Privacy Policy

Last updated: April 10, 2025

This Privacy Policy describes how Lootique ("the Company", "We", "Us" or "Our") collects, uses, and discloses information when You use our mobile application and tells You about Your privacy rights and how the law protects You.

Interpretation and Definitions

Interpretation

Words with capitalised initial letters have meanings defined below. These definitions apply regardless of whether the terms appear in singular or plural form.

Definitions

  • Account means a unique account created for You to access the Service.

  • Application refers to Lootique, the mobile software application provided by the Company.

  • Company refers to Lootique, based in Serbia.

  • Country refers to Serbia.

  • Device means any device that can access the Service, such as a smartphone or tablet.

  • Personal Data is any information that relates to an identified or identifiable individual.

  • Service refers to the Lootique mobile application.

  • Service Provider means any third-party company or individual that processes data on behalf of the Company to facilitate or improve the Service.

  • Usage Data refers to data collected automatically through use of the Service, such as session duration, feature interactions, and crash reports.

  • You means the individual using the Service.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

When You create an account, We collect the following information provided through Your chosen authentication provider:

  • Email address
  • Display name
  • Profile picture URL (if provided by the authentication provider)

Usage Data

Usage Data is collected automatically when You use the Service. This may include Your device type, operating system version, IP address, app version, session duration, feature interactions, and crash or error reports.

Sign-In via Third-Party Services

You may create an account and sign in using the following authentication providers:

  • Google (via Google Sign-In)
  • Apple (via Sign in with Apple)

When You sign in through one of these providers, We receive basic profile information (name, email address, and profile picture if available) in accordance with the provider's own privacy policy. We do not receive your password or any other sensitive credential.

Camera and Photo Library Access

The core functionality of Lootique requires access to Your device's camera and photo library so You can photograph collectibles for AI-powered analysis. Images You submit are transmitted to our AI processing provider (OpenAI) to generate authentication, grading, and valuation results. Images are not stored permanently on our servers beyond what is necessary to process a scan and return results.

You can enable or disable camera and photo library access at any time through Your device settings. Disabling these permissions will prevent You from using the scanning feature.

AI-Powered Scan Data

When You scan a collectible, the image and associated metadata (item type, scan result, valuation data) are stored in Your collection in our database. This data is associated with Your account and is used to build and display Your personal collection history.

Third-Party Service Providers

We use the following third-party services to operate and improve the Application:

  • Supabase — database, authentication, and real-time data infrastructure. Your account data and collection are stored on Supabase's servers.
  • OpenAI — AI analysis of collectible images. Images You submit for scanning are sent to OpenAI's API to generate analysis results. OpenAI processes this data in accordance with its own privacy and data usage policies.
  • RevenueCat — subscription and in-app purchase management. RevenueCat processes transaction data to manage your Premium subscription.
  • PostHog — product analytics. We use PostHog to understand how features are used and improve the application. Analytics data is pseudonymised.
  • Sentry — error tracking and performance monitoring. Crash reports and error logs may be sent to Sentry to help us diagnose and fix issues.

Use of Your Personal Data

The Company uses Personal Data for the following purposes:

  • To provide and maintain the Service, including user authentication, collection storage, and scan history.

  • To manage Your Account and provide access to account-specific features and your personal collection.

  • To process subscriptions and manage access to Premium features.

  • To improve the Service through usage analytics and error monitoring.

  • To contact You when necessary regarding security updates, service changes, or account-related matters.

  • For business transfers: in the event of a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before this occurs.

  • To comply with legal obligations as required by applicable law.

Retention of Your Personal Data

We retain Your Personal Data only for as long as necessary to provide the Service and fulfil the purposes described in this Policy. Usage and analytics data is generally retained for a shorter period unless required for security or legal compliance purposes.

Transfer of Your Personal Data

Your data may be processed and stored on servers located outside Serbia, including in data centres operated by our Service Providers (such as Supabase and OpenAI). By using the Service, You consent to this transfer. We take reasonable steps to ensure Your data is handled securely and in accordance with this Privacy Policy.

Delete Your Personal Data

You have the right to request deletion of Your Personal Data. To submit a deletion request, please contact Us directly at the email address below. We will process Your request within a reasonable timeframe. Please note that We may need to retain certain information where required by law or for legitimate operational purposes.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before Your data becomes subject to a different privacy policy.

Law Enforcement

We may disclose Your Personal Data if required to do so by law or in response to valid requests from public authorities.

Other Legal Requirements

We may disclose Your Personal Data in good faith where necessary to comply with a legal obligation, protect the rights or property of the Company, prevent wrongdoing, or protect the safety of users or the public.

Security of Your Personal Data

We take the security of Your Personal Data seriously and use commercially reasonable measures to protect it. However, no method of transmission over the Internet or electronic storage is 100% secure, and We cannot guarantee absolute security.

Children's Privacy

The Service is not directed at anyone under the age of 13. We do not knowingly collect Personal Data from children under 13. If You believe Your child has provided Us with Personal Data, please contact Us and We will take steps to remove that information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify You of material changes by posting the updated policy in the Application and updating the "Last updated" date above. We encourage You to review this policy periodically.

Contact Us

If You have any questions about this Privacy Policy or wish to exercise Your data rights, please contact Us: