Privacy Policy
Last updated: 11 July 2026
This policy explains what data Pikrmint (“we”, “us”) collects when you use the Pikrmint mobile and web apps and this website, how we use it, who we share it with and the choices you have. Questions or requests: support@pikrmint.com.
1. Data we collect
- Account data. Email address, username, an optional display name and a password (stored hashed, never in plain text). If you sign in with Google, we receive your email and basic profile from Google instead of a password.
- Scan photos. The photos you take of cards and slabs (front, back and detail shots). These are the core of the service — we store them so your collection has real images and results.
- Collection data. The cards you catalogue, values, the purchase prices you record, favorites, wishlist entries and portfolio history.
- Activity data. XP, achievements, challenges, streaks, follows and likes — the gamification and social features you use.
- Payment data. Subscriptions and one-time purchases are processed by Stripe. We never see or store your full card number; we keep only the subscription status and plan needed to run your account.
- Support messages. Emails you send to our support address.
- Technical data. Standard server logs (IP address, timestamps, requests) used for security and troubleshooting. This website sets no analytics or advertising cookies.
2. How we use your data
- To provide the service: identify cards, estimate condition and value, and keep your collection in sync across devices.
- To process payments and manage your plan's entitlements.
- To send transactional email, such as one-time password-reset codes.
- To keep the service safe: rate limiting, abuse prevention and debugging.
- To improve our AI — only if you opt in. Contributing scans to our recognition training data is controlled by an explicit, revocable consent toggle in the app. Without your consent, your scans are not used for training.
3. Who we share data with
We share data only with processors needed to run the service:
- Stripe — payment processing.
- Card-recognition partners (e.g. Ximilar). When our own pipeline can't confidently identify a card, the card photo may be sent to a specialist recognition API. Only the image is sent — never your name, email or account identity.
- Infrastructure providers — hosting, storage and email delivery.
Market pricing providers (such as Cardmarket and TCGplayer data sources) receive no personal data at all — price lookups are keyed by card, not by user. We do not sell your personal data.
4. What's public — and only if you choose
- Profile. Whether other collectors can find your profile is a toggle in Account Settings.
- Activity feed. Whether your milestones appear to followers is a toggle. Feed items never include the value of your cards.
- Leaderboards. Strictly opt-in. If you join, only your username and the board's metric are shown — never your full name or email.
- Shares and certificates. If you share a result card or mint a certificate, that specific card's page is publicly reachable by its link. Sharing is always your action.
5. Retention and deletion
We keep your data while your account exists. Deleting your account (Account Settings → Delete account) permanently removes your account, scans, images, collection, alerts and price history. If you previously contributed images to the recognition catalogue under the opt-in consent, those contributions are anonymous card photos with no link to your identity.
6. Your rights
Depending on where you live (including under the GDPR), you have the right to access, correct, export and erase your personal data, and to object to or restrict certain processing. Most of this is self-service in the app (profile editing, data export, account deletion); for anything else email support@pikrmint.com and we'll respond within 30 days.
7. Security
Data is encrypted in transit (TLS everywhere), passwords are stored hashed, and access to production systems is restricted. No system is perfectly secure — if we learn of a breach affecting your data we will notify you as required by law.
8. Children
Pikrmint is not directed at children under 13, and where local law sets a higher age of digital consent (up to 16 in parts of the EU), that higher age applies. We do not knowingly collect data from children below these ages.
9. Changes to this policy
We'll post any changes here and update the date at the top. Material changes will be announced in the app.
10. Contact
Pikrmint — support@pikrmint.com
