WonderScan Privacy & Security Policy

🔒 Data Collection

What data does WonderScan collect?

• Card images you scan and their metadata (card name, ID, rarity, etc.)
• Account information (email, username)
• Trading data (listings, chat messages, transaction history)
• App usage data (features used, crash reports)
• Device information (model, OS version) for support purposes

We do NOT collect: payment information (handled by secure third-party processors like Stripe), personal messages outside the app, or browsing history.

How is my card collection data stored?

Your card collection data is stored locally on your device by default. For Premium users, data is also backed up to secure cloud storage with end-to-end encryption. Card images are stored locally and optionally in encrypted cloud backup. We use industry-standard AES-256 encryption for all cloud-stored data. For international data transfers to countries outside the EU, such as to the US by Stripe or cloud storage providers, we rely on the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs) to ensure GDPR compliance.

Do you track my location?

No, WonderScan does not collect, track, or store your location data. The app functions entirely without location services.

📊 Data Usage & Purpose

How do you use my data?

We use your data solely to:

• Provide app functionality (card scanning, collection management, trading features)
• Improve app performance and fix bugs
• Provide customer support
• Send important app updates and security notifications

We do NOT sell, rent, or monetize your personal data. We do NOT use your data for advertising or marketing without explicit consent. For optional features like push notifications for wanted card matches, we obtain explicit consent via an opt-in prompt in the app. You can withdraw this consent at any time through the app settings.

Do you share my data with third parties?

We share data only with:

• Cloud storage providers (for Premium backup) under strict data processing agreements
• Payment processors like Stripe (for Premium subscriptions) - they handle payment data, not us
• Legal authorities only when required by law

We do NOT share your data with advertisers, marketers, or data brokers.

How long do you keep my data?

We retain your data:

• While your account is active
• For 30 days after account deletion (for recovery purposes)
• For legal compliance where required
• App usage data (e.g., crash reports) are kept for up to 1 year for analysis unless you request deletion

You can request immediate deletion of your data at any time by contacting info@scuddy.io.

🔐 Security Measures

How do you protect my data?

We implement:

• AES-256 encryption for all cloud-stored data
• Secure HTTPS connections for all data transmission
• Local device encryption for stored data
• Regular security audits and updates
• Access controls and authentication for all systems
• Secure backup procedures with encryption keys stored separately from data

What happens if there's a data breach?

In case of a data breach, we will:

• Immediately notify affected users within 72 hours
• Notify relevant authorities as required by law
• Implement additional security measures
• Provide detailed information about what data was affected
• Offer free credit monitoring if financial data was compromised

Is my trading data secure?

Yes, all trading data (listings, chat messages, transaction history) is encrypted both in transit and at rest. Chat messages are end-to-end encrypted and not stored on our servers. Trading history is stored locally and optionally in encrypted cloud backup for Premium users.

👤 Your Rights & Control

What are my data rights?

You have the right to:

• Access all your personal data we hold
• Correct inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Object to data processing
• Withdraw consent for optional data processing
• Lodge a complaint with a data protection authority, such as the Irish Data Protection Commission (www.dataprotection.ie)

Contact info@scuddy.io to exercise these rights.

How do I delete my account and data?

To delete your account and all data:

• Go to Account Settings → Delete Account, or
• Email info@scuddy.io with "DELETE ACCOUNT" in the subject

We will delete all your data within 30 days, except where required for legal compliance. You will receive confirmation when deletion is complete.

Can I export my data?

Yes, Premium users can export their card collection as a PDF catalog. For complete data export (including trading history, settings, etc.), contact info@scuddy.io. We will provide your data in a structured, machine-readable format within 30 days.

⚖️ Legal & Compliance

What privacy laws do you comply with?

We comply with:

• GDPR (EU General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• COPPA (Children's Online Privacy Protection Act)
• Local data protection laws in all jurisdictions where we operate

Our legal basis for data processing is:

• Contract performance (app functionality)
• Legitimate interest (app improvement, security)
• Consent (optional features)

How do you handle children's data?

WonderScan is not intended for children under 13. We do not knowingly collect data from children under 13. If we discover we have collected data from a child under 13, we will immediately delete it. Parents can contact info@scuddy.io to request deletion of their child's data.

What if I have a privacy complaint?

If you have privacy concerns:

• Contact us at info@scuddy.io - we will respond within 30 days
• Lodge a complaint with your local data protection authority, such as the Irish Data Protection Commission (www.dataprotection.ie)
• For EU users: Contact the European Data Protection Board

We are committed to resolving all privacy issues promptly and transparently.

📧 Updates & Contact

How do you notify users of policy changes?

We notify users of privacy policy changes by:

• In-app notification 30 days before changes take effect
• Email notification to all registered users
• Prominent notice on our website www.scuddy.io

Users can opt out of future communications but will still receive critical privacy updates.

How can I contact you about privacy?

For privacy questions, concerns, or requests:

• Email: info@scuddy.io
• Subject: "PRIVACY REQUEST"
• Include: Your username, specific request, and any relevant details

We respond to all privacy inquiries within 30 days. For urgent matters, include "URGENT" in the subject line.

Who is responsible for data protection?

ScuddyTech.OÜ is the data controller for WonderScan. Our Data Protection Officer can be contacted at info@scuddy.io. We are registered with relevant data protection authorities and maintain records of all data processing activities as required by law.