Privacy Policy

Last updated: June 26, 2026

Overview

River AI TCG is a Pokémon TCG card pricing and collection app. This Privacy Policy explains what information we collect when you use the River AI TCG mobile app, how we use it, and the choices you have. By using River AI TCG you agree to this policy.

This policy covers data and privacy. The prices, market-analysis "signals," and AI responses in the app are informational only and are not financial or investment advice — see Section 7 of our Terms of Service for that.

Information we collect

Account information

We use a third-party authentication provider for Sign in with Apple and Sign in with Google. When you create an account, that provider shares the following with us:

• Your email address
• Your name as provided by your OAuth provider
• Your avatar URL, if your provider supplies one
• A unique user identifier

We store these fields in our database and use them to identify you across sessions. We never see your password — that's handled by Apple or Google.

Subscription information

If you subscribe to River AI TCG Pro, the transaction is processed by the Apple App Store or Google Play and managed by a third-party subscription-management service. We don't see or store your payment card. The subscription-management service shares the following with us:

• An anonymous customer ID linked to your account
• Your subscription status, tier, and renewal or expiry dates

Card scanning images

When you use the camera scan feature, the image is captured locally, encoded, and sent to our backend. The backend forwards a resized version to a third-party AI provider for card identification. Neither the app nor our backend retains the image after the analysis completes.

Card images displayed in the app

The card artwork and product photos you see in the app are loaded directly from third-party image hosts (the image servers of our market-data provider and the marketplaces it aggregates), rather than from our own servers. When your device loads one of these images, the hosting service receives your device's IP address and standard request information, as it would for any image on the internet. We don't control those hosts' logging; their own privacy policies apply.

Chat content and collection context

When you chat with the in-app AI assistant ("River"), your messages and the conversation history are sent to our backend. If you choose to share a snapshot of your collection, that snapshot is sent with the request. The backend forwards them to a third-party AI provider to generate the response, which is streamed back to you. We do not store chat messages, conversation history, or collection snapshots on our backend after responding.

Server logs

Our backend writes operational logs to local files. These may include request timestamps, endpoint paths, AI token-usage counts, user identifiers, and error stack traces (which can incidentally contain message snippets in development environments). We do not currently use third-party log-aggregation or error-tracking services.

Information we do NOT collect

We've designed River AI TCG to minimize data collection. We do not:

• Run analytics or tracking SDKs
• Collect your location, contacts, microphone audio, or photo library
• Track you across other apps or websites
• Use advertising identifiers, fingerprinting, or marketing cookies
• Persist your chat history, search history, or scanned card images on our servers

Data stored only on your device

Your collections, chat history, prices paid, and condition preferences are stored in a local database on your device. This data only leaves your device when you explicitly attach a collection snapshot to a chat request. We do not back it up to our servers automatically — if you uninstall the app or wipe the device, that data is gone.

Third-party services

River AI TCG relies on the following categories of providers. Each has its own privacy policy, which governs how they handle data we share with them:

• Authentication providers (e.g., Apple and Google sign-in)
• Payment processors (e.g., Apple App Store and Google Play)
• A subscription-management provider
• An AI provider for chat responses and card-image analysis
• A pricing-data provider that aggregates data from major TCG marketplaces
• A database provider for user-profile storage
• Mobile app build and delivery infrastructure

About AI training. We use our AI provider's paid API. Under that API's terms, the content we send it — your chat messages, any collection snapshot you attach, and card-scan images — is processed only to generate a response for you and is not used to train or improve the provider's general models. The provider may retain inputs transiently for abuse and safety monitoring as described in its API terms. We'll update this policy if our configuration changes.

How we use your information

• To operate the app — sign you in, fetch pricing, run AI features
• To process subscriptions and unlock entitlements
• To communicate with you about service issues, security, and material changes
• To prevent fraud, abuse, and Terms violations

Sharing and disclosure

We share information with the third-party services listed above to operate the Service. We may also disclose information when required by law, subpoena, or valid government request; when necessary to enforce our Terms or protect rights and safety; or in connection with a business transfer such as a merger, acquisition, or sale of assets. We do not sell your personal information.

Data retention and deletion

• Profile data — retained until you request deletion
• Server logs — retained for operational purposes; rotated periodically
• Pricing cache — up to 24 hours
• Chat messages and collection snapshots in transit — discarded once the response is returned

We don't currently have an in-app account-deletion button. To delete your account and the associated profile, email [email protected] and we'll process the request within 30 days.

Your rights

Depending on where you live, you may have rights under GDPR, CCPA, or other privacy laws, including:

• The right to know what personal data we hold about you
• The right to correct inaccurate data
• The right to deletion ("right to be forgotten")
• The right to data portability
• The right to opt out of any "sale" of personal information (we don't sell)
• The right to withdraw consent where processing is based on consent

To exercise any of these rights, email [email protected]. We'll verify your identity and respond within statutory timeframes.

Children's privacy

River AI TCG is not intended for children under 13 (or under 16 in the EU and UK). We do not knowingly collect data from anyone under those ages. If you believe a child has provided us information, contact us and we'll delete it promptly.

International users

River AI TCG is operated from the United States. If you use the Service from outside the US, your information will be transferred to and processed in the US. By using River AI TCG you consent to that transfer.

Security

All traffic between the app and our backend uses HTTPS/TLS. Authentication tokens are stored on-device using the OS keychain on iOS and encrypted secure storage on Android. We use industry-standard practices, but no system is 100% secure — keep the OAuth account you use to sign in protected with a strong password and two-factor authentication.

Changes to this policy

We may update this policy as the Service evolves. Material changes will be posted in-app and on this page with a new "Last updated" date. Continued use after the change means you accept the updated policy.

Contact us

Questions about privacy? Email [email protected].