Privacy Policy
How BindersVault handles account data, cookies, analytics, and privacy rights.
BindersVault ("we", "us", or "our") is committed to protecting your privacy. This policy explains what data we collect, why, and what rights you have - including under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and similar laws.
1. Who We Are
BindersVault is a Magic: The Gathering collection manager available at bindersvault.com. For privacy enquiries, contact us at privacy@bindersvault.com.
2. Data We Collect
We collect only what is necessary to run the service:
- Account data: username, email address, and hashed password - when you register.
- Collection data: the MTG cards you add to your collection or wishlist.
- Usage data (analytics): pages visited, session duration, browser type, and approximate location (country/city level) - collected via Google Analytics only if you consent.
- Technical data: IP address and server logs - retained for up to 30 days for security purposes.
We do not sell your personal data. We do not collect payment information.
3. Cookies
We use the following types of cookies:
- Essential cookies: required for login sessions and your consent preference. These cannot be disabled.
- Analytics cookies (optional): Google Analytics uses
_ga,_gid, and related cookies to understand site usage. IP addresses are anonymised.
You can change your cookie preferences at any time by clicking manage cookie settings.
4. Legal Basis for Processing (GDPR)
- Contract: processing your account data to provide the service.
- Consent: analytics cookies - collected only after you opt in.
- Legitimate interests: server security logs.
5. Data Retention
- Account and collection data: retained while your account is active. Deleted within 30 days of account deletion.
- Analytics data: retained by Google for up to 14 months (Google Analytics default).
- Server logs: up to 30 days.
6. Third-Party Services
- Scryfall API - card data and images. No personal data is sent to Scryfall.
- Google Analytics - usage analytics. Google Privacy Policy. You can opt out via Google's opt-out tool.
- Google Fonts - fonts loaded from Google servers. Google may log your IP.
7. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your account and associated data ("right to be forgotten").
- Restrict or object to processing.
- Data portability - receive your data in a machine-readable format.
- Withdraw consent at any time (for analytics cookies).
California residents (CCPA): you have the right to know what data is collected, the right to delete it, and the right to opt out of sale (we do not sell data). To exercise any right, email privacy@bindersvault.com.
EU/EEA residents (GDPR): you also have the right to lodge a complaint with your local data protection authority.
8. Data Security
Passwords are hashed using bcrypt and never stored in plain text. We use HTTPS to encrypt data in transit. Access to the database is restricted.
9. Children
BindersVault is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it promptly.
10. Changes to This Policy
We may update this policy occasionally. We will update the "last updated" date above. Continued use of BindersVault after changes constitutes acceptance of the updated policy.
11. Contact
Privacy questions or requests: privacy@bindersvault.com