Privacy policy

Bindex Privacy Policy

Last updated: May 21, 2026

Effective date: May 21, 2026

1. INTRODUCTION

Bindex ("we", "us", "our") operates the website and webshop at bindexofficial.com (the "Webshop") and the Bindex mobile application for iOS and Android (the "App"). The Webshop and the App are together referred to in this policy as the "Services". The Webshop is powered by Shopify, which provides the underlying e-commerce platform.

This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase through the Services, or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

By using the Services, you acknowledge that you have read this Privacy Policy and understand the practices it describes. If you do not agree, please do not use the Services.

For the purposes of applicable data protection laws (including the EU/UK GDPR), the data controller is:

Bindex

Email: admin@bindexofficial.com

2. WHAT THIS POLICY COVERS

This Privacy Policy covers two distinct services that may have different data flows:

A. The Webshop at bindexofficial.com — used to sell physical Bindex products such as binders.

B. The Bindex mobile App on iOS and Android — used to track your Pokémon Trading Card Game collection.

Throughout this policy, sections marked "(Webshop only)" or "(App only)" apply only to the corresponding service. Sections without such a marker apply to both.

3. PERSONAL INFORMATION WE COLLECT

When we use the term "personal information", we mean information that identifies or can reasonably be linked to you. Personal information does not include information collected anonymously or that has been de-identified.

3.1 Information collected through the Webshop

Depending on how you interact with the Webshop, we may collect:

- Contact details — your name, billing address, shipping address, phone number, and email address.

- Financial information — credit/debit card details, payment account information, transaction details and payment confirmations. Payment card numbers are processed directly by our payment providers; we do not store full card numbers on our own systems.

- Account information — Webshop username, password, security questions, preferences and settings (if you create a Webshop account).

- Transaction information — items you view, add to your cart, add to your wishlist, purchase, return, exchange or cancel, and your past transactions.

- Communications with us — the contents of any message you send us, for example via customer support.

- Device information — information about your device, browser, network connection, IP address, and other unique identifiers.

- Usage information — how and when you interact with or navigate the Webshop.

3.2 Information collected through the App

When you create an account or use the App, we collect:

- Email address — used for sign-in, account recovery, and important account notifications.

- Password — stored only as a securely hashed value by our authentication provider (Supabase); we never see your plaintext password.

- Display name (optional) — shown inside the App for your own profile.

- Collection data — the binders you create and the cards you mark as owned, missing, or extra, including any notes you add to cards.

- Authentication tokens — issued by our authentication provider so you stay signed in across sessions.

- Subscription / purchase status — if you purchase Bindex Pro, we receive a confirmation that your account is entitled to Pro features. No payment card details are ever sent to or stored by us.

- Crash diagnostic data — when the App crashes or encounters a serious error, anonymous technical diagnostic data (such as the type of error, device model, operating system version, and the App version) is sent to our crash reporting provider (Sentry) so we can fix bugs. This data does not include your name, email, password, or collection contents.

- Anonymous product analytics — basic anonymous event data (for example: "user opened the App", "binder created", "paywall viewed") is sent to our analytics provider (PostHog) so we can understand which features are used and improve the App. Events are tied to a random, anonymous identifier and are not used to advertise to you or to build a marketing profile.

3.3 What the App does NOT collect

We deliberately do not collect, from the App:

- Advertising identifiers (IDFA / GAID).

- Your device contacts, photos, microphone, or camera.

- Your precise or approximate location.

- Your browsing history across other apps or websites.

The App contains no in-App advertising and no cross-app behavioral profiling.

4. SOURCES OF PERSONAL INFORMATION

We may collect personal information from the following sources:

- Directly from you — when you create an account, use the Services, communicate with us, or otherwise provide us with your personal information.

- Automatically through the Services — from your device when you use the App or visit the Webshop, including through cookies and similar technologies on the Webshop. The App does not use cookies.

- From our service providers — when we engage them to enable certain technology, or when they process personal information on our behalf.

- From partners or other third parties — for example, payment processors confirming a transaction.

5. HOW WE USE YOUR PERSONAL INFORMATION

Depending on how you interact with us, we may use personal information for the following purposes:

- Provide, tailor, and improve the Services — for example, to perform our contract with you, process payments, fulfill Webshop orders, manage your accounts, sync your card collection across devices, allow you to sign in and recover your account, process and verify in-App purchases (Bindex Pro), diagnose crashes, and understand which App features are used.

- Marketing and advertising (Webshop only) — to send marketing, advertising and promotional communications by email, text message or postal mail about Bindex products, and to show you online advertisements based on your activity on the Webshop. The App is not used for marketing or advertising and does not show you advertisements.

- Security and fraud prevention — to authenticate your account, provide a secure payment and shopping experience, and detect, investigate or act on fraudulent, illegal, unsafe, or malicious activity.

- Communicating with you — to provide customer support and maintain our business relationship with you.

- Legal reasons — to comply with applicable law, respond to valid legal process, enforce our terms, or defend our rights.

We do not use App data for advertising, marketing profiling, or sale to third parties.

6. HOW WE DISCLOSE PERSONAL INFORMATION

We disclose your personal information only to third parties that help us operate the Services, and only as needed. We do not sell your personal data.

6.1 Service providers we share data with

- Shopify — the e-commerce platform powering the Webshop. Shopify processes Webshop order, account, and browsing data on our behalf. Shopify may also use this data to provide enhanced features such as personalized advertising across merchants. To learn more about how Shopify uses your data, see the Shopify Consumer Privacy Policy at https://www.shopify.com/legal/consumer-privacy-policy, and exercise rights via https://privacy-portal.shopify.com.

- Supabase (App) — handles authentication and database hosting for the App. Data shared: email, hashed password, display name, your collection data. Privacy policy: https://supabase.com/privacy.

- RevenueCat (App) — manages in-App purchases. Data shared: an anonymous user identifier and your subscription / entitlement status. Privacy policy: https://www.revenuecat.com/privacy.

- Sentry (App) — receives anonymous crash and error diagnostic data, hosted in the European Union. Privacy policy: https://sentry.io/privacy/.

- PostHog (App) — receives anonymous product analytics events, hosted in the European Union. Privacy policy: https://posthog.com/privacy.

- Apple App Store and Google Play (App) — process payments for Bindex Pro. Payment data is handled directly by Apple or Google; we never see your payment details. See https://www.apple.com/legal/privacy/ and https://policies.google.com/privacy.

- Pokémon TCG API / TCGdex (App) — public catalogs of Pokémon cards. We only fetch card data; no personal data is sent to these services. See https://pokemontcg.io and https://tcgdex.dev.

6.2 Other disclosures

- With business and marketing partners (Webshop only) — to provide marketing services and show you advertisements. Our partners use your information in accordance with their own privacy notices. Depending on where you live, you may have a right to direct us not to share information for this purpose.

- When you direct or consent — for example, when you ask us to ship a product to a third party, or use social media widgets or login integrations.

- With our affiliates or otherwise within our corporate group.

- In connection with a business transaction — such as a merger, acquisition, or bankruptcy.

- To comply with legal obligations — including responding to subpoenas, search warrants, court orders, and similar legal requests, and to enforce our terms and protect our rights and the rights of our users.

7. WHERE YOUR DATA IS STORED AND INTERNATIONAL TRANSFERS

Webshop data is hosted by Shopify, which operates globally and may transfer your data outside your country of residence.

App account and collection data are stored on servers operated by Supabase, which uses cloud infrastructure within the European Union and other regions.

App crash and analytics data are processed by Sentry and PostHog respectively, on infrastructure located in the European Union.

Data may be transferred to and processed in countries outside your country of residence, including the United States. Where required by law (for example under the EU/UK GDPR), such transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses, or equivalent contracts issued by the relevant competent authority, unless the transfer is to a country that has been determined to provide an adequate level of protection.

8. HOW LONG WE KEEP YOUR DATA

How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, provide the Services, comply with legal obligations, resolve disputes, or enforce our agreements.

For the App specifically:

- Active accounts — we keep your data for as long as your account exists.

- Deleted accounts — when you delete your account (see Section 11), your personal data and collection data are permanently removed from our database within 30 days.

- Backups — routine encrypted backups may retain copies for up to 30 additional days before being overwritten.

- Crash and analytics data — anonymous diagnostic and analytics events are typically retained by Sentry and PostHog for up to 12 months and then aggregated or deleted, in line with their respective policies.

- Purchase records — RevenueCat and the relevant App Store may retain anonymized purchase records longer for fraud prevention and legal/tax compliance, in line with their own policies.

9. HOW WE PROTECT YOUR DATA

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security". In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive information.

For the App:

- All network traffic between the App and our servers is encrypted using HTTPS / TLS.

- Passwords are stored only as salted hashes by Supabase; we cannot read them.

- Access to your collection data is enforced at the database level using Row-Level Security policies, meaning even our backend cannot return another user's data to you.

- We follow the principle of least privilege internally and limit administrative access to production systems.

10. YOUR RIGHTS

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. These rights are not absolute and may apply only in certain circumstances.

- Right to access / know — request access to the personal information we hold about you.

- Right to delete / erasure — request that we delete your personal information.

- Right to correct / rectification — request that we correct inaccurate personal information.

- Right to portability — receive a copy of your personal information in a machine-readable format and, in certain circumstances, transfer it to a third party.

- Right to object — object to certain processing of your personal information.

- Right to restrict processing — ask us to limit our use of your personal information for certain purposes.

- Right to withdraw consent — where we rely on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

- Managing communication preferences — you may opt out of promotional emails using the unsubscribe link in those emails. We may still send you non-promotional emails relating to your account or orders.

- Right to lodge a complaint — with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl).

To exercise any of these rights, email admin@bindexofficial.com. We will respond within the timeframe required by applicable law (and in any case within 30 days).

To learn more about how Shopify processes Webshop data and to exercise rights related to that data, see https://privacy-portal.shopify.com.

We will not discriminate against you for exercising any of these rights. We may need to verify your identity before processing your request. You may also designate an authorized agent to act on your behalf; we will require proof of authorization.

11. ACCOUNT AND DATA DELETION

Webshop accounts: email admin@bindexofficial.com from the address on the account, and we will delete your Webshop account and associated data within the time period required by applicable law (and in any case within 30 days of confirming your identity).

App accounts: you can delete your account and all associated data directly from inside the App at Settings → Delete Account. Alternatively, you may email admin@bindexofficial.com from the address on the account. Deletion is permanent and irreversible. Active Bindex Pro subscriptions must be cancelled separately in the App Store or Google Play.

12. CHILDREN'S PRIVACY

The Services are not directed at children under 13 (or under the applicable age of digital consent in your jurisdiction, e.g. 16 in parts of the EU). We do not knowingly collect personal information from children below that age.

If you are the parent or guardian of a child who has provided us with personal information, please contact us at admin@bindexofficial.com and we will delete the data promptly. As of the effective date of this Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

13. COOKIES AND TRACKING

The Webshop uses cookies and similar technologies to operate, secure, and improve the site, and (where you consent or as permitted by law) for analytics and advertising. You can manage cookie preferences through your browser or the cookie banner shown on the Webshop.

The App is a native mobile application and does not use cookies. The App does not track you across other apps or websites for any purpose.

14. THIRD-PARTY WEBSITES AND LINKS

The Services may contain links to websites or other online platforms operated by third parties. We are not responsible for the privacy or security practices of those sites. If you follow links to sites we do not operate, we encourage you to review their privacy and security policies.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time, including to reflect changes to our practices, the Services, or our service providers, or for legal or regulatory reasons. We will post the revised Privacy Policy here, update the "Last updated" date, and provide notice as required by applicable law. Continued use of the Services after changes take effect means you accept the updated policy.

16. CONTACT

For any privacy-related questions, requests, or complaints, please contact us at:

Bindex

Email: admin@bindexofficial.com