Privacy Policy

Effective date: Private Beta

This policy applies to the CardSphere AI private beta. Contact: privacy@cardsphereai.com or support@cardsphereai.com.

Overview

CardSphere AI is a local-first collector intelligence app for trading cards. It helps users scan cards, review OCR evidence, organize a collection, understand portfolio context, and optionally use cloud sync.

The app can be used without an account. Optional cloud features use Supabase only when the app is configured, the user signs in, and cloud sync is enabled.

Local-First Data

CardSphere AI may process and store the following data locally on the user's device:

  • Collection items, card metadata, condition details, quantities, and notes.
  • Scan history and scan/session metadata.
  • OCR observations, OCR evidence, and recognition feedback.
  • Watchlist items and local alert metadata.
  • App settings, preferences, and local diagnostics.

Local-only data is intended to stay on the device unless the user enables cloud sync or a future export/share feature.

Optional Cloud Sync

When Supabase is configured and the user signs in and enables cloud sync, CardSphere AI may process the following through the cloud:

  • Account email, display name, user ID, and generated device ID.
  • Collection item metadata.
  • Scan/session metadata.
  • OCR observations, recognition feedback, and scanner quality reports if synced.
  • Watchlist and alert metadata.
  • Sync queue, sync event, cursor, and conflict metadata.

Supabase is used as the optional Auth, Postgres, Row Level Security, Edge Function, and cloud-sync provider. The mobile app uses only the Supabase anon/publishable key. A Supabase service-role key must never be stored in the mobile app.

Camera And OCR Usage

CardSphere AI uses the camera to scan collectible cards only when the user chooses the camera scan flow. OCR is used after capture to extract card text and evidence for review.

In the current private beta plan, scan images are not uploaded to cloud storage by default. If image upload is enabled later, this policy must be updated before release.

Market Data And No-Scraping Policy

Market-data integrations are provider-aware foundations unless authorized credentials, partner access, or licensed datasets are configured. CardSphere AI does not scrape marketplaces. No marketplace checkout or payment flow is active in the private beta.

Data Sharing And Sale

CardSphere AI does not sell personal data.

Data may be processed by service providers necessary to operate the app, such as Supabase when cloud sync is enabled. Provider credentials are not stored in the mobile app.

User Controls And Deletion Requests

  • Users can use the app in local-only mode without signing in.
  • Users can sign out of cloud account features.
  • Users can keep cloud sync disabled.
  • Users can enable cloud sync only when they choose to.

During private beta, account and cloud data deletion requests can be sent to privacy@cardsphereai.com or support@cardsphereai.com.

Security

CardSphere AI is designed as local-first. Remote user-owned data is protected with Supabase Row Level Security policies. Data is transmitted over HTTPS when cloud features are used.

No system is perfectly secure. Users should avoid storing sensitive personal information in free-text card notes during beta testing.

Children

CardSphere AI is not targeted to children.

Independent Tool Disclaimer

CardSphere AI is an independent collector tool and is not affiliated with card publishers, grading companies, marketplaces, or pricing providers. AI/OCR output is informational and is not official grading, authentication, or financial advice.

Changes

This policy may change as the private beta evolves. Material changes should be reflected on this page.

Contact

Privacy questions: privacy@cardsphereai.com
Support questions: support@cardsphereai.com