Privacy Policy

Last updated: May 23, 2026

This Privacy Policy describes how HotScan ("we", "us", or "our") collects, uses, and protects your information when you use the HotScan mobile application ("the App") on iOS and Android. HotScan is operated by Grace Apps.

By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Account information

Email address and name — collected when you create an account or sign in with Google or Apple.
Authentication identifier — a unique user ID issued by your sign-in provider (Google or Apple) and by our authentication backend.

1.2 Content you provide

Photos — images you choose to scan. Each photo is sent to our AI vision provider for car identification. If you save a scan to your Collection, the photo is stored alongside the saved entry.
Collection and Wishlist data — cars you add, including names, series, year, rarity, prices, and your own notes.
Scan History — a record of each scan, including the identified car and the market price at the moment of the scan.

1.3 Subscription and purchase data

Purchase History — records of in-app purchases (HotScan Pro Monthly, HotScan Pro Yearly), processed by Apple App Store or Google Play. We receive a transaction receipt (no payment card data) to verify your subscription status.
Apple/Google receipts are forwarded to our subscription management partner (Adapty) for validation and entitlement.

1.4 Usage data

Scan counts — daily and total scans, used to enforce the free-tier daily limit and Pro entitlements.
App interactions — screens viewed, actions taken (e.g. scan completed, collection add, paywall view), used for product analytics.
Crash and diagnostic data — automatic reports if the App crashes or encounters an error, used to improve stability.

1.5 Device and identifier data

Device model, OS version, language, country, app version — collected automatically.
Device ID and installation ID — a per-installation identifier used by our analytics and attribution partners.
Advertising identifier (IDFA on iOS, Google Advertising ID on Android) — collected only for measuring marketing attribution. On iOS, this is collected only if you grant permission via the App Tracking Transparency (ATT) prompt. If you decline, our attribution partner operates in a non-IDFA mode.
Approximate location — derived from your IP address (country/region only). We do not access GPS or precise location.

2. How We Use Your Information

To identify diecast cars from photos using AI image recognition.
To fetch real-time market prices and listings from public marketplace data.
To store and sync your Collection, Wishlist, and Scan History across your devices.
To enforce free-tier limits and manage your subscription entitlement.
To authenticate you securely through your chosen sign-in provider.
To diagnose crashes and bugs and improve app stability.
To measure marketing campaign performance and understand which channels users discover HotScan through.
To communicate with you about support requests or material updates to the service.

We do not serve advertisements inside HotScan. We do not sell or rent your personal data.

3. Third-Party Service Providers (Sub-processors)

HotScan relies on the following service providers. Each is bound by their own privacy policy and processes data only as needed to provide their service to us:

Provider	Purpose	Data shared	Privacy Policy
Supabase	Authentication, database, file storage, edge functions	Account info, Collection/Wishlist/History data, photos saved to Collection	supabase.com/privacy
OpenAI	AI vision (car identification from photos)	Scan photos and the prompt context. Photos are sent server-side and are not used by OpenAI to train models when sent via the API.	openai.com/policies/privacy-policy
eBay (Browse API)	Live marketplace pricing data	Search queries derived from the identified car (name, model, year). No user-identifying data sent.	eBay Privacy Policy
eBay Partner Network (EPN)	Affiliate links — when you tap "View on eBay" we route you through an affiliate link so we may earn a commission on qualifying purchases (at no extra cost to you)	No personal data is sent by us. eBay and the eBay Partner Network may set their own cookies and identifiers on eBay's site to attribute the referral, subject to eBay's privacy policy.	eBay Privacy Policy
Adapty	Subscription validation, entitlement management, in-app purchase receipts	Apple/Google receipts, anonymized user ID, subscription status	adapty.io/privacy
Apple App Store / Google Play	In-app purchase and subscription processing	Payment is processed by Apple or Google. We never receive your payment card data.	Apple / Google
Google Sign-In	Optional authentication	Email and name, only when you choose to sign in with Google	policies.google.com/privacy
Apple Sign-In	Optional authentication (iOS)	Apple user identifier, optionally email/name (you may choose to hide your email)	apple.com/legal/privacy
Firebase (Google)	Product analytics and crash reporting (Firebase Analytics + Crashlytics)	App interaction events, device info, installation ID, crash stack traces	firebase.google.com/support/privacy
AppsFlyer	Mobile marketing attribution (measuring which campaigns drive installs)	Device identifiers (IDFA only with ATT consent on iOS; Google Advertising ID on Android), install/event timestamps, IP-derived country	appsflyer.com/legal/services-privacy-policy

4. Tracking and Advertising Identifiers

HotScan uses identifiers strictly for marketing attribution measurement. We do not use them to serve ads inside the App (there are no ads). We do not share them with ad networks for retargeting.

4.1 iOS — App Tracking Transparency (ATT)

On iOS, the first time you use the App you will see Apple's standard tracking permission prompt. If you allow tracking, AppsFlyer may use the IDFA to attribute your install to a marketing campaign. If you decline, AppsFlyer operates without the IDFA and uses only non-identifying signals (such as country and install timestamp).

You can change this choice at any time in Settings → Privacy & Security → Tracking on your device.

4.2 Android — Advertising ID

On Android, the Google Advertising ID is collected by AppsFlyer for the same attribution purpose. You can reset or limit this identifier in Settings → Google → Ads on your device.

4.3 Affiliate Links (eBay Partner Network)

HotScan is a participant in the eBay Partner Network, an affiliate program. When you tap a link to view an item on eBay, you are routed through an affiliate link and we may earn a commission if you make a qualifying purchase — at no additional cost to you, and it does not affect the prices you see. The referral is tracked by eBay using its own cookies and identifiers on eBay's website, governed by eBay's privacy policy; HotScan does not receive any personal information about your eBay activity or purchases.

5. Apple App Store Data Categories

For transparency, the following categories match what we declare on Apple's App Privacy form in App Store Connect. All categories are linked to your identity and used for App Functionality, Analytics, or Product Personalization:

Contact Info — email address, name
User Content — photos you scan or save, your collection notes
Identifiers — user ID, device ID, other identifiers (used by Firebase and AppsFlyer for analytics and attribution)
Purchases — purchase history (subscription status)
Usage Data — product interaction events; advertising data (campaign attribution)
Diagnostics — crash logs and performance metrics

Tracking (as defined by Apple) is enabled via the AppsFlyer SDK and only after your explicit consent through the ATT prompt.

6. Data Storage and Security

Your account, Collection, Wishlist, and Scan History data is stored in our Supabase project. Each user's data is access-controlled at the row level so that you can only read or modify your own records. Data is encrypted in transit (HTTPS/TLS) and at rest by our service providers.

While we apply industry-standard safeguards, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security but commit to notifying affected users promptly in the event of a data breach as required by applicable law.

7. International Data Transfers

Our service providers may store and process data outside your country of residence, including in the United States. Where data is transferred from the European Economic Area, the United Kingdom, or Switzerland to a country without an adequacy decision, the transfer is covered by Standard Contractual Clauses or equivalent safeguards put in place by the relevant service provider.

8. Data Retention

Account data — retained while your account is active.
Account deletion — when you delete your account from the App's Profile screen (or by request to developer@graceappsai.com), your account, Collection, Wishlist, and Scan History are deleted within 30 days. Backup copies are removed within a further 30 days.
Subscription records — retained for as long as required by applicable accounting and tax law, even after account deletion (Apple/Google retain their own purchase records independently).
Analytics and crash data — retained in aggregated form for up to 14 months by Firebase per its standard retention.

9. Children's Privacy

HotScan is not directed at children under the age of 13 (or under 16 in jurisdictions where that is the relevant age). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your account and personal data ("right to be forgotten").
Request a portable copy of your data.
Object to or restrict certain types of processing.
Withdraw your tracking consent at any time via your device settings (see Section 4).

EU/EEA and UK users (GDPR): you may lodge a complaint with your local data protection authority.

California residents (CCPA/CPRA): you have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of "sales" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising.

To exercise any of these rights, contact developer@graceappsai.com.

11. In-App Purchases and Subscriptions

HotScan offers two auto-renewable subscriptions:

HotScan Pro Monthly — $6.99 per month
HotScan Pro Yearly — $49.99 per year

Subscriptions are charged to your Apple ID or Google Play account at confirmation of purchase and renew automatically unless cancelled at least 24 hours before the end of the current period. You can manage or cancel your subscription at any time in your App Store or Google Play account settings.

Our Terms of Use are Apple's Standard End User License Agreement: apple.com/legal/internet-services/itunes/dev/stdeula/.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of this page and, where appropriate, by an in-app notice. Continued use of the App after the update constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise any of your rights:

Grace Apps
developer@graceappsai.com