Legal

Privacy Policy

Effective date: 13 May 2026

This Privacy Policy explains how GrailVault ("we", "us", or "our"), operated by Sam Roberts, collects, uses, stores, and protects your personal information when you use the GrailVault mobile application ("App"). By using the App, you agree to the collection and use of information as described in this policy.

1. WHO WE ARE

GrailVault is an independent trading card collection tracker and financial literacy application. We are not affiliated with any trading card publisher or manufacturer. The App is operated by Sam Roberts, based in Kuala Lumpur, Malaysia. Contact: hello@grailvault.app

2. INFORMATION WE COLLECT

We collect only what is necessary to provide the App's functionality.

Information you provide directly:

• Email address and password (for account creation and authentication via Firebase Auth)
• Trainer name and username (chosen by you, displayed to friends)
• Card collection data: card names, quantities, conditions, purchase prices, and dates
• Trade history: trade type, prices, dates, and notes
• Budget information you set
• Friend connections made via invite code

Information collected automatically:

• App version and device type (collected by Firebase for crash reporting)
• Usage data such as features used and session frequency (aggregated, not linked to individual actions)

We do not collect location data, device contacts, photos, financial account information, or advertising identifiers.

3. HOW WE USE YOUR INFORMATION

We use the information we collect to provide, maintain, and improve the App; authenticate your account; display your collection, trade history, and financial stats; enable social features; convert card valuations to your selected home currency; and respond to support requests.

We do not use your data for advertising, and we do not sell your personal information to third parties.

4. DATA STORAGE AND SECURITY

Your data is stored in Google Firebase Firestore, a cloud database service operated by Google LLC. Firebase is hosted on Google Cloud infrastructure with industry-standard security measures including encryption at rest and in transit.

5. THIRD-PARTY SERVICES

• Firebase (Google LLC) — authentication and data storage
• PokéWallet API — card pricing data. No personal data is transmitted.
• Frankfurter API — currency exchange rates. No personal data is transmitted.
• Apple App Store — payment processing for GrailVault Pro subscriptions

6. SOCIAL FEATURES AND SHARING

GrailVault's social features are designed to protect your privacy. Social connections are made via invite codes only — no public profile or discovery. You control what you share with each friend. There is no free-text messaging. Your email address is never visible to other users.

7. CHILDREN'S PRIVACY

GrailVault requires users to be at least 13 years old. We do not knowingly collect personal information from children under 13. If we become aware that a user under 13 has created an account, we will delete their account and data promptly.

For users under 18, we provide Parent Controls which allow a parent or guardian to review and manage social connections.

8. DATA RETENTION

We retain your personal data for as long as your account is active. You may delete your account at any time from within the App (Profile → Settings → Delete Account). Account deletion permanently removes all your personal data from our systems within 30 days.

9. YOUR RIGHTS

Depending on your location, you may have the right to access, correct, delete, or request portability of your personal data. To exercise any of these rights, contact us at hello@grailvault.app. We will respond within 30 days.

10. PUSH NOTIFICATIONS

GrailVault may send push notifications for friend requests, trade proposals, and app updates. You can control notification permissions in your device settings at any time.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this document and, where appropriate, by in-app notification.

12. GOVERNING LAW

This Privacy Policy is governed by the laws of Malaysia.

13. CONTACT US

For questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at hello@grailvault.app. We aim to respond within 5 business days.

Sam Roberts · GrailVault · Kuala Lumpur, Malaysia · hello@grailvault.app