Last updated: June 26, 2026
This Privacy Policy explains how Kantei Technologies, Inc.("we", "us", or "our") collects, uses, and protects your information when you use CardIndex ("the Service") — including the website at https://www.cardindex.co and the CardIndex iOS app.
When you create an account we collect your email address and a hashed password. Email is used to identify you, send transactional messages (password reset, watchlist alerts you opt into), and contact you about the Service.
Cards you add to your collection, watchlist entries, portfolio snapshots, scans, and any notes you save are stored against your account so we can render them back to you.
The CardIndex iOS app uses your device camera only when you tap "Scan" to identify a card. Camera frames are processed to detect the card and the resulting image is sent to our servers for matching. We do not access the camera in the background and we do not access your photo library, microphone, location, contacts, calendar, or health data.
When a scan does not match a card, we occasionally upload the photo of that failed scan to our servers and retain it to diagnose problems and improve the accuracy of our card recognition. The image is stored on its own, with no account, personal, or device information attached — it is completely anonymous. These images are only used to improve the Service — they are never used to advertise to you and are never sold. You can turn this off at any time in the iOS app under Profile → Scanner preferences; with it disabled, photos of failed scans are not uploaded or kept.
We collect standard server logs (IP address, user agent, request path, response status) to operate, secure, and debug the Service. On the website we use Google Analytics 4 and Vercel Analytics to understand which pages are used and how performance behaves. The iOS app reports crash/diagnostic data through Apple's standard reporting only when you opt in via iOS Settings.
We do not use the iOS App Tracking Transparency framework because we do not track you across other companies' apps and websites, and we do not run third-party advertising SDKs. We do not sell or rent your personal information.
For the CardIndex iOS app, the following data is collected and linked to your account, used for App Functionality and Analytics only. None of it is used to track you across other apps.
The camera is used in-session for scanning. We do not retain camera images, except that — unless you opt out in the app's scanner preferences — a photo of a scan that fails to match may be uploaded anonymously, with no account or device information attached, to help us improve card recognition.
We rely on a small set of vendors to run the Service. Each receives only the data needed to perform its function:
We retain account data for as long as your account is active. You can delete your account at any time directly in the CardIndex iOS app (Profile → Settings → Delete Account), from your profile settings on the website, or by emailing support@cardindex.co.
When you delete your account from within the iOS app, all of your data — including your email address, hashed password, collection, watchlist, portfolio history, and saved scans — is permanently and irreversibly deleted from our servers. This action cannot be undone, and we do not retain a copy or backup of your account data afterward. Account deletions requested through the website or by email are processed the same way and completed within 30 days.
Server logs and aggregate, non-identifying analytics are retained for up to 90 days for security and operations, and any disclosures we are legally required to keep are retained only as long as the law requires.
Depending on where you live (EEA, UK, California, etc.) you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. To exercise any of these rights, email support@cardindex.co. We will respond within 30 days.
CardIndex is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.
We use HTTPS in transit, encrypted storage at rest, Argon2id password hashing, and short-lived authentication tokens. No system is perfect — if you discover a security issue, please email support@cardindex.co.
We will update this Privacy Policy as the Service evolves. Material changes will be posted here, and the "Last updated" date at the top will reflect the most recent revision. Continued use of the Service after changes indicates acceptance of the revised policy.
Kantei Technologies, Inc., operator of CardIndex, can be reached at support@cardindex.co for any privacy-related question or request.