← Back to home

Privacy Policy

Last Updated: March 24, 2026

Slabox (“we,” “our,” or “the app”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our iOS application.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted and securely stored)
  • User profile information (username, optional avatar)

1.2 Collection Data

When you use Slabox, we store:

  • PSA certificate numbers
  • Card titles and grades
  • Card images (URLs from PSA or Pokemon TCG API)
  • Purchase prices and dates
  • Personal notes about your cards
  • Custom tags and organization preferences

1.3 Usage Data

We automatically collect:

  • App version and device information
  • Login timestamps
  • Feature usage statistics (anonymized)
  • Crash reports and error logs

1.4 Third-Party Data

We retrieve publicly available data from:

  • Pokemon TCG API: Card information, set details, and images
  • PokemonPriceTracker: Market pricing data
  • CardMarket API: Alternative pricing data
  • PokeDATA.io: Additional pricing information

2. How We Use Your Information

We use the collected information to:

  • Provide core functionality: Store and sync your card collection across devices
  • Display pricing data: Fetch real-time market values for your cards
  • Improve the app: Analyze usage patterns to enhance user experience
  • Communicate with you: Send important updates about the app (opt-out available)
  • Ensure security: Protect against unauthorized access and fraud

3. Data Storage and Security

3.1 Infrastructure

  • All data is stored on Supabase (a secure, privacy-focused backend platform)
  • Data is encrypted in transit (HTTPS/TLS) and at rest
  • Database access is restricted to authenticated users only

3.2 Password Security

  • Passwords are hashed using industry-standard algorithms
  • We never store plaintext passwords
  • We cannot retrieve your password (only reset it)

3.3 Data Retention

  • Account data is retained as long as your account is active
  • Deleted accounts are permanently removed within 30 days
  • Backup data is retained for disaster recovery purposes only

4. Third-Party Services

Slabox integrates with the following third-party services:

Supabase (Backend & Authentication)

Purpose: User authentication and data storage

Data Shared: Email, encrypted password, collection data

Privacy Policy: supabase.com/privacy

Pokemon TCG API

Purpose: Retrieve card information and images

Data Shared: Card IDs only (no personal information)

Website: pokemontcg.io

Note: These third-party services operate independently. We are not responsible for their privacy practices.

5. Data Sharing

We do not sell, rent, or trade your personal information to third parties.

We may share data only in the following limited circumstances:

  • With your consent: When you explicitly authorize sharing
  • For legal compliance: If required by law, court order, or government request
  • To protect rights: To enforce our Terms of Service or protect against fraud

6. Your Privacy Rights

You have the right to:

6.1 Access Your Data

Request a copy of all personal data we hold about you.

6.2 Correct Your Data

Update or correct inaccurate information in your account settings.

6.3 Delete Your Data

Delete your account and all associated data at any time:

  1. Open Slabox
  2. Go to Settings → Account
  3. Tap “Delete Account”
  4. Confirm deletion

All data will be permanently removed within 30 days.

6.4 Export Your Data

Download a copy of your collection data in JSON format.

6.5 Opt-Out of Analytics

Disable anonymous usage tracking in Settings → Privacy.

7. Children's Privacy

Slabox is rated 4+ and does not knowingly collect personal information from children under 13 without parental consent. If you believe a child has provided personal information, please contact us, and we will delete it promptly.

8. International Users

Slabox is available worldwide. Your data may be transferred to and stored in:

  • United States (Supabase infrastructure)
  • European Union (if using EU Supabase region)

By using the app, you consent to this transfer.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

  • The "Last Updated" date will be revised
  • We will notify you via in-app notification or email
  • Continued use of the app constitutes acceptance of the updated policy

10. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: hwangdev97@gmail.com

11. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

  • Contract performance: To provide the services you requested
  • Legitimate interests: To improve the app and prevent fraud
  • Consent: For optional features like analytics (you can withdraw consent anytime)
  • Legal obligation: To comply with applicable laws

12. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: What personal information we collect and how it's used
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: Opt-out of the sale of personal information (we do not sell data)
  • Non-discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at hwangdev97@gmail.com.