Privacy Policy
Last updated: April 2026
1. Who We Are
Deka ("we", "us", "our") is a social trading card application operated by Deka, based in Ireland, and accessible at getdeka.app. Deka acts as the data controller for the personal data described in this policy.
For any privacy-related queries, you can contact our data protection point of contact at getdekaapp@gmail.com.
2. Age Requirement
Deka is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that a user is under 18, we will promptly delete their account and all associated data. If you believe a minor has created an account on Deka, please contact us immediately at getdekaapp@gmail.com.
3. Data We Collect
3.1 Account Information
When you create a Deka account, we collect your email address, display name, username, and profile photo.
3.2 Collection Data
Cards you add to your collection, wishlist, and trade bait lists, including any notes, tags, or values you assign to them.
3.3 Marketplace Data
Listings you create, offers you send or receive, trade and purchase history, negotiation messages, and reviews you leave or receive.
3.4 User Content
Photos, videos, and text you upload or publish on Deka, including post images, card photos, listing images, post text, and comments.
3.5 Device and Usage Data
Through our analytics provider (PostHog), we collect anonymised usage data such as pages viewed, features used, app version, device type, and operating system. We do not track precise location, although approximate location may be inferred from your IP address.
3.6 Technical Data
IP address, browser and app identifiers, and crash logs collected for debugging and service reliability purposes.
3.7 Card Image Data
When you use Deka's card scanning feature, your card photos are transmitted to our image recognition provider (Ximilar) for identification. These images are processed in real time and are not retained by Ximilar after the identification result is returned. Deka retains card images only as part of your collection or listing content.
4. Lawful Basis for Processing
Under the General Data Protection Regulation (GDPR), we rely on the following lawful bases to process your personal data:
- Contract: Processing that is necessary to provide you with the Deka service, including maintaining your account, enabling marketplace functionality, facilitating trades and messaging, and displaying your collection to other users.
- Legitimate Interest: Processing that supports our legitimate business interests, including improving the app through anonymised analytics, maintaining platform safety and integrity, preventing fraud and abuse, and calculating trust scores. We balance these interests against your rights and freedoms.
- Consent: Where we rely on your consent (for example, for optional marketing communications or certain non-essential analytics), you may withdraw your consent at any time by contacting us or adjusting your in-app settings.
- Legal Obligation: Processing that is necessary to comply with a legal obligation to which we are subject.
5. How We Use Your Data
We use your data to:
- Provide, operate, and maintain your Deka account and its features.
- Display your collection, wishlist, and trade bait to other users in accordance with your privacy settings.
- Facilitate marketplace transactions, trades, and messaging between users.
- Calculate and display trust scores and user reviews.
- Display indicative card pricing sourced from third-party providers.
- Improve the app through anonymised analytics and usage data.
- Communicate with you about your account, service updates, or policy changes.
- Enforce our Terms of Service, investigate potential violations, and prevent misuse.
- Monitor platform activity to maintain a safe and trustworthy environment for all users.
We do not sell your personal data to third parties. We do not currently use your data for targeted advertising. Should this change in the future, we will update this policy and notify you in advance.
6. Third-Party Services
We share data with the following third-party service providers, solely to operate and improve Deka:
| Service | Purpose | Data Shared | Location | Retention |
|---|---|---|---|---|
| Supabase | Infrastructure, database, authentication, file storage | All account and app data | Ireland (EU West) | Duration of account |
| PostHog | Analytics | Anonymised usage events, device info | EU | As configured |
| SportsCardsPro | Card pricing data | None (API queries only; no user data is transmitted) | US | N/A |
| Ximilar | Card image recognition | Card photos submitted for scanning (processed in real time, not retained by Ximilar) | EU | Not retained |
| Apple / Google | App distribution and payments | Account identifiers, payment data (handled by their systems) | US | Per their policies |
We require all third-party providers to process personal data in accordance with applicable data protection laws. Where data is transferred outside the European Economic Area (EEA), appropriate safeguards are in place.
7. Data Storage and Security
Your data is stored on Supabase servers located in the Ireland (EU West) region. We implement industry-standard security measures, including row-level security policies, encrypted connections (TLS), and secure authentication protocols.
While we take reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents that may arise.
8. Your Rights Under GDPR
Under the General Data Protection Regulation, you have the following rights in relation to your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your data. You can do this via the Delete Account feature in Settings, or by contacting us directly.
- Restriction: Request that we limit the processing of your data in certain circumstances.
- Data Portability: Receive your data in a structured, commonly used, machine-readable format.
- Objection: Object to the processing of your data where we rely on legitimate interest as the legal basis.
- Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at getdekaapp@gmail.com. We will respond within 30 days of receiving your request. If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland or your local supervisory authority.
9. Data Retention
We retain your personal data for as long as your account remains active and as necessary to provide the Deka service.
When you delete your account, all associated data is permanently removed, including your profile information, posts, collection data, listings, messages, reviews, and all uploaded images and videos.
Certain data may be retained for a limited period after account deletion where required by law or to resolve disputes, enforce our agreements, or comply with legal obligations.
10. Cookies and Tracking
Deka is a mobile application and does not use browser cookies. Our analytics provider (PostHog) may use local device identifiers for session tracking purposes. You can opt out of analytics tracking within the app settings.
11. International Data Transfers
Some of our third-party service providers are located outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision.
12. Children's Privacy
Deka is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at getdekaapp@gmail.com so that we can take appropriate action.
13. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes through the app or via email. Your continued use of Deka after any changes take effect constitutes your acceptance of the updated policy.
14. Contact
For any questions about this privacy policy or the handling of your personal data, contact us at:
Email: getdekaapp@gmail.com
Website: getdeka.app