App Privacy Policies: Mobile Hangar: TCG Builder

Privacy Policy for Mobile Hangar: TCG Builder

Last Updated: April 3, 2026

Extra-Turn Games / Tinkavu LLC (“we,” “our,” or “us”) built the Mobile Hangar: TCG Builder app (the “App”) as a Freemium app. This SERVICE is provided by Extra-Turn Games at no cost, with optional premium upgrades available, and is intended for use as is. The App is an unofficial, fan-made companion for the Gundam Card Game and is not affiliated with, endorsed by, or officially connected to Bandai Co., Ltd., Sunrise Inc., or any other rights holder.

This page is used to inform visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decides to use our Service. By using the App, you agree to this Privacy Policy.

1. Information Collection and Use

For a better experience while using our Service, we may require you to provide us with certain personally identifiable information. The information that we request will be retained by us and used as described in this privacy policy.

Camera Usage: The App requires access to your device’s camera strictly for the purpose of scanning and identifying trading cards locally on your device via Optical Character Recognition (OCR). We do not record video, take permanent photos, or transmit your camera feed to any external servers. All image processing happens locally on your device using on-device ML Kit.

Google Sign-In and Cloud Backups: The App offers an “Active Pilot” login system utilizing Google Sign-In (via Firebase). We collect your email address solely to establish a secure user profile. Additionally, the App requests permission to access your Google Drive. This permission is heavily restricted: the App can only read and write files that it creates itself (stored in a “Mobile Hangar” folder in your Drive). We do not have access to your personal Google Drive files, photos, or documents. Cloud backups are entirely optional and user-initiated.

In-App Purchases: If you choose to upgrade to our Pro License, your purchase is processed securely through the native Google Play Store or Apple App Store and managed via RevenueCat. We do not collect, process, or store your credit card information.

Advertising: The free tier of the App displays non-personalized advertisements via Google AdMob. We request non-personalized ads only, which limits the data shared with Google’s advertising network. Users in certain regions (EU, UK, etc.) will be presented with a consent prompt at first launch. Pro subscribers see no advertisements.

Bug Reports and Feature Requests: If you manually submit a bug report or feature request via the App’s communications module, your email address, description, device model, operating system version, and platform are stored in Google Firebase Firestore to help us resolve the issue.

2. Data We Do Not Collect

We believe in minimal data collection. The following data is not collected by the App:

• Location data of any kind
• Camera images, video frames, or OCR results — all scanning is processed locally on your device and nothing is transmitted
• Usage analytics or behavioral tracking (no Google Analytics, Crashlytics, Mixpanel, or similar SDKs are used)
• Persistent device identifiers for advertising or tracking purposes
• Personalized advertising profiles
• Your card collection, decks, or wishlist data — these are stored locally on your device only, unless you choose to enable cloud backup

3. How Your Data Is Stored

On Your Device (Local): Your card collection, decks, wishlists, and app preferences are stored in a local database on your device. This data never leaves your device unless you explicitly enable cloud backup.

Google Drive (Optional, User-Initiated): If you sign in and enable backups, your collection data is saved to a “Mobile Hangar” folder in your own Google Drive account. We do not have access to your Google Drive — backups are written using your Google account credentials and stored in your personal Drive storage. You can delete these files at any time directly from your Google Drive.

Firebase (Account & Reports Only): Your Google Sign-In credentials are managed by Firebase Authentication. If you submit a bug report or feature request, that submission is stored in Google Firebase Firestore.

4. Third-Party Services

The App uses third-party services that may collect information used to identify you. Each operates under its own privacy policy:

• Google Play Services
• Google Firebase (Authentication & Firestore)
• Google AdMob
• RevenueCat

We do not sell, rent, or share your personal data with any parties beyond those listed above, and only for the purposes described in this policy.

5. Log Data and Bug Reports

Whenever you use our Service, in the case of an error in the App, we may collect data and information on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics. If you manually submit a bug report via the App’s “Communications” module, your email address and system telemetry are attached to help us resolve the issue.

6. Notifications

The App uses local notifications only to alert you when new card sets are detected during a database sync. We do not use remote push notification servers and no notification tokens are transmitted to our systems.

7. Data Retention

• Local data (collection, decks, preferences): Retained on your device until you delete the App or clear its data.
• Google Drive backups: Retained in your personal Google Drive until you delete them. Auto-backups follow your configured retention period (default: 7 days).
• Firebase account data: Retained while your account is active. Deleted upon account deletion request.
• Bug and feature reports: Retained in Firestore for up to 2 years or until the issue is resolved, whichever comes first.
• RevenueCat subscription data: Retained per RevenueCat’s data retention policy.

8. Security

We value your trust in providing us with your Personal Information, thus we are striving to use commercially acceptable means of protecting it. Specific measures include HTTPS encryption for all network communications, OAuth 2.0 for Google Sign-In and Drive access (we never see or store your Google password), and local-first database storage with no remote server exposure. Your cloud backups are secured directly by Google Drive’s infrastructure. However, remember that no method of transmission over the internet, or method of electronic storage, is 100% secure and reliable, and we cannot guarantee its absolute security.

9. Children’s Privacy

These Services do not address anyone under the age of 13, or the minimum digital age of consent in your country, whichever is higher. We do not knowingly collect personally identifiable information from children below the applicable age. In the case we discover that a child under the applicable age has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we can take the necessary steps.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

All Users:

• Access: Request a summary of the personal data we hold about you.
• Deletion: Request deletion of your personal data. Since most data is stored locally on your device or in your own Google Drive, you can delete it directly. For Firebase-stored data (account, bug reports), contact us.
• Opt out of ads: Upgrade to Mobile Hangar Pro to remove all advertising.

Users in the European Economic Area (EEA), United Kingdom, and Switzerland: In addition to the above, under the GDPR and UK GDPR you have the right to rectification (correction of inaccurate data), data portability (your local data can be exported via the backup feature in JSON format), restriction of processing, and the right to object to processing. You also have the right to lodge a complaint with your local data protection authority.

Legal basis for processing (EEA/UK/CH): Consent (Google Sign-In, Drive backups, ad display); Contract performance (subscription management via RevenueCat); Legitimate interest (bug report processing, app functionality).

Users in Canada: Under PIPEDA, you have the right to access, correct, and request deletion of your personal data. Contact us using the details below.

Users in Japan: Under the APPI, you have the right to request disclosure, correction, or deletion of your personal data. We share data with Google (USA) and RevenueCat (USA) as described in Section 4.

Users in Brazil: Under the LGPD, you have rights to access, correction, deletion, portability, and information about third-party sharing similar to those described for EEA/UK users above.

11. International Data Transfers

The App is operated from the United States. If you use the App from outside the United States, your data (limited to: your email via Google Sign-In, bug reports if submitted, and subscription status via RevenueCat) may be transferred to and processed in the United States.

Our third-party service providers (Google, RevenueCat) maintain appropriate safeguards for international data transfers, including Standard Contractual Clauses where required. Your collection data, decks, and wishlists remain on your device unless you choose to back them up to your own Google Drive account.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page with an updated “Last Updated” date.

13. Contact Us

If you have any questions or suggestions about our Privacy Policy, or wish to exercise any of your data rights, do not hesitate to contact us at: Info@guillotine-life.com

Tinkavu LLC / Extra-Turn Games — extraturngames.com