PokittBack to home
PRIVACY POLICY

Privacy Policy

This policy explains what personal information Pokitt collects, both on this website and in the Pokitt app, how we use it, who we share it with, and the rights you have over it under UK law.

Last updated · 25 May 2026

1. Who we are

Pokitt is a pre-launch product operated by Blood Brother Media, based in the United Kingdom. For the purposes of UK GDPR and the Data Protection Act 2018, Blood Brother Media is the data controller of any personal information you provide through this website (pokitt.app).

You can reach us about anything in this policy at hello@pokitt.app.

2. What we collect

When you reserve a beta seat using our signup form, we ask you for the following information:

  • Required: email address, full name, phone number.
  • Profile context: country, primary trading card game of interest, approximate value of your collection (banded), and (optionally) the apps you currently use, your approximate monthly spend, and your top product priorities.
  • Free-text feedback (optional): the biggest pain point you have with existing tools, and any features you wish existed.
  • Technical metadata: the browser user-agent string of the device you submitted from, and the timestamp of your submission.

We also collect basic, privacy-friendly visit analytics through Vercel Analytics. This includes pages viewed, country of origin (derived from IP, then discarded), and approximate device type. It does not use cookies or fingerprinting, and it does not identify you personally.

When you use the Pokitt app, we also process:

  • Account. Your Apple ID identifier via Sign in with Apple (we never see your Apple password), plus the name and email you choose to share, and your handle, display name, bio and avatar.
  • Age. Your birth year and age band, used to apply age-appropriate protections (see section 7).
  • Your content. The cards in your collection and wishlist, any purchase prices or notes you add, and your posts, comments, stories, poll votes and direct messages.
  • Usage and crash data. In-app analytics (via PostHog, stored in the EU) to help us understand and improve the app, and crash diagnostics (via Sentry, stored in the EU) to fix faults. Neither is used for advertising.

The app does not collect payment card numbers, precise location, your contacts, or advertising identifiers for cross-app tracking.

3. Why we collect it & our lawful basis

We process the data above on the lawful basis of consent (you choose to submit the form) and our legitimate interest in building, validating and launching the Pokitt iOS app to a founding cohort of collectors.

Specifically:

  • Your email address is used to invite you to the beta cohort, share major product updates, and notify you when your slot opens. Nothing else.
  • Name and phone number let us prioritise founding cohort invites and reach you in the event of TestFlight setup issues. We will never use your phone number for marketing cold-calls.
  • Profile, spend, and priorities help us shape the product before launch. They are aggregated and never shared individually.
  • Technical metadata helps us debug submission issues and understand which devices our future users are on.

4. Who we share it with

We do not and will not sell your personal data. The only third parties involved in handling it are processors strictly necessary to operate Pokitt:

  • Apple. Sign in with Apple handles your login to the app. We never receive your Apple password.
  • Supabase. Our app database, file storage and backend, which holds your account and the content you create.
  • PostHog (EU region). In-app usage analytics, to help us understand and improve the app.
  • Sentry (EU region). App crash and error diagnostics, so we can fix faults quickly.
  • Beehiiv. When wired in, our newsletter platform stores your email address and name to send you the cohort-opening email and major product updates. Beehiiv is a US-based provider with appropriate safeguards in place for international data transfers under UK GDPR.
  • Vercel. Our website hosting provider. Vercel processes the page request that submits the form, but does not store your personal data beyond standard server logs (retained for at most 30 days for security).
  • Authorities. Only where strictly required by UK law (for example, in response to a valid court order).

5. How long we keep it

We retain your beta-waitlist data until either (a) you ask us to delete it, (b) you unsubscribe and don’t engage for 24 months, or (c) the founding cohort programme ends and you have not converted to an active Pokitt user. After that, we permanently delete or anonymise it.

Server-side technical metadata (user-agent strings, submission timestamps) is purged automatically after 12 months.

6. Your rights

Under UK GDPR you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectify any data that is inaccurate or incomplete.
  • Eraseyour data (the “right to be forgotten”).
  • Restrict or object to processing in certain circumstances.
  • Withdraw consentat any time, by replying to any email we send you with the word “unsubscribe,” or by emailing us directly.
  • Data portability. Receive a machine-readable copy of your data.
  • Lodge a complaintwith the UK Information Commissioner’s Office (ICO) at ico.org.uk if you believe we’ve handled your data unlawfully.

In the Pokitt app, you can delete your account and personal data directly from Settings at any time.

To exercise any of these rights, email hello@pokitt.appwith the subject line “Data request.” We respond within 30 days.

7. Children and young people

Pokitt is for collectors aged 13 and over. We do not allow accounts for children under 13, and we ask for age at sign-up so we can apply age-appropriate protections, in line with the UK Children’s Code (the Age Appropriate Design Code).

For members under 18, we apply extra protections by default:

  • Safer messaging. Younger members only receive direct messages from people they mutually follow, and messaging includes blocking and reporting, which we act on.
  • Privacy by default. We minimise the data we collect from younger members and never profile them for advertising.
  • Protected age details.A member’s age information is not shown to other users.

If you believe a child under 13 has created an account, or you have any concern about a young person’s data, contact us at hello@pokitt.app and we will act promptly.

8. Security

We protect your data with industry-standard security: encrypted transport (HTTPS), access-controlled storage, and minimum-privilege processor relationships. No system is perfect, but we will notify you, and the ICO, within 72 hours of becoming aware of any personal data breach that affects you.

9. Cookies

Pokitt’s landing page does not set tracking cookies or third-party advertising cookies. We use only essential, technical state for things like the multi-step form and your current scroll position. Vercel Analytics, our visit-counter, is cookie-less by design.

10. Changes to this policy

As we move from waitlist to public launch, this policy will evolve. When it changes materially, we’ll email everyone on the waitlist before the new version takes effect, and you can withdraw consent at that point.

11. Contact

Any questions about your personal data: hello@pokitt.app.