TCG Direct LLC. ("TCG Direct," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, the "Services").
This policy applies to users in the United States (including California residents under the California Consumer Privacy Act/California Privacy Rights Act) and the United Kingdom (under the UK General Data Protection Regulation).
By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Services.
For the purposes of UK GDPR, the data controller responsible for your personal data is:
When you create an account, we collect information you provide directly:
Email address
Name (if provided)
Username/display name
Profile picture (optional)
Authentication credentials (managed by our authentication provider)
Information you choose to add to your public profile:
Profile handle (unique identifier for your public profile URL)
Bio/description
Location (if provided)
Social media links (optional)
Information related to marketplace activity:
Listings you create (cards for sale or trade)
Purchase and trade history
Messages exchanged with other users
Collection and wishlist data
Information collected automatically when you use our Services:
Pages and features accessed
Search queries
Time spent on pages
Click patterns and navigation paths
Referring URLs
Technical information about your device and connection:
IP address
Browser type and version
Device type and operating system
Screen resolution
Time zone
Language preferences
We use the information we collect for the following purposes:
Provide, operate, and maintain our Services
Process transactions and facilitate trades between users
Create and manage your account
Send transactional notifications (e.g., messages, trade updates)
Respond to your inquiries and provide customer support
Improve, personalize, and expand our Services
Analyze usage patterns to enhance user experience
Detect, prevent, and address fraud, abuse, and security issues
Comply with legal obligations
Enforce our terms of service and other policies
Under UK GDPR, we process your personal data based on the following lawful bases:
Contract Performance: Processing necessary to fulfill our agreement with you (e.g., providing the Services, processing transactions)
Legitimate Interests: Processing necessary for our legitimate business interests (e.g., fraud prevention, service improvement), where not overridden by your rights
Legal Obligation: Processing necessary to comply with legal requirements
Consent: Where you have given explicit consent (e.g., marketing communications)
We use the following third-party services to operate our platform. These services may collect information as specified in their respective privacy policies:
Clerk - We use Clerk for user authentication and account management. Clerk processes your email address, name, and authentication credentials. View Clerk's Privacy Policy
Convex - We use Convex as our backend database platform. Your data is stored securely on Convex's infrastructure. View Convex's Privacy Policy
Google Analytics - We use Google Analytics to understand how users interact with our Services. This includes information about pages visited, time spent, and general usage patterns. Google Analytics uses cookies and collects anonymized data. View Google's Privacy Policy
Sentry - We use Sentry to monitor and fix errors in our Services. Sentry may collect technical data about errors and crashes, including device information and stack traces. View Sentry's Privacy Policy
TCG Direct does not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods are as follows:
Retained until you delete your account, plus 2 years for legal compliance purposes.
7 years from the date of the transaction for tax and legal compliance.
26 months, in accordance with Google Analytics default retention settings.
1 year from the date of logging for security monitoring and fraud prevention.
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You can request that we delete your personal information, subject to certain exceptions.
Right to Correct: You can request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out: You can opt out of the sale or sharing of your personal information. Note: TCG Direct does not sell your personal information.
Right to Limit Use of Sensitive Personal Information: You can limit the use and disclosure of sensitive personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
If you are located in the United Kingdom or European Economic Area, you have the following rights under the UK General Data Protection Regulation:
Right of Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can request that we correct any inaccurate or incomplete personal data.
Right to Erasure (Right to be Forgotten): You can request that we delete your personal data in certain circumstances.
Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain circumstances.
Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, machine-readable format.
Right to Object: You can object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
To exercise any of these rights, please contact us at:
We will respond to your request within 30 days (for US residents) or one month (for UK residents). We may need to verify your identity before processing your request.
TCG Direct does not sell your personal information to third parties. We also do not "share" your personal information for cross-context behavioral advertising as defined under the CPRA.
We honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we will treat this as a valid opt-out request for any future sale or sharing of your personal information.
Your information may be transferred to and processed in the United States, where our servers and service providers are located. If you are accessing our Services from the United Kingdom or European Economic Area, please be aware that your data may be transferred to, stored, and processed in a country that may not provide the same level of data protection as your home country.
For transfers from the UK/EEA to the US, we rely on appropriate safeguards including Standard Contractual Clauses approved by the relevant authorities to ensure adequate protection of your personal data.
We use cookies and similar tracking technologies to collect and store information about your use of our Services:
Required for the operation of our Services. These include cookies for authentication, session management, and security. You cannot opt out of essential cookies.
Used to understand how visitors interact with our Services. We use Google Analytics to collect this information. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
Most web browsers allow you to control cookies through their settings. Please note that disabling certain cookies may affect the functionality of our Services.
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption of data in transit using TLS/SSL
Encryption of sensitive data at rest
Access controls limiting employee access to personal data
Regular security assessments and monitoring
Secure authentication through our third-party provider (Clerk)
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
Our Services are not intended for children under the age of 13 (in the United States) or 16 (in the United Kingdom). We do not knowingly collect personal information from children under these ages.
If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@tcgdirect.app. If we discover that we have collected personal information from a child in violation of applicable law, we will delete that information promptly.
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
Posting the new Privacy Policy on this page
Updating the "Effective Date" at the top of this policy
Sending you an email notification (for significant changes)
Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
If you have any questions about this Privacy Policy or our privacy practices, please contact us:
If you are a UK resident and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk
The ultimate trading card game platform. Connect, trade, and grow with collectors worldwide.