LootScout

← Back to home

Privacy Policy

Last updated: May 6, 2026 · Effective: May 6, 2026

1. Who we are

LootScout is operated by LootScout LLC (“LootScout,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the LootScout mobile application, the website at https://lootscout.io, and related services (collectively, the “Service”).

Questions? Contact us at support@lootscout.io.

2. Information we collect

2.1 Information you provide.

  • Account info: name, email address, password (hashed), and (if you sign in with Google or Apple) your third-party account profile data.
  • Profile info: display name, avatar, bio, and other content you choose to add.
  • Listings and transactions: items you list, prices, photos, condition, location of meetup, messages with other users.
  • Subscription and payment info: processed by Stripe, Inc. We receive metadata about subscription tier and status; we do not store your full payment card number.
  • Support and feedback: messages you send us.

2.2 Information collected automatically.

  • Device info: device model, OS version, IP address, app version, language, time zone.
  • Usage data: screens viewed, actions taken, search queries, error logs.
  • Approximate or precise location: when you grant location permission, we use your device's location to power radius-based listing search. Background location is not collected.
  • Push notification tokens: to deliver in-app notifications you've subscribed to.
  • Camera and photo library: when you scan cards or upload listing photos. Images stay on-device until you explicitly upload.

2.3 Information from third parties.

  • Pricing data from JustTCG, PriceCharting, Scrydex, Pokémon TCG API, and Scryfall. Not personal data about you.
  • Single sign-on: when you sign in via Google or Apple, we receive your name and email address from that provider.
  • Stripe: subscription status, invoice history, payment failures.

3. How we use information

We use the information we collect to:

  • provide, maintain, and improve the Service;
  • authenticate you and secure your account;
  • display listings and pricing intelligence;
  • facilitate communication and meetups between users;
  • process subscriptions, payments, and refunds via Stripe;
  • send transactional messages (sale confirmations, account alerts, password resets, beta updates);
  • prevent fraud, abuse, and Terms violations;
  • develop new features and improve existing ones, including aggregate Local Sales Data analytics;
  • comply with legal obligations.

4. How we share information

We do not sell your personal information.

We share information with:

  • Other users, when you list an item, message a user, or arrange a transaction. Public profile info, listings, and meetup locations are visible to other users as you configure them.
  • Service providers that operate the Service on our behalf:
    • Supabase, Inc. — database, authentication, edge functions, file storage.
    • Stripe, Inc. — payment processing.
    • Google LLC — single sign-on (when used) and Maps/Places (when used).
    • Apple, Inc. — Sign in with Apple, App Store distribution.
    • Pricing data providers — JustTCG, PriceCharting, Scrydex, Pokémon TCG API, Scryfall (we send queries; they do not receive personal info about you).
    • Push notification services — Apple Push Notification Service, Firebase Cloud Messaging.
  • Legal and safety: to comply with applicable law, respond to valid legal process, enforce our Terms, protect users' rights and safety, or investigate fraud.
  • Business transfers: to an acquirer or successor in connection with a merger, acquisition, or sale of all or substantially all of our assets, with notice to you.

5. Your choices

  • Account info: edit your profile in-app at any time.
  • Location: disable location permission in your device settings; radius search will not work until re-enabled.
  • Push notifications: disable in your device settings or in-app notification preferences.
  • Camera/photo: disable in your device settings; you will not be able to scan cards or upload listing photos.
  • Marketing emails: unsubscribe via the link in any marketing email or by emailing support@lootscout.io. Transactional emails (account, payment, sale confirmations) cannot be opted out of while your account is active.

6. Data retention and deletion

  • We retain personal information for as long as your account is active or as needed to provide the Service.
  • Account deletion: you can delete your account in-app or at lootscout.io/delete-account. Once you confirm, we delete or anonymize your personal information within 30 days, except where we must retain certain records to comply with law (e.g., tax records, fraud investigations) or to enforce our Terms.
  • Aggregated/de-identified data (such as aggregated Local Sales Data with no personal identifiers) may be retained indefinitely.

7. Security

We use industry-standard safeguards to protect your information, including TLS for data in transit, encryption at rest for sensitive fields, password hashing, role-based access controls, and audit logging. No system is perfectly secure. Notify us at support@lootscout.io if you suspect unauthorized access to your account.

8. Children

LootScout is not directed to children under 13, and we do not knowingly collect personal information from children under 13. The Service is intended for users 18 and older. If we learn we have collected information from a child under 13, we will delete it. Contact us at support@lootscout.io with concerns.

9. International users

LootScout is operated from the United States. If you access the Service from outside the U.S., you understand that your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and share.
  • Delete personal information we have collected, subject to legal exceptions.
  • Correct inaccurate personal information.
  • Opt out of “sale” or “sharing” of personal information. We do not sell or share personal information for cross-context behavioral advertising.
  • Non-discrimination for exercising any of the above.

To exercise these rights, email support@lootscout.io from the email associated with your account. We will verify your identity and respond within 45 days.

We do not knowingly process the personal information of California residents under 16 for sale or sharing.

11. Other state-specific rights (Virginia, Colorado, Connecticut, Utah, etc.)

Residents of certain other U.S. states have rights similar to those described above. Contact support@lootscout.io to exercise them. We will respond as required by applicable law.

12. EU/UK users

If you are in the European Union or United Kingdom, the legal bases on which we process your information include performance of the contract (providing the Service), legitimate interests (improving and securing the Service), consent (where applicable, e.g., marketing emails or location data), and compliance with legal obligations. You have rights of access, rectification, erasure, restriction, portability, and objection. Contact support@lootscout.io to exercise them. You also have the right to lodge a complaint with your local data protection authority.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes we will notify you via the app, email, or a prominent notice on the website. The “Last updated” date at the top reflects the most recent revision.

14. Contact

LootScout LLC
4030 Wake Forest Road STE 349, Raleigh, WAKE COUNTY, NC 27609 USA
support@lootscout.io

← Back to home