Privacy Policy

GemGrader is developed by Komohouse (“we”, “us”, “our”). This policy explains how the GemGrader iOS app and related services handle your data.

Account information: When you sign in with Apple, we receive your name (if you choose to share it), email address (which may be an Apple relay address), and an Apple user identifier. This data is stored securely in our authentication system powered by Supabase.

Card images:When you grade a card, photos of the front and back are captured by your device's camera. These images are sent to Google's Gemini API via our secure server for AI-powered condition analysis. Google processes these images transiently and does not retain them after the request completes. We do not store your card images on our servers.

Grading records:Your grading history (card name, grade, sub-grades, and card images) is stored locally on your device using Apple's SwiftData framework. If you have iCloud enabled, this data syncs to your personal iCloud account via CloudKit. We cannot access your iCloud data.

Purchase and token data: When you purchase a Grade Pass subscription or token pack, your purchase is processed by Apple through the App Store. We use RevenueCat to manage subscription status and entitlements. Your token balance, purchase history, and subscription status are stored in our Supabase database linked to your account.

Referral data: If you participate in our referral programme, we store your referral code and a record of successful referrals linked to your account. We do not share referral data with third parties.

PSA comparison data: If you log an actual PSA grade against a GemGrader prediction, this data is stored locally on your device and used to improve our accuracy metrics. This data is not sent to our servers unless you explicitly choose to share it.

Card pricing: We fetch pricing data from our own card database (api.gemgrader.app), TCGGO (pokemon-api.com), TCGdex, and eBay. These requests include card names and set information but no personal data.

Preferences: Settings like your preferred currency are stored locally on your device using UserDefaults and in the App Group container for widget access. This data never leaves your device.

We do not collect your location, device advertising identifiers, or browsing history. We do not use analytics, tracking, or advertising SDKs. We do not sell or share any data with third parties for marketing or advertising purposes.

Apple (Sign in with Apple): We use Sign in with Apple for authentication. Apple's privacy policy governs how Apple handles your sign-in data.

Supabase: We use Supabase to store your account information, token balance, and referral data. Supabase hosts data in secure cloud infrastructure. See Supabase's privacy policy.

RevenueCat: We use RevenueCat to manage in-app purchases and subscriptions. RevenueCat receives an anonymous app user identifier and purchase data from the App Store. See RevenueCat's privacy policy.

Google Gemini API:Card images are sent to Google's Gemini 2.5 Flash model via our secure proxy server for grading analysis. Google's API terms apply to this processing. Images are not retained by Google after the request.

GemGrader Card API: Our own API at api.gemgrader.app provides card identification and pricing data. Requests include card names and set information. This service is hosted on Vercel.

TCGGO (pokemon-api.com): Card names and set information are sent to retrieve graded card pricing. No personal data is included in these requests.

TCGdex: Card names and set information are sent to retrieve card metadata and images. No authentication or personal data is required.

Apple iCloud (CloudKit): If enabled on your device, grading records sync to your personal iCloud account. This uses Apple's CloudKit infrastructure and is governed by Apple's privacy policy.

Grading records are stored on your device and optionally in your iCloud account. You can delete individual records from the app at any time. Deleting the app removes all local data. iCloud data can be managed through your device's iCloud settings.

Account data (email, token balance, referral history) is retained in Supabase for as long as your account exists. You can request account deletion through the app's Settings screen or by contacting us, which permanently removes all associated data from our servers.

Our services use infrastructure hosted in the United States and the European Union, including Supabase, Vercel, and Google Cloud. If you are located in the EEA, your data may be transferred to and processed in countries outside the EEA. These transfers are protected by appropriate safeguards, including the service providers' compliance with applicable data protection frameworks.

If you are in the EEA or the UK, you have the right to access, correct, or delete your personal data, and to object to or restrict its processing. You can delete your account and all associated data directly from the app's Settings screen, or contact us to exercise these rights.

GemGrader is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete that information.

We may update this policy from time to time. Changes will be reflected on this page with an updated date. For significant changes, we will notify you through the app.

Questions about this policy? Contact us at privacy@gemgrader.app.