Privacy Policy

Last updated: April 2026

1. Introduction

Stiksy ("we", "our", or "us") is operated by Gustavo Paixao. We operate the Stiksy mobile applications (iOS and Android) and related services, including the stiksy.ca website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our apps and services. Please read this policy carefully. By using Stiksy, you consent to the practices described herein.

2. Information We Collect

2.1 Account Information

When you create an account or sign in, we collect:

  • Email address – when you register with email or use OAuth (Google, Apple, Facebook)
  • Display name – the name you choose to display in the app
  • User ID – a unique identifier we assign to your account
  • OAuth provider IDs – identifiers from Google, Apple, or Facebook when you sign in with those services
  • Subscription status – when you subscribe to Premium, Apple App Store or Google Play processes payment; we receive subscription tier, status, and related identifiers from the stores to unlock features in the app

2.2 Device Information

For push notifications and app functionality, we collect:

  • Push notification token – Firebase Cloud Messaging (FCM) token on Android, Apple Push Notification service (APNs) on iOS, to deliver notifications
  • Device metadata – platform (iOS/Android), device model, OS version, app version (for support and compatibility)

2.3 Usage and Product Analytics

We use Firebase Analytics to understand how the app is used and to improve the product. This may include:

  • Screen views and navigation
  • App events (e.g., album created, sticker toggled, duplicates shared)
  • Technical identifiers used for analytics and diagnostics in line with Firebase’s settings

Firebase Analytics is used for product improvement, diagnostics, and understanding feature usage. It is separate from how third-party advertising networks may process data when ads are shown, as described in the Advertising section below.

2.4 Advertising

Depending on your subscription and app version, you may see banner advertisements.

  • Stiksy advertising platform – we may serve first-party or Stiksy-managed promotional content through our own systems
  • Google AdMob – on platforms where we integrate Google Mobile Ads (for example, the iOS app), Google may process device and advertising-related data to deliver and measure ads in accordance with Google’s policies and your consent settings where applicable
  • Ad interaction data – limited events (such as impressions or taps) may be processed to operate our ad systems and improve relevance

Premium may offer an ad-free or reduced-ad experience where that benefit is available in your version of the app. Advertising partners process data under their own privacy policies for the portions of the service they power.

2.5 Stiksy Iris and AI-Assisted Recognition

When you use Stiksy Iris (sticker and trading card recognition), you submit photos (and optionally on-device text extracted from those photos) so we can suggest catalog matches.

  • Photos of stickers or cards – uploaded for processing; images may be stored or hosted using Cloudinary (or similar infrastructure) as part of the upload and recognition pipeline
  • On-device OCR text – optional transcripts from your device may be sent to our servers to improve matching when you choose to provide them
  • Recognition results – suggested items, confidence scores, and related metadata we store with your account to show history and improve the feature
  • AI processing – image data and text hints are sent from our servers to a configured third-party AI provider (such as Google Gemini or OpenAI, depending on our environment) solely to infer product information visible on the item (e.g., names, numbers, teams). We do not send your name, email address, postal address, or other account profile information to the AI provider as part of those recognition requests. Our systems may use your internal user ID on Stiksy’s side for credits, billing, rate limits, logging, and storing scan records—that processing stays on Stiksy-controlled systems and is not included in the content sent to the AI provider for vision analysis.

Iris is optional and only runs when you initiate a scan. Scan records and associated media references are retained while your account is active unless we delete them sooner in line with our retention practices or your requests.

2.6 Optional Location

If you enable location features (e.g., for marketplace listings), we may collect approximate location (city or country level) to help other users find nearby items. You can control location precision or disable it at any time. Location is optional and not required for core app functionality.

2.7 Content You Create and Visibility

We store content you create in the app so we can provide the service. Depending on your settings and features you use, some information may be visible to other users.

  • Albums and sticker progress – stored for your account; album visibility (private, friends-only, or public) controls who can see collection details when you enable sharing
  • Marketplace listings – when you publish a listing, information you include (such as description, price, and album context) may be visible to other users browsing or searching the marketplace; listings may be reported for moderation
  • Friends and social graph – friend requests and connections are stored to power friend features and visibility rules you choose
  • In-app messages – messages you send through Stiksy chat are stored and delivered to recipients you select
  • Trade and QR features – information needed to share or import duplicate lists (for example via QR codes) is processed to complete those flows

You should avoid posting sensitive personal information in public listings or messages unless you intend to share it.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services (including Stiksy Iris, marketplace, friends, and chat)
  • Authenticate your account, manage your profile, and manage subscription entitlements
  • Send push notifications (e.g., new messages, offers on your listings)
  • Run product analytics via Firebase to understand usage and improve the app
  • Deliver and measure advertising on supported plans and platforms, including through Stiksy-managed ads and, where integrated, Google AdMob
  • Comply with legal obligations and enforce our terms

We do not sell your personal information to data brokers. Advertising may involve third-party ad technology providers (such as Google when AdMob is used); those providers process certain data under their own policies for ad delivery and measurement. Where required by law or platform rules, we rely on consent or legitimate settings (for example, Apple’s App Tracking Transparency or Google’s consent tools) for personalized advertising.

4. Third-Party Services

We use the following third-party services that may process your data. Each has their own privacy policy that governs their data handling:

  • Google – Sign-In for authentication; Firebase Cloud Messaging for push notifications (Android); Firebase Analytics for product analytics; Google AdMob for advertising on platforms where integrated. See Google’s Privacy Policy and, for ads, Google’s Advertising policies.
  • Apple – Sign in with Apple for authentication; Apple Push Notification service (APNs) for iOS push notifications; App Store for subscription purchases. See Apple’s Privacy Policy.
  • Meta (Facebook) – Facebook Login for authentication when you sign in with Facebook. See Meta’s Privacy Policy.
  • Cloudinary (or similar media infrastructure) – hosting and delivery of user-uploaded images used in Iris and related features.
  • AI providers (e.g., Google Gemini or OpenAI, depending on configuration) – vision and text processing for Stiksy Iris as described in this policy.

These providers process data as subprocessors or independent controllers as described in their terms. We require service providers acting on our behalf to use data only for the purposes we specify, to the extent contractually possible.

5. Data Retention

We retain your data while your account is active. Push notification tokens are automatically removed when you log out or after 90 days of inactivity. Iris scan records, recognition outputs, and references to uploaded images (such as Cloudinary asset identifiers) are generally kept for as long as your account remains active so you can review history and we can operate support and safety processes, unless a shorter retention period applies by law or we delete them sooner. If you delete your account, we will delete or anonymize your personal data in accordance with our retention policy and applicable law (e.g., GDPR, CCPA).

6. Your Rights

Depending on your location, you may have the right to:

  • Access – Request a copy of your personal data
  • Correction – Request correction of inaccurate data
  • Deletion – Request deletion of your data (you can delete your account in app settings)
  • Portability – Receive your data in a portable format
  • Opt-out – Disable analytics or push notifications in app settings; where available, use device or in-app controls to limit personalized advertising from ad networks
  • Object – Object to processing of your data (where applicable), including certain types of marketing or profiling where the law provides that right

For EU/EEA users: you have rights under the GDPR. For California users: you have rights under the CCPA. To exercise your rights, contact us at the email below. We will respond within the timeframe required by law.

7. Security

We use industry-standard measures to protect your data, including encryption in transit (HTTPS/TLS), hashed passwords (bcrypt), and secure database access. OAuth tokens are verified server-side. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

8. Children's Privacy

Stiksy is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such data, please contact us and we will delete it promptly.

9. International Transfers

Your data may be processed in countries where our servers or service providers are located (including Canada, the United States, the European Union, and other regions where our hosting or subprocessors operate). We ensure appropriate safeguards (e.g., standard contractual clauses, adequacy decisions) when transferring personal data outside the EU/EEA where required.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the app or by email. The "Last updated" date at the top indicates when this policy was last revised. Continued use of Stiksy after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Stiksy
Email: —