Privacy Policy
Last updated: April 2, 2026
1. Data Controller
MythicBinder is operated as an independent service. For questions about your data, use the feedback form within the Service or contact us through the support channels on the site.
2. Data We Collect
Account Data
When you register via Google OAuth, we receive and store your email address, display name, and profile picture. We do not receive or store your Google password.
Collection Data
Card names, quantities, locations, foil status, trade history, and saved searches you create within the Service.
Upload Data
Images you upload for batch card scanning. These are stored temporarily until you clear the batch job. A permanent audit record of each upload (filename, file fingerprint/SHA-256 hash, file size, MIME type) is retained for security purposes.
Technical Data
IP address, browser user agent string, and timestamps. This data is collected automatically for security auditing and logged when you interact with the Service.
Payment Data
Subscription payments are processed entirely by Stripe. MythicBinder does not receive, process, or store your credit card number or bank details. We only receive confirmation of your subscription status from Stripe.
3. Why We Collect It (Legal Basis)
- Contract performance: Account data and collection data are necessary to provide the Service you signed up for.
- Legitimate interest: Technical data and upload audit logs are collected for security, fraud prevention, and to maintain the integrity of the Service.
- Contract performance: Payment data processing via Stripe is necessary to fulfill paid subscription agreements.
- Consent: By agreeing to these terms at registration, you consent to the data processing described in this policy.
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Collection data | Until account deletion |
| Uploaded images | Until you clear the batch job |
| Upload audit logs | 1 year |
| Activity logs | 30 days |
| Session cookies | Browser session or 30 days (persistent login) |
| Account data | Until account deletion |
5. Cookies
MythicBinder uses the following cookies, all of which are essential for the Service to function:
| Cookie | Purpose | Duration |
|---|---|---|
| sn_mythicbinder | Session authentication | Browser session |
| mb_mythicbinder | Persistent "remember me" login | 30 days |
| skip_splash_pref | Skip welcome page preference | 30 days |
| userTz | Timezone detection for display | Browser session |
We do not use any third-party tracking, analytics, or advertising cookies.
6. Third-Party Services
MythicBinder uses the following third-party services that may process your data:
- Google OAuth — authentication only. Google receives your login request. See Google's Privacy Policy.
- Google Gemini AI — card images you upload for batch scanning are sent to Google's Gemini API for identification. See Google AI Privacy.
- Stripe — payment processing for subscriptions. See Stripe's Privacy Policy.
- Scryfall — card data (names, images, prices). No user data is shared with Scryfall; we use a local data cache.
7. Your Rights
Under the General Data Protection Regulation (GDPR) and similar laws, you have the following rights:
- Right to access: You can view your collection data at any time within the Service.
- Right to rectification: You can edit your collection, profile, and display name directly.
- Right to erasure: You may request complete deletion of your account and all associated data by contacting us via the feedback form.
- Right to data portability: The Service provides CSV and deck list export for your collection data.
- Right to object: You may object to processing based on legitimate interest by contacting us.
- Right to withdraw consent: You may withdraw consent at any time by deleting your account.
- Right to lodge a complaint: You have the right to file a complaint with your local data protection supervisory authority.
To exercise any of these rights, use the feedback form in the Service or contact us through the available support channels. We will respond within 30 days.
8. Data Security
We implement appropriate technical measures to protect your data, including: HTTPS encryption in transit, parameterized database queries, CSRF protection, read-only mode for shared collections, and file upload validation with image re-encoding. However, no system is completely secure, and we cannot guarantee absolute security.
9. International Data Transfers
MythicBinder's servers are located in the United States. If you are accessing the Service from outside the US, your data will be transferred to and processed in the US. Third-party services (Google, Stripe) may process data in various jurisdictions under their own data protection agreements.
10. Children's Privacy
MythicBinder is not intended for users under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. We encourage you to review this page periodically.
12. Contact
For privacy-related inquiries, data access requests, or to exercise your GDPR rights, please use the feedback form within the Service or contact us through the support channels provided on the site.