CardCodex
Get Started

Privacy Policy

Last updated: December 19, 2025

1. Information We Collect

We collect the following types of information:

Account Information

  • Email address (required for account creation)
  • Display name (optional)

Collection Data

  • Cards you add to your collection
  • Decks you create
  • Usage preferences and settings

Usage Data

  • Feature usage (anonymized)
  • AI usage (anonymized)
  • Error logs for debugging

2. How We Use Your Information

We use your information to:

  • Provide and maintain the CardCodex service
  • Sync your collection across devices
  • Power AI features with your collection context
  • Send account-related emails (login codes, billing)
  • Improve the product based on usage patterns

We do not sell your personal information or collection data to third parties.

3. Data Storage and Security

Your data is stored securely using industry-standard practices:

  • Cloud data is stored in Turso (SQLite) databases with encryption at rest
  • Local data (for non-authenticated users) is stored in your browser's localStorage
  • All data transmission uses HTTPS encryption
  • Authentication uses secure one-time passwords via email

4. Third-Party Services

CardCodex integrates with the following third-party services, each with their own privacy policies:

  • Scryfall - Card data and images for Magic: The Gathering
  • Pokemon TCG API - Card data for Pokemon TCG
  • YGOProDeck - Card data for Yu-Gi-Oh!
  • Paddle - Payment processing (handles billing information)
  • Resend - Email delivery for authentication
  • Anthropic - AI features (Claude)
  • Vercel - Application hosting

5. Cookies and Local Storage

We use minimal cookies and local storage:

  • Authentication cookies - Essential for login sessions
  • Theme preference - Remembers your dark/light mode choice
  • Local collection data - For non-authenticated users

We do not use advertising or tracking cookies.

6. Your Rights and Choices

You have the right to:

  • Export your data - Download your collection and deck data at any time from Settings
  • Delete your account - Permanently remove all your data from Settings
  • Update your information - Modify your profile details at any time
  • Request data access - Contact us to receive a copy of all data we hold about you

7. Data Retention

  • Active accounts - Data retained indefinitely while account is active
  • Deleted accounts - Data permanently deleted within 30 days
  • Subscription records - Retained for legal and tax purposes as required

8. Children's Privacy

CardCodex is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@cardcodex.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

10. Contact Us

For privacy-related questions or concerns, please contact us at privacy@cardcodex.com.

For general support inquiries, contact support@cardcodex.com.