Listings
Listings
Listings

CardIndex

  • Cards
  • Sets
  • Listings
  • My Collection
  • Sign In
  • Sign Up

Tools

  • Card Watchlist
  • Value Checker
  • Cert Lookup

Company

  • About
  • Blog
  • Compare
  • Sitemap
  • Terms
  • Privacy

Mobile Apps

Join the waitlist for our mobile apps:

© 2026 Kantei Technologies, Inc. All rights reserved. CardIndex is a product of Kantei Technologies, Inc.
Analytics
VolumeMarket TrendsTop MoversRecent SalesTrending Cards
Pokemon
CardsSets
Analytics
VolumeMarket TrendsTop MoversRecent SalesTrending Cards
Listings
Pokemon
CardsSets
Analytics
VolumeMarket TrendsTop MoversRecent SalesTrending Cards
WatchlistMy Collection

Privacy Policy

Last updated: May 15, 2026

This Privacy Policy explains how Kantei Technologies, Inc.("we", "us", or "our") collects, uses, and protects your information when you use CardIndex ("the Service") — including the website at https://www.cardindex.co and the CardIndex iOS app.

1. Data We Collect

Account information

When you create an account we collect your email address and a hashed password. Email is used to identify you, send transactional messages (password reset, watchlist alerts you opt into), and contact you about the Service.

Collection & user content

Cards you add to your collection, watchlist entries, portfolio snapshots, scans, and any notes you save are stored against your account so we can render them back to you.

Camera (iOS app)

The CardIndex iOS app uses your device camera only when you tap "Scan" to identify a card. Camera frames are processed to detect the card and the resulting image is sent to our servers for matching. We do not access the camera in the background and we do not access your photo library, microphone, location, contacts, calendar, or health data.

Usage & diagnostics

We collect standard server logs (IP address, user agent, request path, response status) to operate, secure, and debug the Service. On the website we use Google Analytics 4 and Vercel Analytics to understand which pages are used and how performance behaves. The iOS app reports crash/diagnostic data through Apple's standard reporting only when you opt in via iOS Settings.

No tracking, no advertising

We do not use the iOS App Tracking Transparency framework because we do not track you across other companies' apps and websites, and we do not run third-party advertising SDKs. We do not sell or rent your personal information.

2. How We Use Your Data

  • To operate the Service (sign-in, sync your collection across devices, render your portfolio).
  • To send transactional email you opt into (password reset, watchlist price alerts).
  • To improve the Service via aggregate usage analytics.
  • To detect and respond to abuse, fraud, and security incidents.
  • To meet legal and tax obligations.

3. Apple App Privacy Categories

For the CardIndex iOS app, the following data is collected and linked to your account, used for App Functionality and Analytics only. None of it is used to track you across other apps.

  • Contact Info: Email address (account).
  • User Content: Cards in your collection, watchlist, portfolio snapshots, scans you save.
  • Identifiers: Account user ID. No IDFA is collected.
  • Diagnostics:Crash reports through Apple's standard reporting if you opt in.

The camera is used in-session for scanning and is not stored as a category of data — the resulting card match is saved as User Content if you choose to save it.

4. Service Providers

We rely on a small set of vendors to run the Service. Each receives only the data needed to perform its function:

  • Vercel — hosting, edge delivery, server logs, Vercel Analytics.
  • Google Analytics 4 — aggregate website usage analytics. IP anonymization is enabled.
  • Apple App Store — iOS app distribution and standard crash reporting.
  • Cloud database & object storage providers — to store account data, your collection, and uploaded scan images, all hosted in the United States.
  • Email delivery provider — to send password resets and watchlist alerts you opt into.

5. Data Retention & Deletion

We retain account data for as long as your account is active. You can delete your account at any time from your profile settings or by emailing support@cardindex.co. Deletion removes your email, collection, watchlist, portfolio history, and saved scans within 30 days. Server logs and aggregate analytics are retained for up to 90 days for security and operations.

6. Your Rights

Depending on where you live (EEA, UK, California, etc.) you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. To exercise any of these rights, email support@cardindex.co. We will respond within 30 days.

7. Children

CardIndex is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

8. Security

We use HTTPS in transit, encrypted storage at rest, Argon2id password hashing, and short-lived authentication tokens. No system is perfect — if you discover a security issue, please email support@cardindex.co.

9. Changes

We will update this Privacy Policy as the Service evolves. Material changes will be posted here, and the "Last updated" date at the top will reflect the most recent revision. Continued use of the Service after changes indicates acceptance of the revised policy.

10. Contact

Kantei Technologies, Inc., operator of CardIndex, can be reached at support@cardindex.co for any privacy-related question or request.