Last updated: March 22, 2026
Sports Card Scanner - CardHit ("CardHit", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.
When you scan a sports card, the photo is sent to Google Gemini (AI) for card identification and valuation purposes only. Card images are:
Cards you add to your collection are stored locally on your device using Apple's built-in storage. This data includes card details (player name, brand, year, estimated value) and the card image. This data is not transmitted to our servers.
We generate a random device identifier (UUID) stored locally on your device for rate-limiting purposes. This identifier cannot be used to identify you personally.
We log scan requests on our server for operational purposes. Logs contain: timestamp, anonymized IP address, card identification results (player name, brand, value), and error messages. Logs do not contain card images or personal information.
Card images are sent to Google Gemini via Vercel AI Gateway for identification. Google Gemini operates under zero data retention — your images are not stored or used for training. Processing occurs on Google's servers (primarily US-based). For more information, see Google's Gemini API Terms.
We use Vercel AI Gateway to route requests to Google Gemini. Vercel enforces zero data retention and does not store prompts or responses. See Vercel's Data Processing Addendum.
We display eBay listings using the eBay Browse API. Some links may be affiliate links. See our Terms of Use for details.
Card images: Not retained (zero data retention).
Server logs: Retained for up to 30 days for operational and debugging purposes, then automatically deleted.
Collection data: Stored locally on your device until you delete it.
All communication between the app and our servers is encrypted using HTTPS/TLS. API requests are authenticated using HMAC-SHA256 signatures with nonce-based replay protection.
If you are located in the European Economic Area (EEA), you have the right to:
Since we do not store personal data on our servers (card images are not retained, and collection data is local to your device), most of these rights are automatically satisfied. To exercise any rights or ask questions, contact us at [email protected].
CardHit is not directed at children under 13. We do not knowingly collect personal information from children.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.
If you have questions about this Privacy Policy, contact us at: