TL;DR
Binder Boss is a local-first tracker. On the Free tier, every piece of collection data lives on your device in localStorage + IndexedDB — nothing leaves your browser. On Pro, your ownership rows sync to Supabase under your user ID with row-level security. We never sell, share, or monetize your collection data.
What we collect
- Email address (Pro sign-in only) — required for magic-link auth via Supabase. We use it solely to sign you in.
- Ownership rows (Pro cloud sync only) — variant IDs, owned flag, acquired-at timestamp, optional notes you type. Stored under your user ID with RLS so only you can read your own data.
- Subscription state (Pro only) — Stripe customer ID, subscription status, period end. Used to grant Pro features.
- Error reports — when something crashes, we send the error stack + minimal context to Sentry. PII fields (email, notes) are stripped before sending.
- Binder photos (only if you use photo identification) — uploaded to a private bucket only you can access, sent to our AI providers (Anthropic, Scrydex) once to identify the cards in frame, and auto-deleted within 7 days. Photos are never used to train models and never made public.
- Product usage events — first-party analytics (PostHog): which features get used (e.g. sign-up, checkout, sync), page performance, and anonymized usage patterns. Used only to improve the product — never sold, never shared with advertisers.
- Email for messages you opt into — waitlist + account lifecycle emails are sent via Resend to the address you signed up with. Every email has an unsubscribe path.
- Published binders — if you explicitly publish a binder, its contents (and your chosen username) become publicly viewable at your share link until you unpublish. Imagined cards are hidden or badged per your per-binder setting.
What we don't collect
- No advertising trackers or data brokers, ever — our analytics are first-party product metrics, not ad tech.
- No payment card details — Stripe handles payments end-to-end. We see only the subscription status, not card numbers.
- No location data, contacts, browsing history, or device identifiers.
Where data lives
- Your device —
localStorage(collection, binders, wishlist, theme preference, dismissed hints) + IndexedDB (cached card catalog). - Supabase (Pro tier) — US-East region. Postgres with row-level security; only your user ID can read your rows.
- Stripe(Pro tier) — subscription state + payment processing. Stripe's privacy policy applies for payment data.
- Sentry — error reports only. We can disable Sentry entirely by clearing the DSN env var.
- PostHog — product usage events (first-party analytics).
- Resend — outbound email delivery (waitlist + lifecycle messages).
- Anthropic + Scrydex (photo identification + AI suggestions only) — transient processing of the photo or card metadata you submit; nothing is retained for model training.
Your rights
- Export — go to /app/data and download your full ownership CSV anytime.
- Delete — reset all stored data from /app/data. Cancelling Pro removes your cloud-synced rows on request — email us.
- Access / correction— email us; we'll respond within 14 days.
Card data attribution
Pokemon card metadata (names, set lists, images, rarities) comes from the Scrydex API and the public pokemontcg.io API. Pokemon, the Pokemon TCG, and all related trademarks are property of The Pokemon Company International, Nintendo, Game Freak, and Creatures Inc. Binder Boss is a fan-made independent tool with no affiliation.
Contact
Privacy questions: privacy@binderboss.io (placeholder — to be activated at launch). Security disclosures: security@binderboss.io (see /.well-known/security.txt).
This is placeholder copy pending legal review. The substance reflects how the app handles data today, but exact wording will be revised before public launch.