CardSwap Privacy Policy

This page explains which personal data CardSwap processes, why it is needed, and which third-party providers may be involved. It is a practical launch draft and should be legally reviewed before wider public rollout.

1. Controller / operator

Benjamin Lieberwirth

benjamin.lieberwirth@gmail.com

2. Data CardSwap processes

Account data such as username, email address, password hash, or linked Google sign-in data
Trade data such as offers, wishlist entries, card attributes, match suggestions, trade states, ratings, and issue reports
Messages exchanged between users inside a trade match
Technical data such as security and error logs, rate-limit state, and basic usage metadata

3. Why the data is used

To provide login, registration, and account security
To store and display card lists
To compute match suggestions and trade workflows
To moderate misuse and handle issue reports
To keep the service stable, troubleshoot incidents, and improve security

4. Third parties and processors

CardSwap may use AWS for hosting, databases, logs, and infrastructure. Google receives data when Google sign-in is used. Emails may be sent through Resend. Card and pricing reference data may be requested from third-party sources such as Scryfall.

5. Retention

Accounts, messages, trade data, and moderation data may be retained as long as necessary for service operation, security, abuse prevention, or legal traceability. Archived or suspended accounts may remain stored for safety and audit purposes.

6. Your rights

Depending on applicable law, you may have rights of access, correction, deletion, restriction, objection, or data portability. Privacy requests can be sent to the contact address listed above.

7. Security

CardSwap uses technical and organizational safeguards such as password hashing, login protections, rate limits, secure cookies, and separated infrastructure. However, no internet service can be perfectly secure.