Bindex Legal

Public legal documents for Bindex

View the Project on GitHub sanderhu123/bindex-legal

Privacy Policy

Effective date: April 25, 2026 Last updated: April 25, 2026

This Privacy Policy explains how Bindex (“we”, “us”, “our”, or “the app”) collects, uses, and protects your information when you use the Bindex mobile application (“Service”) on iOS or Android.

By using Bindex, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

  1. Who We Are Bindex is a mobile application that helps users track their Pokémon Trading Card Game (TCG) collections.

For any privacy-related questions, requests, or complaints, you can contact us at:

Email: admin@bindexofficial.com

  1. Information We Collect We only collect the information needed to provide the Service. We never sell your personal data.

2.1 Information you provide When you create an account or use the app, we collect:

Email address — used for sign-in, account recovery, and important account notifications. Password — stored only as a securely hashed value by our authentication provider; we never see your plaintext password. Display name (optional) — shown inside the app for your own profile. Collection data — the binders you create and the cards you mark as owned, missing, or extra. This includes any notes you add to cards. 2.2 Information collected automatically Authentication tokens — issued by our authentication provider so you stay signed in across sessions. Subscription / purchase status — if you purchase Bindex Pro, we receive a confirmation that your account is entitled to Pro features (no payment card details are ever sent to or stored by us). 2.3 Information we do not collect We deliberately do not collect:

Analytics about your in-app behavior. Crash reports or telemetry. Advertising identifiers (IDFA / GAID). Your device contacts, photos, microphone, or camera. Your precise or approximate location. Browsing history. The app does not use any third-party analytics, advertising, or crash-reporting services.

  1. How We Use Your Information We use the information we collect only to:

Create and manage your account. Sync your card collection across your devices. Allow you to sign in and recover your account. Process and verify in-app purchases (Bindex Pro). Respond to support requests you send us. Comply with applicable legal obligations. We do not use your data for advertising, profiling, or sale to third parties.

  1. Third-Party Services We Use Bindex relies on a small number of trusted third-party services strictly for the technical operation of the app. Each is listed below with a link to their own privacy policy.

Service Purpose Data shared Privacy policy Supabase Authentication and database hosting Email, hashed password, display name, your collection data https://supabase.com/privacy RevenueCat In-app purchase management An anonymous user identifier and your subscription / entitlement status https://www.revenuecat.com/privacy Apple App Store / Google Play Payment processing for Bindex Pro Handled directly by Apple or Google; we never see your payment details https://www.apple.com/legal/privacy/ · https://policies.google.com/privacy Pokémon TCG API / TCGdex Public catalog of Pokémon cards None — we only fetch card data, no personal data is sent https://pokemontcg.io · https://tcgdex.dev We do not share your personal data with any other parties.

  1. Where Your Data Is Stored Your account and collection data are stored on servers operated by Supabase, which uses cloud infrastructure within the European Union and other regions. Data may be transferred to and processed in countries outside your country of residence, including the United States. Where required by law (e.g., under the GDPR), such transfers are protected by appropriate safeguards such as Standard Contractual Clauses.

  2. How Long We Keep Your Data Active accounts: we keep your data for as long as your account exists. Deleted accounts: when you delete your account (see Section 8), all your personal data and collection data are permanently removed from our database within 30 days. Backups: routine encrypted backups may retain copies for up to 30 additional days before being overwritten. Purchase records: RevenueCat may retain anonymized purchase records longer for fraud prevention and legal/tax compliance, in line with their own policy.
  3. How We Protect Your Data All network traffic between the app and our servers is encrypted using HTTPS / TLS. Passwords are stored only as salted hashes by Supabase; we cannot read them. Access to your collection data is enforced at the database level using Row-Level Security policies, meaning even our backend cannot return another user’s data to you. We follow the principle of least privilege internally and limit who has administrative access to production systems. No system can be guaranteed 100% secure, but we take reasonable technical and organizational measures to protect your information.

  4. Your Rights Depending on where you live, you may have the following rights under data protection laws (including the EU/UK GDPR and similar laws in other jurisdictions):

Right to access — request a copy of the personal data we hold about you. Right to rectification — ask us to correct inaccurate data. Right to erasure — request deletion of your account and personal data. Right to restrict processing — ask us to limit how we use your data. Right to data portability — request your data in a machine-readable format. Right to object — object to processing in certain circumstances. Right to withdraw consent — where processing is based on consent. Right to lodge a complaint — with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl). To exercise any of these rights, email admin@bindexofficial.com. We will respond within 30 days.

Account deletion You can request account deletion at any time by emailing admin@bindexofficial.com from the email address associated with your account. We will permanently delete your account and all associated personal data within 30 days of confirming your identity.

  1. Children’s Privacy Bindex is not directed at children under 13 (or under 16 in jurisdictions where that is the applicable age of digital consent). We do not knowingly collect personal data from children below that age.

If you believe a child has provided us with personal data, please email admin@bindexofficial.com and we will delete the data promptly.

The app contains no in-app advertising and no behavioral profiling.

  1. Cookies and Tracking Bindex is a native mobile application and does not use cookies. The app does not track you across other apps or websites for any purpose.

  2. Changes to This Policy We may update this Privacy Policy from time to time, for example to reflect changes in the app, the law, or our service providers. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you in the app or by email.

Continued use of the Service after changes take effect means you accept the updated policy.

  1. Contact For any privacy-related questions, requests, or complaints:

Bindex Email: admin@bindexofficial.com