Privacy Policy

1. Introduction

Scattershot ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose personal information when you use the Scattershot mobile app and the Scattershot website (scattershot.app).

This policy is written with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) in mind.

2. Personal Information We Collect

We collect only the information we need to operate Scattershot. Depending on how you use the app/site, this can include:

• Account details: Email address and (optional) display name. Authentication is handled by our authentication provider (for example Supabase), and we do not store your plaintext password. If you sign in using Google, we receive basic account identifiers (such as your email) via our authentication provider.
• Collection & portfolio data: The cards you track (for example Scryfall IDs), quantities, finishes, collection/folder names, price alerts, portfolio value snapshots, preferences (such as currency and theme), and any notes you add.
• Support communications: Information you include when you contact us (for example by email).
• Waitlist email (website): If you join the waitlist on the website, we collect your email address so we can contact you about access/launch updates.
• Closed beta application (website): If you apply for the closed beta, we collect your email address and any additional information you submit (such as your platform and device) so we can manage beta invitations.
• Technical data: Basic device/app and network information that may be logged when you use the service (such as IP address, app version, device/OS information, and timestamps) for security, troubleshooting, and service reliability.

We do not try to collect sensitive information (as defined in the Privacy Act). Please avoid putting sensitive information in free-text fields like notes.

We do not use third-party advertising SDKs in the app, and we do not use in-app analytics SDKs to track you across apps or websites.

3. Camera & Photos

Scattershot can use your device camera and/or photo library so you can scan cards or import images for recognition. Card recognition runs on your device and we do not upload your photos to our servers for recognition.

Third-party services you use to fetch card information (for example Scryfall) may receive your IP address and other standard request metadata when your device connects to them.

4. How We Collect Personal Information

• Directly from you when you create an account, use features (such as notes or imports), or contact us.
• Automatically when your device communicates with our service providers (for example authentication/database hosting, website hosting, and card data providers).

Our website may use local storage (for example to remember your theme preference) and standard server logs for security and performance.

5. How We Use Personal Information

• To create and manage your account and authenticate you.
• To store and sync your collection/portfolio across devices.
• To fetch card details and pricing information you request.
• To provide app functionality such as search, imports, exports, folders, and alerts.
• To provide customer support and respond to enquiries.
• To protect the security and integrity of the service (for example preventing abuse, troubleshooting, and monitoring reliability).
• If you join our waitlist, to contact you about early access, launch, or important service updates (you can unsubscribe via any email we send or by contacting us).

6. Disclosure of Personal Information

We do not sell your personal information. We may disclose personal information to service providers where needed to run Scattershot, including:

• Supabase: Authentication and database hosting for your account and synced collection data.
• Card data providers (for example Scryfall): Card metadata, images, and pricing information.
• Deck/collection import providers (optional): If you choose to import from services like Moxfield, CubeCobra, or Archidekt, your device will contact those services to fetch the data you request.
• Website hosting & forms: The website and waitlist form may be hosted/handled by third-party providers (for example Render and Google Sheets/Apps Script) who process your submission.
• App stores: Apple and Google may collect information when you download the app or use in-app store features, under their own policies.

7. Overseas Disclosure

Some of our service providers may store or process information outside Australia. When we share information with overseas recipients, we take reasonable steps to ensure it is handled in a way that is consistent with this policy and the Australian Privacy Principles.

8. Data Storage, Security & Retention

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. This includes using encryption in transit where available and access controls with our service providers. However, no method of transmission or storage is completely secure.

We keep your information for as long as needed to provide the service (for example while your account is active), comply with legal obligations, and resolve disputes. If you close your account or ask us to delete your data, we will take reasonable steps to delete or de-identify it, unless we are required or permitted to keep it.

9. Access, Correction & Complaints (Australia)

You can request access to, or correction of, the personal information we hold about you. To make a request, contact us using the details below.

If you have a complaint about how we handle personal information, please contact us first and we will respond within a reasonable time. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

If a data breach occurs that is likely to result in serious harm, we will notify affected individuals and the OAIC where required under the Notifiable Data Breaches scheme.

10. Children's Privacy

Scattershot is not directed to children. If you are under 15, you should only use Scattershot with the consent and supervision of a parent or guardian. If you believe a child has provided us with personal information without appropriate consent, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date above. Where appropriate, we may also notify you in the app or by email.

12. Contact Us

If you have questions, requests, or complaints about privacy, contact us at: privacy@scattershot.app

(If you operate Scattershot through a registered business entity, you may wish to add your legal name and an Australian contact address here.)