Privacy Policy
Effective Date: July 7, 2026
1. Introduction
Welcome to MTGCardStack ("we," "our," or "the app"). Your privacy is important to us. This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.
2. Information We Collect
Account Information
When you create an account, we collect:
- Email address — used for account authentication (login codes) and account recovery.
- Apple account identifier — if you choose Sign In with Apple, we receive an opaque identifier that links your Apple account to your MTGCardStack account. We do not store your Apple ID name or password.
User-Generated Data
When you use the app's features, we store data you create:
- Card collections, decks, checklists, and wishlists
- Game records, trade records, and auction tracking
- Card view history and search history
- Feedback submissions
- Display preferences and settings
Automatically Collected Data
To maintain service quality and monitor performance, we log:
- HTTP method and API endpoint for each request
- Request timestamps and response duration
- HTTP status code
We do not collect IP addresses, device identifiers, or browser/device type information. Activity logs are associated with your account only if you are signed in at the time of the request. This data is used solely for performance monitoring and debugging. It is not shared with third parties.
3. How We Use Your Information
We use the information we collect to:
- Authenticate your identity and maintain your session
- Store and sync your collections, decks, games, and trades across devices
- Provide personalized features (search history, recently viewed cards, saved filters)
- Monitor service performance and prevent abuse
- Send login verification codes via email (no marketing emails are sent)
4. Data Sharing
We do not sell, rent, or share your personal data with third parties. Specifically:
- No third-party analytics services are used
- No advertising networks are integrated
- No data is shared for marketing or profiling purposes
- No tracking technologies (cookies, pixels, fingerprinting) are used
The only third-party service involved is Amazon Web Services Simple Email Service (AWS SES), which sends login verification codes on our behalf. AWS SES processes only the recipient email address for delivery purposes.
5. Data Storage and Security
Your data is stored on a secured server with the following protections:
- All data transmitted between the app and server is encrypted via HTTPS/TLS
- Authentication tokens are stored in the iOS Keychain on your device
- Server access is restricted by firewall and SSH key authentication
- Database access is limited to the application service only
While we take reasonable measures to protect your data, no system is perfectly secure. We cannot guarantee absolute security of data transmitted over the internet.
6. Data Retention and Deletion
Your data is retained for as long as your account is active. You may delete your account at any time through the app's Settings. Upon account deletion:
- All personal data is permanently removed, including collections, decks, games, trades, view history, search history, feedback, reports, and preferences
- Activity logs associated with your account are deleted
- This action is irreversible
You can delete your account from: Settings → Delete Account.
7. Public Lists
You may choose to make individual lists publicly viewable by generating a share link. Public lists display only card names, quantities, conditions, and estimated values. Your email, account information, and other personal data are never exposed through public links. You can revoke public access at any time by toggling visibility back to private.
8. Children's Privacy
MTGCardStack is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
9. Third-Party Links
The app may contain links to third-party websites (e.g., TCGPlayer, Cardmarket, Scryfall). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
10. Your Rights
You have the right to:
- Access your data (visible within the app)
- Delete your account and all associated data
- Withdraw from the service at any time by deleting your account
If you have questions about your data or wish to exercise these rights, contact us at the address below.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the app after changes constitutes acceptance of the revised policy.
12. Contact
If you have questions or concerns about this Privacy Policy, please contact us:
Email: diodaton@gmail.com