Privacy Policy

This Privacy Policy explains how Grailry (“Grailry,” “we,” “us”) collects, uses, and shares information when you use the Grailry mobile app and related services (the “Service”). By using the Service you agree to this Policy.

1. Information we collect

• Account information. When you create an account we store an email address (or, for guest accounts, an anonymous identifier) and authentication data. You may sign in with Apple or Google, which provides us a basic identifier.
• Collection data. The cards you add to your vault, including card identity, quantity, condition/grade, your optional purchase price, notes, and valuation history.
• Card images. When you scan a card, the photo you capture is sent to our servers and to our AI identification provider to recognize the card. We do not use your images to identify you.
• Purchase data. If you subscribe to Grailry Plus or buy scan packs, our payments provider records the transaction and entitlement status. We do not receive or store your full payment card number — that is handled by Apple or Google.
• Usage & device data. Basic app analytics (which features are used, conversion events) and crash diagnostics to keep the app working. We do not collect precise location.
• Messages. If you use in-app chat (support, community channels, or direct messages), we store those messages to deliver the feature and for safety moderation.

2. How we use information

• To provide the core features: identifying cards, valuing your collection, syncing your vault, and processing purchases.
• To operate gamification (XP, quests, leaderboards) and optional public vault sharing — sharing is off by default and only enabled when you opt in.
• To send you notifications you have enabled, such as price-drop alerts.
• To keep the Service secure, prevent abuse, and comply with law.
• To understand and improve the product through aggregate analytics.

3. Third-party services

We share information only with service providers that help us run Grailry:

• Supabase — hosting, database, and authentication.
• Anthropic — AI processing of scanned card images for identification. Images are processed to return card details and are not used by us to build advertising profiles.
• RevenueCat — subscription and purchase management.
• Apple / Google — sign-in and in-app payments.
• Cloudflare Turnstile — bot/abuse protection at sign-in.
• Sentry — crash and error diagnostics (configured to not send personal identifiers).
• Card pricing sources (e.g. Scryfall, PriceCharting, YGOPRODeck) — we query these for market prices using card identifiers only; we do not send them your personal information.

We do not sell your personal information.

4. Data retention & deletion

We keep your information for as long as your account is active. You can delete your account at any time from Settings → Account in the app, which removes your profile, vault, and associated data. Abandoned empty guest accounts are purged automatically. After deletion, residual copies may persist in encrypted backups for a limited period before being overwritten. To request deletion by email, contact privacy@grailry.com.

5. Your rights

Depending on where you live (e.g. the EEA/UK under GDPR, or California under CCPA/CPRA), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise most of these in-app, or email privacy@grailry.com. We will respond within the timeframe required by applicable law. You may also lodge a complaint with your local data protection authority.

6. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us data, contact us and we will delete it.

7. Security

We use industry-standard measures including encryption in transit, row-level access controls so you can only access your own data, and least-privilege server access. No method of transmission or storage is 100% secure, but we work to protect your data.

8. International transfers

Your information may be processed in countries other than your own, including the United States. Where required, we rely on appropriate safeguards for such transfers.

9. Changes

We may update this Policy. We will post the new version here with an updated date and, for material changes, notify you in-app.

10. Contact

Questions about this Policy? Email privacy@grailry.com.