Boot's Market is a Pokemon TCG price tracking tool built and operated by one person. This policy explains exactly what data we collect, what we do with it, and what rights you have over it. We've written this in plain English because most privacy policies are designed to obscure rather than inform.
We only store what's necessary to make the app work. Here's exactly what we keep:
| DATA | WHY IT'S STORED | WHERE |
|---|---|---|
| Username | Identifies your account | Server (users.json) |
| Password hash | Verifies your identity on login. Your actual password is never stored — only a one-way cryptographic hash. | Server (users.json) |
| Account creation date | Internal record keeping | Server (users.json) |
| Portfolio entries | Card name, set, what you paid, quantity, condition, notes — everything you add to your collection tracker | Server (portfolio.json) |
| Watchlist entries | Cards you're tracking, target prices, last scanned price | Server (watchlist.json) |
| Last AI analysis | Cached so repeat views don't consume additional API resources | Server (analyze_cache.json) |
We read your IP address solely to enforce rate limits on API calls and prevent abuse. IP data is held in server memory only. It is never written to disk, never logged permanently, and never shared. It is cleared automatically when the server restarts.
Boot's Market uses the following external services to function:
We do not sell your data to any of these services or any third party. Ever.
Boot's Market participates in the eBay Partner Network. Card links in your portfolio and watchlist are affiliate links. We may earn a small commission if you make a purchase through these links, at no additional cost to you. This does not influence the price data shown in the app or the responses provided by Boots AI.
We use one cookie: a session cookie that keeps you logged in. It contains a session identifier only — no personal data. It expires when you close your browser or after 30 days, whichever comes first. We do not use advertising cookies, tracking cookies, or analytics cookies of any kind.
We do not sell personal information as defined under the California Consumer Privacy Act (CCPA). We do not share personal information with third parties for their direct marketing purposes. California residents have the right to know what personal information we collect, request deletion of their data, and opt out of sale — though we have nothing to opt out of since we do not sell data.
To exercise any of these rights, contact us at bootsmarket.app@gmail.com.
Boot's Market requires users to confirm they are 13 or older at signup. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, contact us at bootsmarket.app@gmail.com and we will delete the account and all associated data promptly.
Passwords are hashed using bcrypt before storage and the plaintext password is never retained. We implement industry-standard security measures appropriate for a service of this size, including secure session management and encrypted connections. If you discover a security vulnerability, please contact us at bootsmarket.app@gmail.com before disclosing publicly.
If we make material changes to this policy, we will post a notice within the app for at least 30 days before the change takes effect. We will also update the effective date at the top of this page. Since we do not collect email addresses, in-app notice is our primary notification mechanism. Continued use of the app after changes take effect constitutes acceptance.
This policy is governed by the laws of the State of Colorado, United States.