Last Updated: June 12, 2026

1. Information We Collect

To provide card management services, image recognition, and process premium subscriptions, we collect the following data:

• Account Information: User ID, Email Address, and authentication identifiers. If you choose to register or log in using Google Authentication, we receive basic public profile information provided by Google (such as your unique Google ID and verified email address) to authenticate your identity.
• Account Security: Mandatory Email Verification status to authenticate traditional email registrations.
• Camera and Image Data: Access to your device's camera is required to capture images of physical cards for our recognition feature. Captured card images are transmitted securely to our backend server, where they are converted and matched against our vector database for card identification. These images are processed instantaneously for matching purposes and are automatically and permanently deleted immediately after the scan is complete. We do not save, store, or harvest your images.
• Subscription & Purchase Metadata: Order IDs and transaction status provided by Google. We do not store your credit card or direct financial details; all payments are securely handled by the Google Play Store.

2. Data Use and Legal Basis

We process your personal data under the following legal frameworks (including the HK PDPO and GDPR):

• Performance of a Contract: Managing your Advance or Professional User account, hosting your cloud-synced collection inventories, executing backend vector scanning queries, and providing core search features.
• Legitimate Interests: Ensuring platform security via email or third-party (Google) authentication verification and optimizing image recognition accuracy.

3. Data Sharing, Infrastructure, and Third Parties

• No Commercial Data Selling: We do not sell, rent, or trade your personal email, scanned images, or collection identity data to third parties.
• Authentication Services: When using Google Auth, authentication token verification is securely processed via Google’s identity servers.
• Cloud Infrastructure and Backend: Your inventory data and account credentials are securely transmitted to and stored within our trusted cloud database infrastructure provider. This data is hosted securely in compliance with strict industry access controls.
• Payment Processors: Transaction metadata is securely handled directly by Google to manage your premium subscriptions.

4. Data Retention and Account Deletion

• User-Initiated Deletion: You possess the right to permanently delete your account at any time via the dedicated delete function inside the App settings or by sending an explicit deletion request to support@cardnx.com. Upon triggering a deletion request, all personal data, linked third-party authentication mappings, and saved card inventories associated with your User ID will be completely purged from our database backend within 30 days.
• Inactivity Purge Policy: To minimize unnecessary data storage, any account that remains entirely inactive for a continuous period exceeding six (6) months will be automatically and permanently removed from our backend servers, along with all associated card collections.

5. Contact and Corporate Information

For inquiries regarding this Privacy Policy, please contact our Compliance Team:

• Email: support@cardnx.com
• Operator: CardNX Limited