Privacy policy

Last updated: June 8, 2026

My RiftDex ("we", "the service") respects your privacy. This policy explains what information is collected when you use myriftdex.com, how it is used and what your rights are.

1. Data collected

  • User account: e-mail address and password (hashed). No additional personal information is requested.
  • Collection: the list of cards you declare you own, the quantities, your decks and the inventory of your sealed boosters.
  • Social and trading features: your public username and friend code, your friend connections, your trade listings (cards offered or wanted) and the messages you exchange with other users as part of a trade offer. This information is visible to the users concerned (the other participant for messages).
  • Technical data: session cookies strictly necessary for authentication. No advertising or third-party tracking cookie is set.

2. Purposes and legal bases

Your data is only used to operate the service you request (display your dashboard, save your decks, connect you with other players for trading). Social features (friends, trading, messaging) mean that some information (username, friend code, listings, messages) is shared with the other users concerned. Your data is never sold or shared for marketing purposes. The legal basis is the performance of the service you requested by creating an account (article 6.1.b GDPR).

3. Hosting and processors

  • Vercel Inc. (United States) — hosting of the web application. Transfer framework: European Commission standard contractual clauses.
  • Supabase Inc. — PostgreSQL database and authentication. Data is stored on servers located in the European Union when the project is configured in that region.

4. Retention

Your data is kept as long as your account is active. If you request account deletion, your data is erased within 30 days.

5. Your rights

Under GDPR, you have rights of access, rectification, erasure, portability and objection over your data. To exercise these rights, contact us via the contact page. A response will be provided within one month.

6. Security

All exchanges between your browser and our servers are encrypted via HTTPS (TLS). Passwords are stored hashed by Supabase Auth. We enforce Row Level Security rules so a user can only access their own data.

7. Changes

This policy may be updated to reflect technical or regulatory changes. The last updated date is shown at the top of the page.