Privacy Policy
Version 1.0 · Effective March 3, 2026
1. Information We Collect
1.1 Account Information
When you create an account, we collect your email address and password (stored as a hash). We do not collect real names, physical addresses, or payment information at this time.
1.2 Collection Data
When you add cards to your collection, we store the card identity information you provide (player, set, year, card number, variant, condition, grade) and any images you upload. This data is associated with your user account.
1.3 Contribution Data
When you contribute to the community catalog (opt-in mining, corrections, evidence uploads), we store your contributions with attribution to your account for reputation tracking and audit purposes.
1.4 Automatically Collected Data
We collect standard web analytics data including IP address, browser type, device information, pages visited, and interaction patterns. This data is used for service improvement, security, and abuse prevention.
1.5 Card Images
Card images you upload are stored in secure cloud storage. Images submitted with collection-only visibility are private to your account. Images submitted with opt-in mining visibility may be reviewed by administrators and, if approved, displayed in the public catalog.
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide the Service | Account data, collection data | Contract performance |
| Card identification & matching | Card images, identity fields | Contract performance |
| Community catalog improvement | Contribution data (opt-in only) | Consent |
| Moderation & trust scoring | Contribution history, account activity | Legitimate interest |
| Security & abuse prevention | IP address, rate-limit counters, activity patterns | Legitimate interest |
| Service improvement & analytics | Aggregated usage data | Legitimate interest |
| Email communications | Email address | Consent / contract performance |
3. Data Sharing
We do not sell your personal data. We share data only in these circumstances:
- Public catalog: Approved contributions become part of the public catalog (opt-in only)
- Service providers: We use Supabase for database and authentication, and cloud storage for images
- Third-party links: When clicking through to third-party marketplaces, the destination site may receive referral data per standard web protocols
- Legal requirements: If required by law, subpoena, or to protect the rights and safety of CardWiki and its users
4. Data Retention
Active account data is retained for the lifetime of your account. If you delete your account, your personal data will be removed within 30 days. Contributions that have been approved into the public catalog will be anonymized but not removed, as they are part of the shared community dataset. Card images associated with deleted accounts will be removed from storage.
5. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and associated personal data
- Export your collection data in a portable format
- Withdraw consent for optional data processing (e.g., opt-in mining)
- Object to processing based on legitimate interest
To exercise these rights, contact support@cardwiki.ai. We will respond within 30 days.
6. Children's Privacy
CardWiki is intended for users who are 13 years of age or older. We do not knowingly collect personal information from children under 13. If you are under 13, please do not create an account or submit any personal information through the Service.
If You Are a Parent or Guardian
If you believe your child has created an account or used CardWiki without your permission, please contact us at support@cardwiki.ai. In your message, include the email address associated with the account so we can locate it. Upon verification, we will promptly delete the account and any associated personal data from our systems.
We take children's privacy seriously. If we become aware that we have collected personal information from a child under 13 without verified parental consent, we will delete that information as quickly as practicable.
7. Security
We implement industry-standard security measures including encrypted connections (HTTPS), hashed passwords, row-level security (RLS) on database tables, and role-based access controls. No system is perfectly secure; we cannot guarantee absolute security.
8. Cookies and Tracking Technologies
What We Use
We use cookies and similar technologies to operate and improve CardWiki. We group these into two categories:
Strictly Necessary. These cookies are required for the site to function. They include session authentication tokens and your cookie consent preference. Because they are essential to the service, they cannot be disabled.
Analytics.With your consent, we use Google Analytics 4 to collect anonymized data about how visitors use the site — including which pages are visited, how long sessions last, and where traffic originates. This data is processed by Google and helps us understand what's working and improve the product. We do not use Google Analytics for advertising or behavioral profiling.
Your Choices
When you first visit CardWiki, you will see a consent banner. You can accept or decline analytics cookies at that time. You may change your preferences at any time by clicking Cookie Preferences in the footer.
No Advertising Cookies
We do not serve ads, and we do not allow any third-party advertising networks to set cookies on your device through CardWiki.
Cookie List
| Cookie | Category | Purpose | Expires |
|---|---|---|---|
cw_consent | Necessary | Stores your cookie consent preferences | 1 year |
sb-[ref]-auth-token | Necessary | Manages your authenticated session | Session |
_ga | Analytics | Distinguishes unique users for Google Analytics | 2 years |
_ga_XXXXXXXXXX | Analytics | Stores session state for Google Analytics | 2 years |
Third-Party Processors
Google Analytics data is processed by Google LLC. For more information, see Google's Privacy Policy and Google's data safeguarding terms.
9. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or in-app notification. Continued use after changes constitutes acceptance.
10. Contact
For privacy questions or data requests, contact: support@cardwiki.ai