Privacy Policy

1. Who We Are

CompCaddy is operated by Rimal Labs LLC, an Arizona limited liability company. This policy applies to the CompCaddy iOS application and the website compcaddy.app.

2. No Account Required

CompCaddy does not require you to create an account. There is no email address, password, name, or social login associated with app usage. Instead, the app generates an anonymous device identifier on first launch that is used to manage your scan quota and subscription entitlement.

3. Data We Collect

We collect the following categories of data:

Device & Session Data

• Anonymous device ID — a UUID generated on first install, not linked to your name or email
• App version, device model, and iOS version — collected by crash and analytics tools
• Approximate IP address — included in standard server request logs

Scan History (Server-Side)

• Scan identifiers you submitted, including product barcodes and grading certification numbers
• Scan timestamps and result types (found/not found, confidence level)
• Marketplace comparison data cached by search query — not linked to your device
• Certification data cached by certification number — not linked to your device
• Quota usage — how many scans you have used in the current period

Local-Only Data (Never Sent to Our Servers)

• Purchase cost, fee rate, ROI threshold you enter — stored on your device only via encrypted local storage
• Scan settings and preferences — stored locally
• Share cards you generate — created and discarded locally, never uploaded

Subscription Data

• Subscription status (Free or Pro) and entitlement tier — managed via RevenueCat
• Purchase receipts are handled by Apple — we do not receive or store payment card data

Analytics & Crash Data

• Usage events: scan counts, feature interactions, result types — via Amplitude, linked to device ID only
• Crash reports and error logs — via Sentry, anonymized, grading certification numbers are masked in logs

4. Camera & Images

CompCaddy uses your device camera to scan barcodes and read PSA slab labels. Camera frames are processed entirely on your device. No images are uploaded to our servers, sent to third parties, or used for machine learning or model training.

5. Third-Party Services

We use the following third-party services in production. Each receives only the data necessary for its function:

• RevenueCat — subscription and entitlement management. Receives your anonymous device ID and Apple purchase receipt. Privacy Policy
• Apple App Store / StoreKit — payment processing. Apple handles all payment data. Privacy Policy
• Amplitude — product analytics. Receives device ID and usage event metadata. No barcodes, prices, or cost basis are transmitted. Privacy Policy
• Sentry — crash reporting. Receives device ID, app version, and error context. Grading certification numbers are masked before transmission. Privacy Policy
• Google Cloud Run — backend API hosting. Processes scan requests. Standard server logs include request path, response status, and masked cert numbers. Log retention: 30 days per Google Cloud default.
• Neon Postgres — database. Stores scan history, quota ledger, and cert/comp cache linked to your anonymous device ID.
• Cloudflare — DNS, CDN, and website hosting for compcaddy.app.
• CompCaddy may use publicly available marketplace comparison data and certification lookup data to provide pricing and identification results. These sources do not receive your device data and are not used to identify you.

Only the vendors listed above receive device or usage data. Marketplace and certification data sources are not transmitted user data.

6. Data Retention

• Grading certification cache: automatically purged after 14 days
• eBay comp cache: automatically purged after 30 days
• Scan history and quota ledger: retained until you submit a data deletion request
• Server logs (Google Cloud): 30-day retention per Google Cloud default
• Crash logs (Sentry): 90-day retention per Sentry default
• Analytics (Amplitude): per Amplitude's data retention policy

7. Your Rights & Data Deletion

Because CompCaddy has no user accounts, we use your in-app Support ID to locate and delete device-linked records. To find your Support ID: open the app → Settings → Privacy → Support ID.

To request deletion of your data, email privacy@compcaddy.app with your Support ID. We will delete the following within 30 days of a verified request:

• Scan history
• Quota ledger
• Your device-linked identifier association in our database

Note: Apple subscription cancellation is handled separately through iOS Settings → Apple ID → Subscriptions, not through our data deletion process.

8. Children's Privacy

CompCaddy is not directed to children under the age of 13. We do not knowingly collect data from children. If you believe a child under 13 has used the app, please contact us at privacy@compcaddy.app.

9. Geographic Scope

CompCaddy is currently intended for users in the United States. If you access the app from outside the United States, your data may be processed and stored on servers located in the United States.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated "Last updated" date at the top of this page. Continued use of CompCaddy after changes constitutes acceptance of the revised policy.