Privacy Policy

Effective Date: [INSERT DATE]

This Privacy Policy describes how Den of Cards (“we,” “us,” or “our”) collects, uses, and shares information about you when you visit our website and make purchases. By using our site, you agree to the practices described below.

1. Information We Collect

We collect the following categories of personal information:

  • Account information: name, email address, and password (hashed) when you register.
  • Order information: billing name, shipping address, email, phone number, and order details when you make a purchase.
  • Payment information: we do not store your full card number. Payment processing is handled by Stripe, Inc. and is subject to Stripe's Privacy Policy.
  • Usage data: IP address, browser type, pages visited, and referring URL, collected automatically via server logs.
  • Cookies and session data: we use cookies to maintain your shopping cart and login session. See Section 6 for details.

2. How We Use Your Information

We use the information we collect to:

  • Process and fulfill your orders, including sending order confirmations and shipping notifications.
  • Maintain and improve our website and services.
  • Respond to customer service inquiries.
  • Detect and prevent fraud, abuse, or unauthorized access.
  • Comply with legal obligations.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, we process your personal data under the following legal bases:

  • Contract: processing necessary to fulfill an order you have placed.
  • Legitimate interests: fraud prevention, security, and improving our services.
  • Legal obligation: compliance with applicable laws and regulations.
  • Consent: where we have obtained your consent (e.g., optional marketing emails).

4. Sharing of Information

We share your information only with:

  • Payment processors: Stripe, to process credit and debit card transactions.
  • Shipping carriers: your name and address are shared with carriers to fulfill deliveries.
  • Email service providers: to send transactional emails (order confirmations, password resets).
  • Law enforcement or regulatory authorities: when required by applicable law or valid legal process.

5. Data Retention

We retain your account and order information for as long as your account is active, or as necessary to provide services and comply with legal obligations (e.g., tax records). You may request deletion of your account at any time by contacting us at our contact page. Note that we may retain certain information as required by law.

6. Cookies

We use the following types of cookies:

Cookie Purpose Duration
.AspNetCore.Session Maintains your shopping cart and login session 24 hours
.AspNetCore.Identity.Application Keeps you logged in Session / persistent
cookie-consent Remembers your cookie consent choice 1 year (localStorage)

You can control cookies through your browser settings. Disabling session cookies will prevent you from using the shopping cart and logging in.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate data.
  • Deletion: request deletion of your personal data (subject to legal retention requirements).
  • Objection: object to processing based on legitimate interests.
  • Data portability: request your data in a portable format.
  • California residents (CCPA): you have the right to know what personal information is collected, the right to delete, and the right to opt out of sale. We do not sell personal information.

To exercise any of these rights, contact us at our contact page. We will respond within 30 days.

8. Children's Privacy

Our website is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

9. Security

We implement industry-standard security measures including HTTPS encryption, hashed passwords, and secure session management. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Third-Party Links

Our website may contain links to third-party websites (such as TCGPlayer or Card Kingdom). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Your continued use of the site after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

  • Via our contact form
  • By email: [INSERT STORE EMAIL]
  • By mail: [INSERT STORE ADDRESS]