Privacy Policy

Privacy Policy for Trading Card Merchant (TCM)

Welcome to TCM (Trading Card Merchant), a mobile-first peer-to-peer marketplace owned by Faldryn Inc.. We are committed to protecting your privacy while providing a secure environment for trading physical cards.

1. Information We Collect

To provide our services, we collect information that you provide directly and data collected automatically through our infrastructure.

A. Information You Provide:

• Account Data: When you register, we collect your email address, username, and display name.

• Listing Data: Information about cards you sell, including card type, condition, price, and images.

• Communications: Content of chat messages sent through our real-time chat engine.

• Feedback: Screenshots and annotations provided via our in-app feedback tool, Wiredash.

B. Information Collected Automatically: We use Firebase Analytics (GA4) and Crashlytics to monitor app performance and user behavior. This includes:

• Device Information: Model, OS version, app version, and screen resolution.

• Usage Patterns: Session duration, frequency, and specific actions such as searches, listings viewed, and items added to wishlists.

• Demographics: General location (city-level), age, and interests.

• System Events: App launches, updates, and crashes (app_exception).

C. Precise Location Data: To facilitate "nearby" discovery, we collect your geographic location to perform server-side radius queries via PostGIS. This allows us to show you card listings close to your current position.

2. How We Use Your Information

We use the collected data for:

• Marketplace Functionality: Matching buyers and sellers based on location and search terms.

• Security & Trust: Powering our digital escrow system and real-time chat to bridge trust gaps.

• App Optimization: Analyzing crash reports and user flows to improve the experience.

• Anonymized Analytics: Tracking conversion metrics such as listing creations and successful chat starts.

3. Data Storage and Third-Party Services

We utilize a hybrid cloud architecture to ensure performance and security:

• Supabase: Manages our database (PostgreSQL), authentication, and real-time services.

• Cloudflare: Stores listing images and chat media in Cloudflare R2 and utilizes Cloudflare Workers for secure image processing.

• Google Firebase: Handles analytics and crash reporting.

• Wiredash: Used for in-app bug reporting and user feedback.

Note on PII (Personally Identifiable Information): We prioritize your privacy by using opaque/hashed User IDs (Supabase UUIDs) for analytics and crash reporting. We do not log user emails, names, or message content in our analytics events.

4. Data Retention and Deletion

TCM implements a soft delete policy:

• Account Deletion: When you delete your account, your email is anonymized (e.g., deleted_uid_timestamp@deleted.local), and your auth.users record is removed to allow for email reuse.

• Chat Preservation: To maintain the integrity of the marketplace for other users, chat history is preserved, but your identity will be displayed as "Deleted User".

• Listings: Deleted listings are marked with a timestamp and hidden from the public feed.

5. Security

We employ several security measures to protect your data:

• Row Level Security (RLS): We use PostgreSQL RLS to ensure users can only access data they are authorized to see.

• Secure Image Uploads: R2 storage credentials are never stored in the app; instead, they are managed via secure Cloudflare Worker secrets.

• JWT Authentication: All private requests are authenticated using Supabase JSON Web Tokens (JWT).

6. Your Rights

Depending on your location (e.g., GDPR or CCPA), you may have the right to access, correct, or delete your personal data. You can initiate account deletion directly within the app settings.

7. Contact Us

For any privacy-related inquiries or support, please contact Faldryn Inc. through our in-app support form or at the contact details provided in the app store listing

1. Introduction and Scope

This Privacy Policy describes how Faldryn Inc. ("we," "us," or "our") collects, uses, and discloses your personal information. This policy is designed to meet global standards, including the GDPR and CCPA.

2. Information We Collect

We prioritize data minimization by using hashed and opaque identifiers wherever possible.

A. Information You Provide (Directly):

• Account Information: Email, username, and display name.

• Marketplace Content: Card listings (price, condition, images).

• Communications: Real-time chat messages.

• Support & Feedback: Data provided via Wiredash (screenshots, annotations).

B. Automatically Collected Data:

• Opaque Identifiers: We use Supabase UUIDs as hashed/opaque User IDs to prevent the exposure of PII (Personally Identifiable Information) in our analytics and crash reporting.

• Usage Analytics: Through Firebase GA4, we track events like search, view_item, and add_to_wishlist.

• Performance Data: Firebase Crashlytics automatically logs app exceptions with recent user actions (e.g., screens viewed before a crash) to improve stability.

• Device Metadata: Model, OS version, and screen resolution.

C. Geolocation Data:

• To facilitate local discovery, we collect your precise location to perform server-side radius queries via PostGIS. You may enable or disable this via your device settings.

3. Legal Bases for Processing (GDPR Compliance)

We process your data under the following legal bases:

• Contractual Necessity: To provide the marketplace, escrow services, and chat functionality.

• Legitimate Interests: To improve app performance via analytics and to secure the platform against fraud.

• Consent: For precise geolocation and optional feedback via Wiredash.

4. Your Rights (GDPR & CCPA)

Under the GDPR and CCPA, you have the following rights:

• Right to Access/Know: You can request a summary of the categories of data we collect and how it is used.

• Right to Deletion (Right to be Forgotten): You may delete your account at any time.

• Right to Opt-Out: You can opt-out of non-essential data collection via app settings.

• Right to Non-Discrimination: We will not deny you service or provide a different quality of service for exercising your privacy rights.

5. Data Retention and Soft-Delete Policy

We implement a soft-delete protocol to maintain the integrity of the marketplace while protecting your privacy.

• Account Deletion: Your email is anonymized (e.g., deleted_{user_id}_{timestamp}@deleted.local) and your auth.users record is removed to allow for future email reuse.

• Chat Preservation: To protect other users' transaction records, chat history is preserved but your identity is masked as "Deleted User".

• Listing Visibility: Deleted listings are marked with a timestamp and hidden from public search.

6. Data Security

We employ industry-leading security to protect your data in transit and at rest:

• Encryption: All data is transmitted via HTTPS and secured using JWT (JSON Web Tokens).

• Identity Protection: All security-critical database functions use auth.uid() to verify your identity from the server side, preventing impersonation.

• Row Level Security (RLS): PostgreSQL policies ensure you can only access your own private data and chats.

7. Third-Party Service Providers

We share anonymized or necessary data with:

• Supabase: For database, auth, and real-time infrastructure.

• Cloudflare: For secure image storage (R2) and edge processing.

• Google Firebase: For analytics and crash reporting.

• Wiredash: For user-initiated feedback and bug reports.

8. Contact Information

For privacy-related inquiries or to exercise your rights, please contact the Faldryn Inc. team through the in-app support form or email at tcm@faldryn.com.