Privacy Policy
Introduction
This Privacy Policy explains how Kardex collects, uses, stores, and protects information when you use the app.
1. Data We Collect
Depending on how you use Kardex, we may process:
• Account data (email, display name, auth provider, user ID)
• Collection and wishlist data (cards, purchase data, notes, language/condition filters)
• Preferences and app settings (language, sorting, feature preferences)
• Operational metadata (timestamps, refresh state, sync markers, maintenance/update state)
• CardTrader token data used for price-related features
• Support report data you submit (message text, email, optional technical details such as app version, platform, and service status)
• Diagnostics and crash data collected through Firebase Crashlytics in supported builds
2. Sources of Data
Data is collected:
• Directly from you when you sign in, manage your collection or wishlist, configure preferences, connect CardTrader, or contact support
• Automatically from app actions and app operation (for example refreshes, filters, history views, version checks, maintenance checks, and error/crash events)
• From third-party services needed to provide features (for example CardTrader pricing data, Firebase services, and Algolia search infrastructure)
3. Why We Process Data
We process data to:
• Authenticate users and secure accounts
• Provide collection, wishlist, search, and pricing features
• Sync data across sessions/devices
• Operate refresh jobs, cache updates, and support workflows
• Review and respond to support reports
• Monitor reliability, diagnose failures, and prevent abuse
4. Storage and Security
Kardex uses Firebase services (including Authentication, Firestore, Functions, Remote Config, and Crashlytics) and local device storage where needed. We apply access controls, authentication checks, and transport encryption. Support reports may also be forwarded by email to the service operator for handling. No system is completely risk-free, but we use reasonable safeguards to protect data.
5. Third-Party Services
Kardex depends on third-party providers including Google Firebase, Firebase Crashlytics, CardTrader API, Algolia, Google Sign-In, and Apple Sign-In. Their services are governed by their own terms and privacy policies.
6. Data Sharing
We do not sell personal data. Data may be shared only when necessary to operate the service, comply with legal obligations, enforce rights, or protect users and the platform. For example, data may be processed by Firebase and Algolia as service providers, sent to CardTrader when required for price-related features, and forwarded by email to the service operator when you submit a support report.
7. Retention and Deletion
Data is retained while your account is active or as needed for service operation, troubleshooting, security, and legal obligations. You can disable or delete your account from app settings. Account deletion is intended to remove your main Kardex account data, but some records may remain for operational, support, security, or legal reasons, including support-report records or diagnostic logs that have already been created or transmitted.
8. Your Rights
Depending on your location, you may have rights to access, correct, delete, export, or restrict processing of your personal data. You may also object to certain processing where applicable.
9. Legal Bases (EEA/UK)
When GDPR or similar laws apply, processing is based on one or more legal grounds such as contract performance, legitimate interests, legal obligations, and consent where required.
10. California Privacy Notice
If California privacy laws apply, you may have rights to know, delete, and correct personal information, and to non-discrimination for exercising your rights.
11. International Transfers
Data may be processed in countries different from your own. Where required, we rely on contractual and organizational safeguards for cross-border transfers.
12. Children
Kardex is not intended for children under the minimum digital consent age in their jurisdiction. If we learn that data was collected from a child in violation of applicable law, we will take steps to delete it.
13. Policy Updates
We may update this Privacy Policy over time. The "Last updated" date indicates the current version. Continued use after updates means you accept the revised policy.
14. Contact
For privacy requests or questions, contact: appkardex@gmail.com