Privacy Policy
Effective Date: May 15, 2026
CardOracle ("we," "our," or "us") respects your privacy. This Privacy
Policy describes what information we collect, how we use it, and the
choices you have. By using the CardOracle app (the "Service"), you
agree to the practices described below.
1. Information We Collect
-
Anonymous Device Identifier. We generate a random
UUID on first launch to count active users and apply usage limits
(e.g. free-tier scan quota). This identifier is not linked to your
name, email, Apple ID, or IDFA, and cannot be used to identify you
personally.
-
Card Photos. When you scan a card, the front and
back photos are transmitted to our server for AI processing. Images
are processed in memory and are not retained after
the response is returned to your device.
-
Usage Data. We record anonymous events such as
"card scanned," "grade prediction viewed," and "subscription
purchased" to understand which features people use most. No content
from your photos, chats, or collection is included.
-
Purchase Information. Apple processes all in-app
purchases. We receive a non-personal subscription status (active /
inactive) via Apple's IAP receipts; we never see your payment
details.
2. How We Use Information
- To identify the card you scan and estimate its market value.
- To analyze card condition and produce PSA grade probability estimates.
- To answer your questions in the AI Oracle chat.
- To enforce subscription entitlements and free-tier limits.
- To improve features by measuring anonymous, aggregated usage.
We do not use your information to build advertising
profiles, and we do not sell or rent any data to
third parties.
3. Third-Party Services
We rely on a small number of vetted service providers, each of which
handles only the data described:
-
RevenueCat โ manages your subscription status. Sees
anonymous Apple IAP transaction data.
-
Mixpanel โ receives anonymous product-usage events
keyed only to the UUID described in Section 1.
-
Anthropic, Google, OpenAI โ process card images and
chat prompts on our behalf via our secure server proxy. These
providers do not receive any user identifier from CardOracle.
4. Data Security
All AI API calls are routed through our server-side proxy at
api.cardoracle.app. No third-party API keys are
embedded in the iOS binary, which prevents key extraction or impersonation
if the app is ever decompiled. Network traffic is encrypted with TLS
1.2 or higher.
5. Children's Privacy
CardOracle is not directed to children under the age of 13. We do not
knowingly collect information from anyone under 13. If you believe a
child has provided us information, please contact us and we will
delete it.
6. No Advertising, No Data Sales
CardOracle contains no third-party advertising and we
never sell your data. Our revenue comes entirely from
optional in-app subscriptions.
7. Your Choices
- You can disable Mixpanel analytics by uninstalling the app.
- You can cancel your subscription anytime in your Apple ID Settings.
- You can request deletion of any data we hold by emailing us.
8. Changes to This Policy
We may update this Privacy Policy from time to time. The "Effective
Date" at the top of this page indicates the most recent revision.
Material changes will be announced in-app before they take effect.
9. Contact
Questions or requests? Email
[email protected].