Privacy Policy

1. Introduction

dexie ("we", "us", "our") operates the dexie.io platform. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We collect the following categories of personal data:

• Account data: Name, email address, and hashed password when you register.
• Collection data: Information about cards you scan and add to your collection, including card names, set numbers, conditions, and images.
• Payment data: Billing information is processed securely by Stripe. We do not store your full card details.
• Usage data: Information about how you use the Service, including scan counts, pages visited, and feature usage, collected for analytics and service improvement.
• Device data: Browser type, operating system, IP address, and device identifiers.

3. How We Use Your Data

We use your personal data to:

• Provide, maintain, and improve the Service
• Process payments and manage subscriptions
• Send transactional emails (verification, password reset, receipts)
• Analyse usage patterns to improve the Service
• Prevent fraud and abuse
• Comply with legal obligations

Our legal bases for processing are: performance of a contract (providing the Service), legitimate interests (analytics, fraud prevention), and your consent where applicable.

4. Cookies

We use cookies to authenticate your session and improve your experience. For full details, please see our Cookie Policy.

5. Third-Party Services

We share data with the following third-party processors:

• Stripe — Payment processing. Stripe processes your billing information under their own privacy policy.
• SendGrid — Transactional email delivery (verification codes, password resets).
• Analytics providers — Anonymised usage analytics to help us improve the Service.

We ensure all third-party processors provide adequate data protection safeguards.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g., financial records may be retained for up to 7 years for tax purposes). Anonymised analytics data may be retained indefinitely.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure: Request deletion of your data. You can delete your account at any time through your account settings.
• Right to data portability: Request an export of your data in a machine-readable format. Pro users can export their collection as CSV.
• Right to restrict processing: Request limitation of how we process your data.
• Right to object: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@dexie.io. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encrypted password storage (bcrypt), and secure infrastructure. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. International Transfers

Your data may be transferred to and processed in countries outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the ICO.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related enquiries, contact us at privacy@dexie.io.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.