Tuck · NYRAI LLC · Last updated 1 July 2026
Tuck collects nothing. There is no account, no sign-in, and no server that stores your data. Every card you scan — its number, its photo, the name on it — lives only on your iPhone. Our App Store privacy label is, accurately, "Data Not Collected."
Nothing. Tuck has no backend that stores your information, no analytics, no advertising SDKs, and no third-party trackers. We do not collect your name, email, location, contacts, usage analytics, or crash reports. We have no way to see what cards you scan or what's in your wallet.
The cards you scan — the raw barcode number, the original card photo, any name or label you add — are stored only on your device. The finished passes live in Apple Wallet, on your device and (if you use it) your own iCloud, under your Apple Account. NYRAI LLC never receives, stores, or has any way to access any of it.
To turn a card into a Wallet pass, Apple requires it to be digitally signed. We do that without ever sending your card: only a set of fingerprints (secure hashes) leaves your phone to be signed — never the number, never the photo, never the name. The signed result comes back and the pass is assembled on your device.
In technical terms: Apple Wallet passes must carry a cryptographic signature
that only Apple-issued certificates can produce. When you create a pass, Tuck
computes secure SHA-1 hashes of the pass's contents —
a small file called manifest.json that is just a list of one-way
fingerprints. Those fingerprints, and only those fingerprints, are sent to a
signing service to be countersigned. A hash cannot be reversed back into your
card number, photo, or name, so none of that data ever leaves your phone. The
signed manifest comes back, Tuck attaches it to the pass it already built
locally, and the pass is installed into Apple Wallet on your device.
The signing service stores nothing and logs nothing — it signs the fingerprints and forgets them. It is open source so anyone can verify exactly what it does and does not do.
Tuck contains no analytics, no advertising identifiers, no fingerprinting, and no third-party trackers of any kind. We do not know you are using the app, and we do not want to. The website you are reading this on carries no trackers either.
Tuck uses your camera only while you are actively scanning a card, to read the barcode and capture the card photo. The image and the number stay on your device. Nothing from the camera is uploaded.
Because there is no account and no server, there is nothing to delete on our end. Deleting the Tuck app from your iPhone removes all of its scanned data. Passes you already added live in Apple Wallet and can be removed there individually at any time.
Tuck is not directed at children and collects no data from anyone.
If this policy changes, the revised version will appear here with a new date.
Questions? Email [email protected]. Tuck is published by NYRAI LLC, 26 Maple Way, Boylston, MA 01505.
Home · Terms of Use · Support