Omi – Pokemon TCG Card Scanner

Privacy Policy

Last updated: August 1, 2025

Effective date: August 1, 2025

1. Introduction

Ahmet Emin Yada ("we," "our," "us," or "Company") operates the Omi – Pokemon TCG Card Scanner mobile application ("Omi," "App," or "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, in accordance with applicable data protection laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy legislation.

By using our App, you consent to the data practices described in this Privacy Policy.

2. Data Controller Information

Data Controller: Ahmet Emin Yada
Location: Poland, European Union
Contact: ahmetyada4@gmail.com

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds under Article 6 of the GDPR:

• Consent (Article 6(1)(a)): For camera access and optional features
• Contract Performance (Article 6(1)(b)): To provide the core scanning functionality you've requested
• Legitimate Interests (Article 6(1)(f)): For app functionality, security, and fraud prevention

4. Information We Collect and Process

4.1 Camera Access and Image Processing

Purpose: To enable Pokemon card scanning functionality through optical character recognition (OCR).

Data Processed: Camera feed and captured images of Pokemon cards.

Legal Basis: Your explicit consent for camera access and contract performance.

Processing Location: All image processing occurs locally on your device. No images are transmitted to external servers.

Retention: Images are processed in real-time and not stored permanently on your device by our App.

4.2 Biometric Data Considerations

While our App processes visual data through OCR technology, we do not collect, store, or process biometric data as defined under GDPR Article 9 or CCPA. Our OCR processing focuses solely on text recognition from card imagery and does not involve facial recognition, fingerprint scanning, or other biometric identification methods.

5. Information We Do Not Collect

Personal Identifiers: We do not collect or store your name, email address, phone number, or any other personally identifiable information beyond what's necessary for subscription management.

Usage Analytics: We do not collect detailed analytics, crash reports, or comprehensive usage logs.

Device Data: We do not access your device's location, contacts, photo library, or any other personal files beyond camera access for scanning.

Biometric Data: We do not collect, process, or store biometric identifiers or biometric information as defined by applicable privacy laws.

6. Third-Party Services and Data Sharing

6.1 RevenueCat (Subscription Management)

Purpose: To manage in-app subscriptions and purchases.

Data Shared: When you subscribe, we share only:

• A unique app-generated identifier (not personally identifiable)
• Your purchase receipt from Apple App Store
• Subscription status and transaction information

Legal Basis: Contract performance and legitimate interests for subscription management.

Data Location: RevenueCat processes data in accordance with their Privacy Policy and maintains SOC 2 Type II compliance.

Your Rights: You can request deletion of your RevenueCat data by contacting us.

6.2 Apple App Store

Purchases made through the App Store are subject to Apple's Privacy Policy. We do not have access to your payment information or Apple ID details.

6.3 Firebase Analytics

Purpose: To understand how users interact with our App, identify bugs, and improve performance and user experience.

Data Collected: Firebase Analytics automatically collects certain information, including but not limited to:

• Usage Data: App launches, session duration, and feature usage.
• Device Information: Device model, operating system version, and a unique device identifier.
• Crash Reports: Information about app crashes and performance issues.

This data is collected in an aggregated and anonymized form and does not personally identify you.

Legal Basis: Legitimate interests (Article 6(1)(f) of the GDPR) to improve our App and provide a better service.

Data Location: Firebase Analytics is a service provided by Google. Data is processed in accordance with Google's Privacy Policy.

Opt-Out: You can opt-out of Firebase Analytics data collection by adjusting the settings within the App. For more information on how to control the data collected by Google, please visit their privacy controls page.

7. Data Security and Protection

We implement appropriate technical and organizational measures to protect your information:

• Encryption: All data transmissions use industry-standard encryption (TLS/SSL)
• Local Processing: Camera and OCR processing occurs entirely on your device
• Minimal Data Collection: We follow data minimization principles, collecting only what's necessary
• Access Controls: Limited access to any collected data with proper authentication
• Regular Security Reviews: Ongoing assessment of security measures and practices

8. Data Retention

Camera Data: Not retained - processed in real-time and immediately discarded.

Subscription Data: Retained for the duration of your subscription plus 3 years for legal and tax purposes, or as required by law.

Support Communications: Retained for 2 years to provide ongoing support.

9. Your Privacy Rights

9.1 GDPR Rights (EEA, UK, Switzerland Users)

You have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Request transfer of your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for camera access at any time

Exercising Rights: Contact us at ahmetyada4@gmail.com. We will respond within 30 days.

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

9.2 CCPA Rights (California Residents)

California residents have additional rights under the CCPA:

• Right to Know: Request information about data collection and use
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Not be discriminated against for exercising privacy rights

10. Age Restrictions and Children's Privacy

Omi is intended for users aged 13 and over. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us immediately to have it deleted.

Parental Controls: Parents can contact us to review, delete, or stop further collection of their child's information.

11. International Data Transfers

As we are based in Poland (EU), your data is primarily processed within the European Economic Area. When we use third-party services like RevenueCat (US-based), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Additional technical and organizational measures

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. Material changes will be communicated through:

• Updated "Last updated" date
• In-app notification for significant changes
• Email notification (if we have your email address)
• App Store update notes

Your continued use of Omi after changes indicates your acceptance of the revised policy. For material changes affecting your rights, we may seek your renewed consent.

13. Contact Information and Data Protection Officer

Data Controller: Ahmet Emin Yada

Email: ahmetyada4@gmail.com

Response Time: We aim to respond to all privacy-related inquiries within 30 days.

EU Representative: As we are based in the EU (Poland), no separate EU representative is required.

14. Compliance and Certifications

This Privacy Policy and our data practices comply with:

• General Data Protection Regulation (GDPR) - EU Regulation 2016/679
• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• Polish Personal Data Protection Act
• Apple App Store Privacy Guidelines

Thank you for trusting Omi. Your privacy is our priority, and your scans are safe with us.

Quick Links

• Download on the App Store
• Contact Support

Frequently Asked Questions

• How does the card scanning work?
  Omi uses your device's camera and advanced OCR technology to recognize Pokemon cards. All processing happens locally on your device for maximum privacy.
• Do you store my scanned cards?
  No, we do not store any of your scanned card data. Everything stays on your device.
• What subscription features are available?
  Subscription unlocks premium scanning features and removes limitations. All purchases are managed through RevenueCat.
• Is my camera data safe?
  Absolutely! Your camera feed and scanned images never leave your device. We prioritize your privacy above all else.

Found a Bug?

If something breaks, feels off, or just isn't working, please email me with:

• What you were doing when it happened
• Your device model and iOS version
• Optional: screenshot or screen recording

I'll fix it as fast as possible — pinky promise!

Suggestions?

Have an idea for improving Omi? I'd love to hear it!

Email: ahmetyada4@gmail.com