Privacy Policy for DuckCards

Last Updated: April 17, 2025

1. Introduction

Welcome to DuckCards! This Privacy Policy explains how Kevin Heavey operating under the pseudonym kevtest.org ("we," "us," or "our") collects, uses, and discloses information about you when you use our DuckCards mobile application (the "App"). We are committed to protecting your privacy.

By using the App, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect very limited information, focusing only on what is necessary for the App's functionality:

• Bitcoin (BTC) Addresses: The core function of the App involves Bitcoin addresses, which you can enter manually or scan via QR code. These addresses are publicly available information on the Bitcoin blockchain. We store the BTC addresses you add within the App's local storage on your device to generate your DuckCards and allow you to manage your collection.
• Camera Access Data (Optional): If you choose to use the QR code scanning feature, the App will require permission to access your device's camera. This access is used solely to scan the BTC address QR code in real-time. We do not store, save, or transmit any photos or videos from your camera. The processing happens locally on your device to extract the BTC address from the QR code.
• API Keys (Optional): If you choose to use the optional enhanced features with Goldrush API or Bitquery, you may enter your own API keys. These keys are stored locally on your device and are used to make authenticated requests to these third-party services to retrieve additional data about Bitcoin addresses.

We do not collect personal information such as your name, email address, phone number, or precise location.

3. How We Use Information

We use the information we collect solely for the following purposes:

• To generate DuckCard characters based on the provided BTC addresses.
• To enable the QR code scanning functionality (with your permission).
• To facilitate sharing DuckCards using your device's native sharing capabilities.
• To store your collection of BTC addresses locally on your device.
• To visualize wallet address balances as gold vaults using public or optional authenticated APIs.
• To operate, maintain, and improve the App.

4. Data Storage

• BTC addresses you add are stored locally on your device using the App's internal storage mechanisms (e.g., AsyncStorage).
• API keys you provide for optional enhanced features (Goldrush, Bitquery) are stored locally on your device and are not transmitted to our servers.
• The App may cache API responses temporarily to improve performance and reduce unnecessary API calls.

5. Data Retention

We retain your data as follows:

• Local Storage Data: BTC addresses, API keys, and related DuckCard data remain stored on your device until you choose to delete them or uninstall the app.
• Cached API Data: Data cached from API calls may be retained temporarily on your device to improve performance and will be refreshed periodically or when you manually refresh the data.

6. Data Sharing and Disclosure

We do not sell your information. We only share information in the following limited circumstances:

• Third-Party APIs: When you use the App to view wallet balances, the App makes requests to public APIs (Mempool, Blockstream) or, if you've provided API keys, to authenticated APIs (Goldrush, Bitquery). These requests include the Bitcoin addresses you've added to your collection. Your interaction with these third-party API providers is subject to their respective privacy policies.
• Sharing Feature: When you use the App's sharing feature, you are choosing to share a DuckCard image through your device's native sharing options. We do not control how information is handled once you initiate sharing through your device's sharing mechanisms.
• Legal Requirements: We may disclose information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

7. Camera Permission

Access to your device's camera is requested only if you choose to use the QR code scanning feature to add a BTC address. Permission is required for the scanner to function. The camera feed is processed locally on your device in real-time to detect and decode the QR code. No images or video data are ever stored or transmitted off your device by the App. You can deny or revoke camera permission through your device settings, but this will disable the QR scanning feature.

8. API Usage and Wallet Visualization

The App provides visualization of wallet address balances as gold vaults using the following approaches:

• By default, the App uses public APIs (Mempool and Blockstream) that do not require authentication.
• Optionally, you can enhance this functionality by providing your own API keys for Goldrush and/or Bitquery.
• When making API requests:
• The App sends Bitcoin addresses to these services to retrieve balance and transaction data.
• If you've provided API keys, these are included in the API requests for authentication purposes.
• The response data is used to generate the visual representation of gold vaults within the App.
• Your use of these third-party API services is subject to their respective terms of service and privacy policies.

9. Analytics

We do not currently employ third-party analytics services to track or monitor usage of the App. If this changes in the future, we will update this Privacy Policy accordingly.

10. International Data Transfers

Since the App primarily stores data locally on your device, there are limited international data transfers. However, when the App makes API requests to third-party services (Mempool, Blockstream, Goldrush, Bitquery), these requests may be processed on servers located outside your country of residence. Your use of the App constitutes your consent to this transfer of information to the extent it occurs through these API calls.

11. Do Not Track

DuckCards does not track users across third-party websites, and therefore does not respond to Do Not Track (DNT) signals.

12. Data Security

We implement reasonable administrative, technical, and physical security measures to protect the information we handle against loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. However, please be aware that no security measures are perfect or impenetrable, and we cannot guarantee the absolute security of your information.

13. Children's Privacy

The App is not directed to children under the age of 13 (or the relevant age threshold in your jurisdiction), and we do not knowingly collect personal information from children. If we learn that we have collected information from a child without parental consent, we will take steps to delete that information.

14. Your Rights

Since we primarily store data locally on your device, your main rights involve managing this local data:

• You can view the BTC addresses stored within the App.
• You can delete BTC addresses from your collection within the App.
• You can remove API keys you've added for optional enhanced features.
• You can clear the App's data or uninstall the App to remove all locally stored information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make changes, we will notify you by revising the "Last Updated" date at the top of the policy and, in some cases, we may provide additional notice (such as adding a statement to our App). We encourage you to review the Privacy Policy whenever you access the App to stay informed about our information practices.

16. Contact Us

If you have any questions about this Privacy Policy, please contact us at:
privacy@kevtest.org