Embedded Files
Privacy Policy for Trading Card Merchant (TCM)
Welcome to TCM (Trading Card Merchant), a mobile-first peer-to-peer marketplace owned by Faldryn Inc.. We are committed to protecting your privacy while providing a secure environment for trading physical cards.
1. Information We Collect
To provide our services, we collect information that you provide directly and data collected automatically through our infrastructure.
A. Information You Provide:
• Account Data: When you register, we collect your email address, username, and display name.
• Listing Data: Information about cards you sell, including card type, condition, price, and images.
• Communications: Content of chat messages sent through our real-time chat engine.
• Feedback: Screenshots and annotations provided via our in-app feedback tool, Wiredash.
B. Information Collected Automatically: We use Firebase Analytics (GA4) and Crashlytics to monitor app performance and user behavior. This includes:
• Device Information: Model, OS version, app version, and screen resolution.
• Usage Patterns: Session duration, frequency, and specific actions such as searches, listings viewed, and items added to wishlists.
• Demographics: General location (city-level), age, and interests.
• System Events: App launches, updates, and crashes (app_exception).
C. Precise Location Data: To facilitate "nearby" discovery, we collect your geographic location to perform server-side radius queries via PostGIS. This allows us to show you card listings close to your current position.
2. How We Use Your Information
We use the collected data for:
• Marketplace Functionality: Matching buyers and sellers based on location and search terms.
• Security & Trust: Powering our digital escrow system and real-time chat to bridge trust gaps.
• App Optimization: Analyzing crash reports and user flows to improve the experience.
• Anonymized Analytics: Tracking conversion metrics such as listing creations and successful chat starts.
3. Data Storage and Third-Party Services
We utilize a hybrid cloud architecture to ensure performance and security:
• Supabase: Manages our database (PostgreSQL), authentication, and real-time services.
• Cloudflare: Stores listing images and chat media in Cloudflare R2 and utilizes Cloudflare Workers for secure image processing.
• Google Firebase: Handles analytics and crash reporting.
• Wiredash: Used for in-app bug reporting and user feedback.
Note on PII (Personally Identifiable Information): We prioritize your privacy by using opaque/hashed User IDs (Supabase UUIDs) for analytics and crash reporting. We do not log user emails, names, or message content in our analytics events.
4. Data Retention and Deletion
TCM implements a soft delete policy:
• Account Deletion: When you delete your account, your email is anonymized (e.g., deleted_uid_timestamp@deleted.local), and your auth.users record is removed to allow for email reuse.
• Chat Preservation: To maintain the integrity of the marketplace for other users, chat history is preserved, but your identity will be displayed as "Deleted User".
• Listings: Deleted listings are marked with a timestamp and hidden from the public feed.
5. Security
We employ several security measures to protect your data:
• Row Level Security (RLS): We use PostgreSQL RLS to ensure users can only access data they are authorized to see.
• Secure Image Uploads: R2 storage credentials are never stored in the app; instead, they are managed via secure Cloudflare Worker secrets.
• JWT Authentication: All private requests are authenticated using Supabase JSON Web Tokens (JWT).
6. Your Rights
Depending on your location (e.g., GDPR or CCPA), you may have the right to access, correct, or delete your personal data. You can initiate account deletion directly within the app settings.
7. Contact Us
For any privacy-related inquiries or support, please contact Faldryn Inc. through our in-app support form or at the contact details provided in the app store listing
Page updated
Google Sites
Report abuse