Privacy Policy
Effective July 17, 2026 · Applies to The Tin for iOS
The short version: The Tin has no account, no analytics, and no tracking. Your collection is stored on your device and never uploaded. The only thing our servers ever see is an anonymous identifier used to deliver card data. The app is open source, so all of this is verifiable, not just promised.
What we collect
Three things, all of them technical necessities:
- An anonymous identifier. On first launch the app signs in anonymously with Firebase (a Google service) so it can download card data from a backup source. This identifier is a random string; it is not connected to your name, email, phone number, or anything else — no such information exists in The Tin, because there is nothing to sign up for.
- Device integrity attestation. The app uses Apple's App Attest to prove to our card-data server that requests come from a genuine copy of The Tin. Attestation tokens describe the app's integrity, not you.
- Transient server logs. Like effectively every server on the internet, our card-data server and its content delivery network (Cloudflare) see the IP address of incoming requests in routine operational logs. These logs are used only to keep the service running and are not used to identify or profile anyone.
What we don't collect
- No name, email address, or account of any kind.
- No analytics, usage statistics, or behavioral data.
- No advertising identifiers — there are no ads.
- No crash-reporting service harvesting your device details.
- No collection data. The cards you own, want, scan, or value are stored in a database on your device. They are never transmitted to us or to anyone else. Camera frames used by the scanner are processed on-device and never uploaded.
Third-party services
The Tin relies on a small set of infrastructure providers, each of which processes only the technical data described above:
- Google Firebase (anonymous authentication, backup content delivery, app integrity) — Firebase privacy documentation
- Cloudflare (content delivery for card data) — Cloudflare privacy policy
- Apple (App Attest device integrity) — Apple privacy policy
If you open a card's marketplace listing (eBay, TCGplayer), that page loads in an in-app Safari view and those sites' own privacy policies apply from that point.
Data deletion
Deleting the app deletes your collection, because your device is the only place it ever existed. The anonymous identifier becomes permanently orphaned — it points to nothing and can't be connected to you. If you have any questions or a deletion request, contact us and we'll help.
Children
The Tin is not directed at children under 13, and it collects no personal information from anyone — which is the strongest protection we can offer any user, of any age.
Changes to this policy
If this policy changes, the new version will be posted here with a new effective date. Because the site and app are open source, the full history of every change is public.
Contact
Questions about privacy: support@thetinapp.com