threshold). You can disable push notifications at any time in your device’s system settings or from within the App’s notification settings screen. Disabling notifications does not delete your account or other data.

5. How We Share Information

We do not sell your personal information. We share information only as described below:

• Service providers: Firebase (Google LLC) for messaging, analytics, and crash reporting; RevenueCat, Inc. for subscription management; Singular Labs, Inc. for marketing attribution; and our backend hosting provider for application infrastructure. These providers process data on our behalf under contractual confidentiality and data-protection obligations.
• Legal requirements: When required by law, subpoena, or court order, or to protect the rights, property, and safety of MINER TYCOON LIMITED, our users, or the public.
• Business transfers: In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to standard confidentiality protections.
• With your consent: In any other circumstance, only with your explicit consent.

6. Data Retention

We retain account-level data (your account UUID, portfolio entries, alerts, wishlist) for as long as your installation remains active. If you uninstall the App and do not reinstall on the same device within ninety (90) days, your associated data may be deleted or anonymized.

Scan images are processed in-memory or in transient storage and are deleted immediately after OCR completes. Crash logs are retained for up to ninety (90) days. Aggregated, de-identified analytics may be retained indefinitely.

You may request deletion of your account-level data at any time using the contact information below. Deletion is typically completed within thirty (30) days, except where retention is required by law.

7. Data Security

We protect your information using industry-standard safeguards, including HTTPS/TLS for all network communication, encrypted on-device storage (Keychain on iOS, encrypted SharedPreferences on Android) for sensitive identifiers, and access controls on our backend infrastructure. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Children’s Privacy

The App is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected information from a child without verifiable parental consent, we will delete it promptly. Parents or guardians who believe a child has provided us with information may contact us using the address below.

9. International Data Transfers

We operate internationally, and your information may be processed in countries other than the one in which you live. By using the App, you consent to the transfer of your information to such countries, which may have data protection laws different from those of your country. We take reasonable steps to ensure that your information receives an adequate level of protection wherever it is processed.

10. Your Rights

Depending on where you live, you may have rights under applicable law, including:

• The right to access the personal information we hold about you.
• The right to request correction of inaccurate personal information.
• The right to request deletion of your personal information.
• The right to object to or restrict certain processing activities.
• The right to data portability where applicable.
• The right to withdraw consent at any time, where consent is the basis of processing.
• The right to lodge a complaint with your local data protection authority.

To exercise these rights, please contact us using the details below. We may require reasonable verification before fulfilling your request.

11. Region-Specific Disclosures

11.1 European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, the UK, or Switzerland, MINER TYCOON LIMITED is the data controller of your personal information. Our legal bases for processing include the performance of a contract (providing the Services), our legitimate interests (improving the App, preventing fraud), your consent (push notifications, ATT-gated tracking), and compliance with legal obligations.

11.2 California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you rights to know what personal information we collect, to request deletion, to opt out of any “sale” or “sharing” of personal information, and to non-discrimination for exercising these rights. We do not sell personal information.

12. Third-Party Services

The App relies on third-party services whose own privacy policies govern their handling of data:

• Firebase — firebase.google.com/support/privacy
• RevenueCat — revenuecat.com/privacy
• Singular — singular.net/privacy-policy
• Apple App Store — apple.com/legal/privacy
• Google Play — policies.google.com/privacy

13. Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the “Last Updated” date above. Material changes will be communicated through the App or by other appropriate means before they take effect. Your continued use of the App after the effective date constitutes your acceptance of the revised Policy.

14. Contact Us