Archivist is built so that almost everything works on your own Mac. The free tier never sends your library off your machine. The paid tier syncs to our server. This page explains exactly what hits our infrastructure and what doesn't.
01Who runs Archivist
Archivist is operated by Ryan Fontenot, an independent developer based in the United States. Questions about this policy or your data go to [email protected].
02What we collect
If you visit the website (getarchivist.app): Cloudflare records standard request metadata (IP address, user agent, page accessed, timestamp) for security and rate-limiting. We do not run third-party analytics or advertising trackers.
If you join the waitlist: we store the name and email you submit, the time you submitted, your IP at submission, and which pricing tier you clicked from (if any), in a Cloudflare KV namespace. We use this only to send you the launch announcement and an early-bird discount code.
If you use the free tier of the Mac app: nothing. Your library lives in a local Postgres database on your Mac and is never transmitted to our servers. The app does fetch card data and images from Scryfall (a third party) when you scan a new card.
If you use the iOS app: the same free / paid model applies. The free tier keeps your scanned cards in a local SQLite database on your phone. The iOS app additionally collects:
- Account email + display name when you create an account (email + password, or Sign in with Apple — in which case we receive the Apple-provided email or private-relay alias and your full name on first sign-in only).
- Apple user identifier (the stable, anonymous
subfrom Apple's ID token) when you use Sign in with Apple, so we can match subsequent sign-ins to the same account. - Push notification device token issued by Apple Push Notification service. We use it only to deliver notifications you've opted into (price alerts, follower events, admin announcements). Tokens are deleted when you sign out.
- Profile fields you fill in — username, bio, optional social handles (Twitter / Discord / Instagram / personal website). Shown on your public profile inside the app.
- Wishlist + watched cards — the cards you've heart-flagged, plus any price thresholds you've set. Synced so you see the same list across devices.
- Camera frames are processed entirely on-device by Apple's Vision framework. Frames + photos are never uploaded to our servers; only the recognized card identifiers leave the device, and only on the paid tier.
If you upgrade to Plus or Lifetime: we store the email and password (hashed with bcrypt) you sign up with, your card library (names, quantities, sets, collector numbers, locations, foil flags, timestamps), and your deck imports, on our server (Postgres on a small VPS, daily encrypted backups). We don't store payment details — Stripe handles web purchases, and Apple handles in-app purchases. We do store the Stripe customer ID + Apple StoreKit original transaction ID so renewals and refunds map back to your account.
Email logs: Resend (our transactional email vendor) records delivery, open, and bounce status of emails we send you. We use this to investigate undelivered emails and improve sender reputation.
03Why we collect it
- To provide the service (sync your library across devices, send transactional emails).
- To bill you (Plus/Lifetime only, via Stripe).
- To send you product news related to the app you signed up for. No marketing for unrelated products.
- To debug — when something breaks we look at error logs that may contain technical metadata about your session.
04Where it lives
- Website + waitlist data: Cloudflare Pages + Cloudflare KV (data centers worldwide).
- App data (Plus/Lifetime): Postgres on a VPS in Europe (Hetzner) or the United States, depending on host region. Daily encrypted backups to Backblaze B2.
- Payments: Stripe (US).
- Emails: Resend (US).
- Error tracking: Sentry (US, optional, free-tier).
05Who we share it with
We don't sell or rent your data. We share it only with the service vendors listed above, strictly for the purpose of operating Archivist (e.g., Stripe needs your email to charge your card, Resend needs your email to send the launch announcement).
We will hand over data to law enforcement only when compelled by valid legal process. We'll notify you when we can.
06What you can do
- Export everything. The Mac app's Library tab has a one-click
Export librarymenu that dumps full JSON. Available on every tier including free. - Delete your account. Email [email protected] from the address on file and we'll delete it within seven days, including backups within 30 days.
- Unsubscribe. Every email has an unsubscribe link. The launch announcement and product release notes are the only emails we send to waitlisters.
- Ask for a copy. Email us and we'll provide everything we have on you in JSON.
07Cookies and tracking
We don't use cookies for analytics or ads. Cloudflare may set essential cookies for security and bot protection. Stripe Checkout uses cookies on its own checkout pages — see Stripe's cookie policy.
08Children
Archivist is not directed at children under 13 and we don't knowingly collect data from anyone under 13. If you believe a child has signed up, email us and we'll delete the data.
09Changes to this policy
If we materially change how we handle your data, we'll email everyone on the waitlist or with an account at least 14 days before the change takes effect. The "Updated" date at the top of this page reflects the latest revision.
10Contact
Privacy questions, deletion requests, data export requests: email [email protected]. Replies typically within two business days.