Mobile App Privacy Policy

This Privacy Policy describes how the PixelBroker mobile application ("the App", "we", "us", or "our") collects, uses, and protects your personal information.

PixelBroker is operated by Josep Sensarrich, an individual based in the Province of Barcelona, Spain. For privacy inquiries, contact support@pixelbroker.io.

1. Who We Are

PixelBroker is a consultation app for retro video game collectors. We help users track game prices, build collections, and discover market trends. The App is operated by Josep Sensarrich as an individual data controller, available worldwide through the Google Play Store.

2. Age Requirement

PixelBroker is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided personal information to us, please contact us at support@pixelbroker.io and we will delete the information.

In jurisdictions where the minimum age for digital consent is higher (such as some European Union member states where it may be 14, 15, or 16), users must meet the local minimum age, or have parental/guardian consent, before using the App.

3. Information We Collect

3.1 Information You Provide Directly

• Account information: email address, username/alias, password, your Firebase user ID, registration date, and login method (passwords are handled by Firebase Authentication and never stored in plain text by us).
• Game collection: the list of video games you add to your personal collection, including any custom notes, condition, quantity, or status you assign.
• Watchlist: the list of games you follow to monitor their price.
• Sales records: when you mark a game as sold, we store the title, console, sale price, original price paid, and sale date. This data is private to your account.
• Sniper preferences: target prices and games you wish to be notified about.
• UPC contributions: when you scan a barcode that is not yet in our catalog and manually link it to a game, we store that contribution associated with your account for validation purposes. Once three different users independently confirm the same link, the UPC is added to the public catalog. Your individual contribution remains accessible to you and is deleted with your account.
• Subscription information: if you purchase a PRO subscription, we receive transaction confirmations from RevenueCat (we do not handle payment card data ourselves).

3.2 Information Collected Automatically

• Device identifier for push notifications: a Firebase Cloud Messaging (FCM) token that allows us to send you Sniper alerts when a game reaches your target price. This token is associated with your account.
• Advertising identifier: Google Play Services Advertising ID, used by Google AdMob to serve ads. You can reset or limit this identifier in your device settings.
• Camera-captured barcode data: when you use the barcode scanner, your device's camera reads product barcodes (UPC codes). Image frames are processed locally on your device using Google ML Kit and never leave your device. Only the decoded numeric barcode is transmitted to our servers to look up the matching game.
• Anonymous UPC scan counter: when any user scans a barcode, we increment a global counter for that UPC (number of scans, last scan timestamp, number of matched games). This counter is not associated with any user and helps us prioritize catalog quality.
• Approximate location (optional, opt-in): if you grant consent at registration or in Settings, we resolve your IP address to an approximate city and country using ipinfo.io. We store only the city and country, not your exact IP address or GPS coordinates. You may revoke this consent at any time; if you do not grant it, no geolocation data is collected.
• Daily collection value snapshot: once per day, our backend computes the total estimated value of your collection (based on current market prices and the games you have at that moment) and stores this number along with the date. This enables the "Collection Value Over Time" chart in your dashboard. We do not store per-game price history.

3.3 What We Do NOT Collect

We want to be explicit about what we do not collect:

• We do not use Google Analytics, Firebase Analytics, or any other behavioral tracking SDK.
• We do not use Firebase Crashlytics or any crash reporting service.
• We do not track your precise GPS location. Approximate city/country is only collected if you explicitly opt in (see Section 3.2).
• We do not store images, video, or audio from your camera. Barcode frames are processed in memory and immediately discarded.
• We do not access your contacts, microphone, photo library, or device storage beyond what is strictly needed for the App's features.
• We do not sell, rent, or license your personal information to third parties.
• We do not sell, license, or share aggregated or anonymized user data with third parties for commercial purposes.

4. How We Use Your Information

We use the information we collect to:

• Provide and maintain the App's core features (account login, collection sync, watchlist, search, market trends, sales tracking).
• Send you push notifications when games on your Sniper list reach target prices (only if you have configured Sniper alerts).
• Process subscription purchases and manage PRO features through RevenueCat.
• Display advertisements through Google AdMob (free tier users).
• Compute and display the daily evolution of your collection's estimated value.
• Improve our UPC catalog using anonymous scan counts and user-submitted UPC suggestions.
• Send transactional emails (via Resend) about your account, security, or material changes to the service.
• Comply with legal obligations.

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), the United Kingdom, or other jurisdictions where similar laws apply, our legal basis for processing your personal information is:

• Performance of a contract: to provide the App's core services (account, collection sync, Sniper).
• Legitimate interest: to maintain security, prevent fraud, and improve the service.
• Consent: for non-essential cookies, push notifications, and personalized advertising.
• Legal obligation: to comply with applicable laws.

You may withdraw your consent at any time by contacting us or through device settings.

6. Third-Party Services

PixelBroker integrates with the following third-party services. Each has its own privacy policy that we encourage you to review:

• Google Firebase (Auth, Cloud Messaging, Firestore) — User authentication and push notifications. Privacy policy.
• Google AdMob — Display advertising. Privacy policy.
• RevenueCat — Subscription management. Privacy policy.
• Resend — Transactional email delivery (account verification, password reset, important notices). Privacy policy.
• ipinfo.io — Approximate geolocation lookup from IP address (only when you opt in). Privacy policy.
• PriceCharting — Game price data provider. Privacy policy. PriceCharting does not receive your personal data; we only consume their public price catalog.
• TheGamesDB (TGDB) — Game cover art and metadata. Privacy policy. TGDB does not receive your personal data; we only consume their public image catalog.
• Cloudflare — Web infrastructure and security. Privacy policy.
• Hetzner — Server hosting (Germany, EU). Privacy policy.

When you use the App, certain technical information (such as your IP address) is automatically processed by these services to deliver content and security features. Our backend servers are hosted in Germany (European Union) by Hetzner.

7. Data Sharing and International Transfers

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

We share information only with:

• Service providers listed in Section 6, strictly to operate the App.
• Law enforcement or courts if required by valid legal process.

Some of our service providers (Google, RevenueCat, PriceCharting) are based outside the European Economic Area, including the United States. When data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or processors that participate in valid adequacy frameworks.

8. Data Retention

We retain your personal information for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (for example, transaction records may be kept for accounting purposes for the period required by Spanish tax law, currently 4 years).

You can delete your account at any time from within the App (Settings → Account → Delete Account). For users without access to the in-app option, you may also request account deletion by emailing support@pixelbroker.io.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal information:

• Right of access: to know what data we hold about you.
• Right to rectification: to correct inaccurate data.
• Right to erasure ("right to be forgotten"): to delete your data.
• Right to restrict processing: to limit how we use your data.
• Right to data portability: to receive your data in a structured format.
• Right to object: to certain types of processing (such as direct marketing).
• Right to withdraw consent where processing is based on consent.
• Right to lodge a complaint with a supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).

To exercise any of these rights, contact us at support@pixelbroker.io. We will respond within 30 days.

10. Security

We implement reasonable technical and organizational measures to protect your personal information:

• All connections between the App and our servers use HTTPS encryption (TLS 1.2 or higher).
• Passwords are managed by Firebase Authentication and are never stored in plain text on our servers.
• Server infrastructure is hosted on Hetzner Cloud in Germany with firewall rules limiting inbound access.
• Web traffic is filtered through Cloudflare for additional security.

No system is 100% secure. If you suspect unauthorized access to your account, please contact us immediately at support@pixelbroker.io.

11. Advertising and Personalization

The free version of PixelBroker displays advertisements provided by Google AdMob. AdMob may use your advertising ID to serve personalized ads. You can:

• Opt out of personalized ads in your device's Google settings (Settings → Google → Ads → "Opt out of Ads Personalization").
• Reset your advertising ID at any time in the same settings menu.
• Subscribe to PRO to remove all advertisements from the App.

For more information about how Google handles advertising data, see policies.google.com/technologies/ads.

12. Children's Privacy

PixelBroker is not directed at children under 13 years of age. If we discover that we have inadvertently collected personal information from a child under 13, we will delete it as soon as possible. Parents who believe their child has provided personal information to us should contact support@pixelbroker.io.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy.
• Notify users through the App or by email when changes are significant.

Continued use of the App after changes take effect constitutes acceptance of the updated Privacy Policy.

14. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact:

PixelBroker
Operated by Josep Sensarrich
Province of Barcelona, Spain
support@pixelbroker.io

This Privacy Policy is provided in English. In case of any discrepancy with translated versions, the English original prevails.