Privacy Policy

Who we are

Midpoint - Card Centering Tool ("we", "us", or "our") is operated by I Lov Guitars Inc.. This policy applies to the Midpoint - Card Centering Tool mobile app for iOS and Android (the "App") and our website at https://www.cardcenteringtool.com (the "Site"), together the "Service". By using the Service you consent to the practices described here.

Midpoint - Card Centering Tool is a measurement tool for trading-card collectors. It is NOT a grading service, NOT affiliated with PSA, BGS, CGC, TAG, Nintendo, or The Pokémon Company, and its grade estimates are informational only — they are not predictions of what any grading company will award.

Information you give us

• Email and OAuth profile. When you sign in with Google or Apple, your provider gives us your email address, a unique user ID, and (optionally) your display name. We store this so we can authenticate you and send transactional messages. If you use Apple's Hide-My-Email relay, we only receive the relay address.
• Card photos. Photos you capture with your camera or pick from your photo library are processed to detect the card edge and inner print frame. See "Card photos, camera & photo library" below for how they are stored and deleted.
• Card metadata. When you save a card we store the measured bounding boxes, any name or notes you typed, and the AI surface scan output.
• Support messages. If you contact support from the App or by email, we receive the message and the reply-to email you provide so we can respond.
• Billing email. If your sign-in email is a private relay alias, we may ask for a reachable email during a website checkout so the payment processor can deliver a receipt.

Card photos, camera & photo library

The App asks for camera and photo-library access for a single purpose: to let you capture or select photos of trading cards to measure. We do not access your camera or library for any other reason, and we do not scan, index, or upload other photos on your device.

• What we collect. Only the card photos you choose to capture or select, plus the measurement data derived from them.
• How they are used. Photos are analyzed to find the card and print-frame edges, compute a centering measurement, run the AI cleanup pass (background removal + straightening), and run the surface analysis. The cropped card image is sent to our AI providers as part of this pipeline (see "Third parties").
• Where they are stored. Uploaded images and saved cards are stored in Supabase's secure managed cloud storage.
• Retention. A photo is kept only when you save the card; otherwise the upload is discarded after analysis. Bulk-upload raw files are removed once each card is processed (or the batch is cancelled). See "Data retention" below.
• Sharing. Your card photos are never sold and are not shared with anyone except the AI providers used to process them in AI mode. We do not use your photos to train AI models.
• Your control. You can delete any saved card or photo at any time in the App, and "Delete my account" removes all of them at once. Once deleted, the data cannot be recovered.

Information collected automatically

• Usage analytics. We use PostHog (App and Site) and Plausible (Site) to count screen/page views, see which features are used, and diagnose errors. PostHog may also record anonymized session replays with form inputs masked.
• Device & app data (mobile). Device model, operating-system version, app version, language, and unique device identifiers, plus in-app events (screens viewed, actions taken) used to operate and improve the App.
• Crash & diagnostics. We use Firebase Crashlytics to collect crash logs and error reports so we can fix problems.
• Attribution & advertising identifiers (mobile). With your permission, granted via Apple's App Tracking Transparency (ATT) prompt on iOS or your device's ads-personalisation setting on Android, the App accesses your advertising identifier (IDFA on iOS, Google Advertising ID on Android) and shares it with AppsFlyer and the Meta SDK to measure which marketing campaigns led you to install or subscribe. If you decline ATT, the App functions normally and we do not associate your device identifier with third-party data. See the dedicated "App Tracking Transparency (iOS)" section below for the full breakdown.
• Device fingerprint (website). On website signup we compute a browser-fingerprint hash via the open-source FingerprintJS library, used only to stop the same device from re-claiming free trial credits with multiple emails. We do not sell or share it.
• Server logs. Standard request logs (IP address, user agent, path, status, timestamp) are retained for ~30 days for debugging and abuse prevention.

How we use your information

• To authenticate you and keep your saved cards available.
• To run the centering analysis, the surface inspection, and the AI-cleanup pass that removes the background and straightens the card. Each analysis sends your card image to our model providers — see "Third parties" below.
• To process subscription purchases — through the Apple App Store on iPhone, or Stripe on the website, both routed via RevenueCat.
• To send transactional messages (receipts, security alerts) and to respond to support requests.
• To measure marketing performance and improve the product based on aggregated usage signals.

We do not use your card images to train AI models and we do not sell your personal information.

App Tracking Transparency (iOS)

On iPhone the first time you open the App, before any tracking data is collected, iOS shows Apple's App Tracking Transparency (ATT) prompt asking whether you allow Midpoint - Card Centering Tool to track your activity across other companies' apps and websites.

What "tracking" means here. Linking data collected from this App (your device identifier and install / subscription events) with data collected by other companies' apps or websites for the purpose of targeted advertising or advertising measurement, or sharing it with a data broker. Tracking is strictly an opt-in marketing measurement use — it never affects which features of the App you can use or the functionality of the centering analysis.

If you tap "Allow". We access your iOS advertising identifier (IDFA) and forward a small set of install + subscription events (timestamp, country, locale, campaign source if known, subscription product and revenue amount) to AppsFlyer and the Meta SDK so we can attribute installs to the marketing campaign that brought you in and stop spending on campaigns that don't work. We do not share your email, card photos, saved cards, or any other content of your account.

If you tap "Ask App Not to Track". We do not collect your IDFA, AppsFlyer and Meta receive only non-identifying aggregate counters (if anything at all), and we make no attempt to fingerprint you for tracking. The App continues to work fully — every feature, every measurement, every saved card, every subscription option remains available.

Changing your mind. You can revoke or grant tracking permission any time in iOS Settings → Privacy & Security → Tracking →Midpoint - Card Centering Tool, or by resetting tracking entirely in Privacy & Security → Tracking → Allow Apps to Request to Track.

Android. Android does not present an ATT prompt — it uses its own ads-personalisation system. You can reset your Google Advertising ID or opt out of personalised ads in Settings → Privacy → Ads. We honour that setting the same way ATT "deny" is honoured on iOS.

Children. The App is not directed at children under 13 and we do not knowingly track children.

Advertising & analytics partners

When you have granted ATT permission (or are on Android and have not opted out of personalised ads), we share limited campaign-measurement data — advertising identifier, install and subscription events, and revenue amount — with these partners solely to measure marketing performance:

• AppsFlyer — mobile attribution. Tells us which ad placement drove an install or subscription.
• Meta SDK (Facebook / Instagram ads) — campaign measurement for the Meta Audience Network.

We do not sell your personal information, and we do not share your account email, uploaded card photos, saved cards, or measurement results with any advertising partner.

Third parties we use

• Supabase — authentication, database, and image storage, in their managed cloud.
• Google Gemini & OpenAI — every analysis sends the cropped card photo to these models for background removal, straightening, and surface analysis. Per their public terms, they do not train on data submitted through their paid APIs.
• RevenueCat with the Apple App Store — in-app subscriptions on iPhone. Apple processes the payment; we never see your card number. Stripe processes subscription payments for the website only.
• Firebase Crashlytics — crash and error reporting.
• AppsFlyer and the Meta SDK — mobile attribution and marketing measurement.
• PostHog and Plausible — product analytics (see above).
• Coolify — website/application hosting.

Each provider has its own privacy policy; we recommend reviewing them.

Data retention

• Saved cards and uploaded images are kept until you delete them in the App or website, or until you delete your account.
• Unsaved uploads are discarded immediately after analysis completes. Bulk-upload raw files are removed once each card is processed (or when the batch is cancelled).
• Account data is removed within 7 days of you requesting account deletion from Settings.
• Billing records are retained by Apple, Google, or Stripe per their legal-retention obligations; we keep purchase audit rows for tax / accounting.

Your rights

You can request access to, correction of, or deletion of your personal information at any time. The fastest way to delete everything is the "Delete my account" control in Settings — it removes your profile, saved cards, uploaded images, and credit history in one shot. You can also delete individual cards and photos at any time. For anything else, email support@cardcenteringtool.com.

If you live in the EU/UK, you also have rights under GDPR. If you live in California, you have rights under CCPA. We honor those rights for all users regardless of jurisdiction.

Children

Midpoint - Card Centering Tool is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has signed up, email us and we will delete the account.

Changes to this policy

We will post any material changes to this page and update the "Last updated" date, and may also notify you in the App. Continued use after a change constitutes acceptance.

Contact

Questions, requests, or complaints — support@cardcenteringtool.com.

I Lov Guitars Inc.
1102-2250 Kennedy Road
Scarborough, Ontario, M1T 3G7, Canada