CardSwapr
FeaturesDownloadFAQ

Privacy Policy of the "CardSwapr" Mobile Application

Last Updated: August 27, 2025

This Privacy Policy describes how we collect, use, and share the personal data of users of our "CardSwapr" mobile application (hereinafter referred to as the "Application"), available on iOS and Android platforms. Please read this Privacy Policy carefully. By using the Application, you accept the terms described in this Privacy Policy.

Data Controller

The controller of your personal data is piotrfeder.pl - Piotr Feder, with its registered office at 96-300 Żyrardów, ul. Sowińskiego 13/9, Poland. If you have any questions regarding this Privacy Policy or the processing of your personal data, please contact us at the following e-mail address: contact@cardswapr.app

Scope of Collected Personal Data

While using the Application, we may collect the following categories of personal data:

  1. Identification Data:

    • E-mail address: Provided during account registration.
    • Nickname (pseudonym): Chosen by the user during registration.

  2. Location Data (limited):

    • Country: Selected by the user.
    • City: Selected by the user.

  3. Application Usage Data (collected automatically):

    • Information about how you use the Application, such as viewed screens, actions taken, time spent in the Application.
    • Mobile device data, including device model, operating system, device identifiers (e.g., IDFA for iOS, AdID for Android).
    • IP address (in certain circumstances).

Purpose and Legal Basis for Processing Personal Data

  1. Providing Application Services:

    • Enabling user account registration and login (Article 6(1)(b) GDPR - necessary for the performance of a contract).
    • Displaying profiles of other users based on the provided Country and City to facilitate the exchange of collectible cards (Article 6(1)(f) GDPR - legitimate interest of the controller, which is to enable interaction between users).
    • Enabling users to contact each other for the purpose of exchanging cards (Article 6(1)(b) GDPR - necessary for the performance of a contract).
    • Managing user accounts and providing technical support (Article 6(1)(b) GDPR - necessary for the performance of a contract).

  2. Analytics and Improvement of the Application:

    Analyzing how the Application is used to improve it, optimize it, and develop new features (Article 6(1)(f) GDPR - legitimate interest of the controller, which is to improve the Application). For this purpose, we use Google Analytics and Facebook Business Manager .

  3. Displaying Advertisements:

    Displaying personalized or non-personalized advertisements in the Application (Article 6(1)(f) GDPR - legitimate interest of the controller, which is the monetization of the Application, or Article 6(1)(a) GDPR - user consent, depending on the configuration and requirements of advertising platforms). For this purpose, we use Google AdMob.

Sharing Personal Data

We may share your personal data with the following categories of recipients:

  1. Other Application Users: Your Nickname and the provided Country and City will be visible to other Application users to facilitate card exchange.
  2. Analytics Service Providers: Google (as part of Google Analytics) and Facebook Business Manager for the purpose of analyzing Application usage.
  3. Advertising Service Providers: Google (as part of Google AdMob) for the purpose of displaying advertisements.
  4. Hosting and IT Service Providers: Companies that support us in maintaining and operating the Application (including, but not limited to, Google Firebase).
  5. Public Authorities: If we are required to do so by law.

Transfer of Personal Data Outside the European Economic Area (EEA)

Your personal data may be transferred outside the European Economic Area to the United States in connection with the use of Facebook Business Manager , Google Firebase, Google Analytics, and Google AdMob services. The transfer of data takes place on the basis of standard contractual clauses approved by the European Commission or other appropriate legal mechanisms ensuring an adequate level of data protection.

Security of Personal Data

We make every effort to protect your personal data against unauthorized access, use, disclosure, modification, or destruction. We apply appropriate technical and organizational measures, including data encryption, access control, and regular security audits.

Your Rights

  1. Right of Access: You have the right to obtain information about whether we process your personal data and to access that data.
  2. Right to Rectification: You have the right to request the correction of incorrect or incomplete personal data.
  3. Right to Erasure ("Right to be Forgotten"): You can delete your account and its associated data (email, nickname, country, city, albums and cards added to the account) at any time from within the application: Profile -> Delete account button. The only data that will remain is the history of your conversations with other users.
  4. Right to Restriction of Processing: You have the right to request the restriction of the processing of your personal data in certain situations.
  5. Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to send this data to another controller.
  6. Right to Object: You have the right to object to the processing of your personal data based on our legitimate interest.
  7. Right to Withdraw Consent: If we process your personal data based on your consent, you have the right to withdraw it at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  8. Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority responsible for the protection of personal data, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement. In Poland, the supervisory authority is the President of the Personal Data Protection Office.

To exercise any of the above rights, please contact us at the e-mail address provided in section 1.

Retention Period of Personal Data

We will store your personal data for as long as it is necessary to achieve the purposes for which it was collected, unless legal regulations require a longer storage period. In particular:

  1. Identification Data (e-mail, Nickname) will be stored for the duration of having an active account in the Application. After deleting the account, this data may be stored for the period necessary to secure claims or fulfill legal obligations.
  2. Location Data (Country, City) will be stored for the duration of having an active account in the Application.
  3. Application Usage Data collected by Google Analytics will be stored in accordance with Google Analytics' data retention policy.
  4. Application Usage Data collected by Facebook Business Manager will be stored in accordance with Facebook Business Manager' data retention policy.
  5. Data used for displaying advertisements by Google AdMob will be stored in accordance with Google AdMob's data retention policy.

Changes to the Privacy Policy

We reserve the right to change this Privacy Policy at any time. Any changes will be published in the Application and will be effective from the moment of their publication. We encourage you to review this Privacy Policy regularly.

Contact

If you have any questions or concerns regarding this Privacy Policy, please contact us at the following e-mail address: contact@cardswapr.app