Your data

Privacy Policy 🔒

The short version: this site is self-hosted, collects only what it needs to run your binder, shows no ads, and sells nothing to anyone.

What we collect

Account details — your chosen username, email address and a securely hashed password (we can never see the password itself). Your email is used only for login and password resets — no newsletters, no marketing.

Your binder — the cards you save, their quantities, conditions and any purchase prices you enter. Your binder is private: other collectors cannot see it. The site administrator can access all site data for maintenance.

Technical basics — standard web server logs (IP address, pages requested) kept briefly for security, and temporary rate-limiting counters to prevent abuse. No advertising or analytics trackers are used.

Photos you scan

When you scan a card, your photo is sent to Google’s Gemini AI service for identification, then discarded — the photo itself is not saved on this site or added to your binder. Google processes it under its own API terms. Don’t include things you wouldn’t want processed (faces, documents, addresses) in the frame.

The card images shown in your binder are official catalogue images fetched from the Pokémon TCG API — not your photos.

Third-party services

To do its job, the site talks to a small number of outside services:

Google Gemini — AI identification of scanned photos.
Pokémon TCG API (pokemontcg.io) — card data, images and TCGplayer market prices. Only card names/numbers are sent — never your personal details.
Frankfurter.app — USD→AUD exchange rates (no personal data sent).
Google Fonts — the site’s typefaces; your browser requests these from Google’s servers, which sees your IP address.
eBay / TCGplayer links — optional external links; their own privacy policies apply once you leave this site.

Cookies

Only WordPress’s standard login cookies, used to keep you signed in. No advertising or cross-site tracking cookies. If you don’t log in, the site sets essentially nothing.

Where your data lives & your rights

This site is self-hosted on the owner’s own server in Australia — your binder isn’t stored with a big hosting company or sold to data brokers. Reasonable security measures are in place (HTTPS, hashed passwords), though no website can promise perfect security.

You can ask the site owner at any time to see the data held about you, correct it, or delete your account and binder entirely — deletion removes your cards and account details from the database.

This policy may be updated occasionally; significant changes will be noted on this page.