This Privacy Policy applies to the Kits Vault mobile application (the "Application"), provided free of charge. The Application is provided "AS IS".
The data controller for personal information processed through this Application is:
Kits Vault is a local-first app for cataloguing football shirt collections. You can use the entire app without creating an account, without an internet connection, and without sharing any personal information. If you choose to sign in with Google or Apple, your kit details (but not your photos) sync to our server so your collection follows you across devices. Photos stay in your own cloud (Google Drive or iCloud) — we never see them.
All your collection data — kits, photos, tags, valuations, notes, filters, and preferences — is stored locally on your device using SQLite and SharedPreferences. While you remain unsigned-in, this data is not transmitted to us and is protected by your device's standard operating-system protections.
On first launch, the Application creates an anonymous user ID using Supabase Anonymous Authentication. This ID is a random UUID that cannot personally identify you. It enables optional cloud sync and lets you link a Google or Apple account later without losing your data.
If you choose to sign in with Google or Apple, the Application receives a basic profile token from the identity provider — typically your display name (when shared by the provider), email address, and a stable user identifier. This links your existing anonymous ID to your account so your data stays associated with you across devices. We do not receive your password.
Before linking or signing in, the Application asks our server whether your email is already associated with a different sign-in provider on Kits Vault. This is to prevent you from creating two separate accounts by mistake. No additional information is sent or stored as part of this check.
When you are signed in with Google or Apple, the following data syncs to a Postgres database operated by our backend provider, Supabase: