Legal

Privacy Policy

Effective date: April 30, 2026

This privacy policy describes how Vera RCM, Inc. ("we," "us," or "our") handles information in connection with BinderIQ (the "App") and the binderiq.app website (the "Website").

The short version: BinderIQ does not sell your data, run advertising, or track you across apps. We require no account and never see your name, email, or contact info. Card scanning, OCR, and duplicate detection all run on your device. Your collection syncs via your private iCloud account; we don't have access to it. AI Card Intelligence, eBay search, and PSA/Beckett grading lookups send only what's needed for that lookup to our secure Cloudflare Worker. See “What goes off-device” below.

Information We Collect

App: BinderIQ doesn't include third-party analytics SDKs, advertising SDKs, or crash-reporting SDKs. We don't collect your name, email, contact info, or location. We do collect a small set of data needed to deliver specific features: see “What goes off-device” below for the complete list. All card scanning, OCR text recognition, and duplicate detection processing runs entirely on your device using Apple's Vision and CoreML frameworks.

Website: The binderiq.app website is a static site hosted on Cloudflare Pages. It does not use analytics, advertising pixels, or tracking cookies. No personal data is collected through the website.

iCloud Sync

BinderIQ uses Apple's CloudKit to sync your collection across your devices. This data is stored in your private iCloud account and is governed by Apple's Privacy Policy. We do not have access to your iCloud data. Sync is an opt-in premium feature.

Card Images & Data

Card images and metadata (player name, set, grade, etc.) are stored locally on your device using SwiftData. When iCloud Sync is enabled, this data syncs to your private iCloud account. Card images and data are:

  • Stored locally: on your device and optionally in your private iCloud account
  • Processed on-device: OCR, ML card detection, and duplicate matching all run locally

Card images are sent to our Cloudflare Worker only when you tap a feature that requires it: AI Card Intelligence, “See on eBay,” or shared-album duplicate checking. The image is forwarded to the relevant third-party (Anthropic via Azure AI Foundry, or eBay) for that single lookup. Our Worker keeps no copy of the image past the response. See “What goes off-device” below for the full breakdown.

What goes off-device, and where

The "no data collection" claim above is true for the on-device features: Vision-framework scanning, OCR, duplicate matching, library management, and iCloud sync. A few features, by design, must call external services to do their job. Each is initiated only by your explicit action; none run in the background.

  • PSA / Beckett cert lookup. The cert string you enter (or that BinderIQ auto-detects on a graded slab) is sent to our Cloudflare Worker, which queries PSA and Beckett. No card image is sent. The Worker logs only your IP address and the cert string for rate-limit and abuse prevention; logs are retained for a maximum of 30 days and never linked to a user account.
  • eBay search. Either the card image or the search query you generated is sent to our Cloudflare Worker, which forwards it to the eBay Browse API. eBay receives the image. Our Worker keeps no copy of the image past the response.
  • AI Card Intelligence. When you tap AI Identify, the card image and a derived prompt are sent to our Cloudflare Worker. The image is forwarded to Anthropic via Azure AI Foundry for that single inference and is not retained by us. The identification result (player, year, set, etc.) is cached on our Worker for 30 days, keyed by a one-way hash of the image so a re-scan of the same card returns the cached answer without re-billing the AI. The image itself is never stored. Anthropic's data-handling terms apply on their side; see Anthropic's Privacy Policy.
  • App Attest + StoreKit 2 verification. Device-key attestation (Apple App Attest) and Apple-signed transaction JWS are forwarded to our Worker so we can verify that an unmodified BinderIQ install produced the request and that the user holds an active subscription. Cryptographic identifiers only. No PII.
  • Anonymous device identifier (App Attest keyId). Every request to our Worker carries a stable per-install device identifier generated by Apple's App Attest framework. We use it to enforce per-device quotas (free AI lookups, monthly caps, hourly rate limits) and prevent abuse. The keyId is not your Apple ID, name, or email; it's an anonymous cryptographic value that lives on your device until you uninstall the app.
  • Funnel events. When you hit the free-tier card cap, see a paywall nudge, exhaust your duplicate-check quota, or tap a locked eBay feature, the App sends a one-line event to our Worker (event name + your device's keyId). These are stored for 14 days to help us understand which features users hit limits on. We don't link these to any external data and they automatically expire.
  • AI lookup cache. When AI Card Intelligence successfully identifies a card, we store the identification result on our Worker keyed by a SHA-256 hash of the image. If you (or anyone) re-scans the same card, we return the cached result without re-billing the AI. The hash is one-way; the image itself is never stored. Cached results expire after 30 days.

What we explicitly do not do: no analytics SDK, no third-party tracking, no advertising, no data resale, no profiling, and no inferences of any kind. We don't run a recommendation engine, a behavioral graph, or any system that benefits from learning about you.

Purchases and Payments

BinderIQ is free to download and use, with a 100-card cap on the free tier. Larger collections, AI Card Intelligence, and eBay/PSA lookups require a subscription. Premium ($0.99/month or $9.99/year) includes 10 AI lookups per month. Pro ($7.99/month or $79.99/year) includes 500 AI lookups per month. Unlimited ($12.99/month or $129.99/year) removes the AI lookup cap. All payment processing is handled entirely by Apple through StoreKit 2. We do not receive, process, or store any payment information, including credit card numbers, billing addresses, or Apple ID credentials. Subscription access is verified through Apple-signed StoreKit 2 transaction JWS; no PII is exchanged. If a subscription lapses, BinderIQ enters a read-only state; your collection remains intact and accessible.

For details on how Apple handles your purchase information, see Apple's Privacy Policy.

Children's Privacy

BinderIQ requires no account, collects no name, email, or contact information, and doesn't track users across apps. We do not knowingly collect personal information from children under 13. Because the App's only off-device data flows are tied to an anonymous device identifier (not to a child's identity), we believe BinderIQ aligns with the spirit of the Children's Online Privacy Protection Act (COPPA). If you believe a child has used the App and you'd like the device's data cleared from our infrastructure, contact .

Data Retention

Your card collection, images, and metadata exist only on your devices and in your private iCloud account; we have no access to them. The data we do receive on our Worker is held for the following retention windows:

  • AI identity cache (image hash + identification result): 30 days.
  • Funnel events (event name + device keyId + timestamp): 14 days.
  • Misidentification feedback (the data you submit when you tap “This is wrong” on an AI result, including the image you reported): 180 days. We use this to improve the AI's prompt over time.
  • App Attest device keys (Apple-provided cryptographic public key for your device): 365 days, or until you uninstall the app.
  • PSA / Beckett cert lookups: not retained beyond the immediate request.
  • StoreKit transactions: not retained, verified per-request and discarded.

All retention windows above are enforced automatically by Cloudflare KV's expiration. Nothing requires manual cleanup.

Your Rights

Because BinderIQ requires no account, we cannot identify you by name or email. The only identifier tied to your data is an anonymous device keyId. If you'd like the data tied to your device's keyId cleared from our infrastructure (the AI cache, funnel events, feedback you've submitted, attestation key), email from the device you used the App on and we'll wipe it. After uninstalling the App, your device-side data and iCloud sync data are gone; we have no way to recover those.

Changes to This Policy

If we make changes to this privacy policy, we will update the effective date at the top of this page and post the revised policy here.

Contact Us

If you have questions about this privacy policy or BinderIQ's privacy practices, contact us at:

Vera RCM, Inc.
Chicago, IL