TCGBindr LLC is a Texas limited liability company operating the TCGBindr platform — a premium TCG collection management service available at tcgbindr.com and via our mobile application.
For the purposes of the General Data Protection Regulation (GDPR) and UK GDPR, TCGBindr LLC is the data controller of personal information we collect from you.
Questions about this Privacy Policy or your data? Contact us at privacy@tcgbindr.com.
| Data Type | When Collected | Why |
|---|---|---|
| Email address | Account creation, waitlist signup | Account access, transactional emails, service communications |
| Username / display name | Account creation | Account identification, public profile display |
| Password (hashed) | Account creation | Authentication — we never store plaintext passwords |
| Game preferences | Onboarding | Personalizing your experience (MTG, Pokémon, etc.) |
| Collection data | Ongoing use | Core service function — tracking your cards, decks, and values |
| Trade listings | When you create a listing | Trade matching with other users |
| Deck lists | When you build or share a deck | Deck management, set completion, card usage tracking |
| Price alert preferences | When you set an alert | Sending price movement notifications |
| Communication content | When you contact support | Responding to your inquiry |
Payment card details are collected and processed exclusively by Stripe, Inc. TCGBindr does not receive, store, or have access to your full card number, CVV, or bank account information. We receive only a payment token and basic billing metadata (last four digits, card type, expiry) from Stripe to manage your subscription.
When you use TCGBindr, we automatically collect:
If you choose to connect a third-party account (e.g., signing in with Google), we may receive basic profile information from that service. We will only use that information as described in this policy.
When you join the waitlist on our marketing site, complete post-checkout account setup from the link we email you, or create an account in the TCGBindr app, we may ask you to confirm that you have read and agree to our Terms of Service and Privacy Policy. Submitting the form after checking that box is how we record your agreement (together with a timestamp stored on your app account when you register in the app, or agreement flags stored with your waitlist row on the marketing site database as applicable).
Optional marketing. Email about product news, offers, and promotional content is separate from transactional and service email (for example receipts, security notices, subscription status, and messages needed to run your account). We only send marketing-style email if you opt in—using an unchecked-by-default checkbox on the waitlist form, the post-checkout setup page, or the app registration screen. If you leave that box unchecked, we treat that as no consent for promotional email; you may still receive transactional and account-related email where permitted by law.
Unsubscribe. Marketing messages include an unsubscribe link where required, and you may withdraw marketing consent anytime by contacting support@tcgbindr.com or privacy@tcgbindr.com. Opting out of marketing does not delete your account and does not stop all email (for example billing and important service notices may still be sent).
| Purpose | Data Used |
|---|---|
| Providing and operating the Service | Account info, collection data, deck lists, trade listings |
| Processing subscriptions and billing | Email, Stripe payment tokens, subscription tier |
| Sending transactional emails | Email address — confirmation, receipts, alerts you set up |
| Sending the weekly collection digest | Email, collection data, price history |
| Sending new set release notifications | Email, game preferences, affected collection data |
| Price alert notifications | Email, alert preferences, card price data |
| Trade matching | Trade listings, wishlist data — shown to other users |
| Customer support | Email, communication content, account info |
| Security and fraud prevention | Log data, IP address, device info, usage patterns |
| Product improvement and analytics | Aggregated, anonymized usage data |
| Legal compliance | Any data required by applicable law |
We do not use your personal collection data to train machine learning models or share it with advertisers. We do not use your data for purposes incompatible with those listed above without your explicit consent.
For users in the European Union or United Kingdom, we process your personal data on the following legal grounds:
We share data with trusted third-party vendors who help us operate the Service. These vendors are contractually bound to use your data only as directed by us and in accordance with this policy:
| Vendor | Purpose | Data Shared |
|---|---|---|
| Stripe, Inc. | Payment processing | Billing email, payment method — no full card numbers stored by us |
| Resend | Transactional email delivery | Email address, email content |
| Cloudflare | CDN, DDoS protection, infrastructure | IP address, request data (standard CDN operation) |
| Neon / Railway | Database and application hosting | All service data — hosted securely in the US |
When you create a trade listing or mark your deck list as public, that content is visible to other TCGBindr users. Your username will be associated with your public content. Your private collection data, email address, and subscription details are never shared with other users.
We may disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
If TCGBindr LLC is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.
TCGBindr does not and will never display advertisements. We do not work with advertising networks, do not allow third-party tracking pixels for advertising purposes, and do not monetize your data through advertising.
This commitment is structural, not just a policy — our business model is built entirely on subscription revenue. We have no financial incentive to compromise your privacy for advertising purposes.
This no-ads commitment applies to TCGBindr's own products and properties. If you access TCGBindr content through third-party platforms, those platforms' own advertising practices are governed by their respective policies.
We retain your personal data for as long as your account is active, as long as needed to provide the Service, or as required by applicable law. Specifically:
You may request deletion of your account and data at any time. See Section 9 for your rights and how to submit a deletion request.
We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:
No method of transmission or storage is 100% secure. While we work hard to protect your data, we cannot guarantee absolute security. If you suspect a security issue, please contact us immediately at security@tcgbindr.com.
In the event of a data breach that affects your personal data, we will notify you as required by applicable law, including within 72 hours for users covered by GDPR where required.
Regardless of where you live, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at privacy@tcgbindr.com. We will respond within 30 days.
If you are located in the European Union or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR:
To exercise your GDPR rights or submit a data subject access request, email privacy@tcgbindr.com with the subject line "GDPR Request." We will respond within 30 days.
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights:
To submit a CCPA request, email privacy@tcgbindr.com with the subject line "CCPA Request" or write to us at our registered address. We will respond within 45 days.
Categories of personal information collected: identifiers (email, username, IP address); commercial information (subscription tier, billing history); internet/network activity (usage logs); inferences drawn from collection data (portfolio value estimates).
Disclosure for business purposes: We share identifiers and usage data with our service providers (Stripe, Resend, Cloudflare) for the purposes described in Section 5. We do not sell or share this information for cross-context behavioral advertising.
TCGBindr uses the following categories of cookies and similar technologies:
We do not use advertising cookies, third-party tracking pixels, or any cookies that track your behavior across other websites for advertising purposes.
You can manage cookie preferences in your browser settings. Note that disabling certain cookies may affect the functionality of the Service.
TCGBindr is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a user is under 13, we will delete their account and all associated data promptly.
Users between 13 and 18 may use TCGBindr with parental consent. Parents or guardians who believe their child under 13 has created a TCGBindr account should contact us at privacy@tcgbindr.com to request deletion.
TCGBindr is operated from the United States. If you access the Service from outside the United States — including from the European Union or United Kingdom — your personal data will be transferred to, stored, and processed in the United States.
The United States may not have data protection laws equivalent to those in your country of residence. By using TCGBindr, you consent to this transfer. We take steps to ensure that data transfers are made in compliance with applicable legal requirements, including, where applicable, implementing standard contractual clauses under GDPR.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make material changes, we will:
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We will not materially change how we use your data without providing advance notice and, where required by law, obtaining your consent.
For any questions about this Privacy Policy, to exercise your data rights, or to submit a deletion, access, or correction request:
We aim to respond to all privacy inquiries within 30 days. For GDPR data subject access requests, we will respond within 30 days. For CCPA requests, we will respond within 45 days.
If you are unsatisfied with our response to a privacy concern, EU and UK residents have the right to lodge a complaint with their local data protection authority.
TCGBindr LLC · Texas · Effective [INSERT DATE] · This policy requires attorney review before publication.