MultiTCG Privacy Policy

Last updated: May 25, 2026

This Privacy Policy describes how MultiTCG ("we," "us," or "our") collects, uses, and protects the information you provide when using the MultiTCG website (multitcg.com), our iOS app, and our Android app (collectively, the "Service"). By using the Service, you agree to this policy.

1. Information we collect

Account information

When you create an account, we collect:

• Email address — used for sign-in, account recovery, and (optionally) product updates you can opt out of.
• Username — a public display name visible to other users you trade with.
• Authentication identifiers — if you sign in with Google or Apple, we receive a unique identifier from those providers. We do not receive your password.

Collection and trade data

When you use MultiTCG to track cards, we store:

• The cards you mark as Have, Need, Sent for grading, or Graded
• Card metadata you enter (quantity, condition, grade, certification numbers)
• Trade proposals you send and receive, including chat messages exchanged with other users
• Cards you list for trade or sale
• Groups you create or join

Device and usage data

• Device identifiers — when you use the mobile app, we collect a device push notification token (if you enable notifications) so we can deliver alerts about your trades.
• Approximate location — we may use your IP address to show a regional time zone or filter community matches near you. We do not collect GPS coordinates without your explicit permission.
• Diagnostic data — error logs and basic crash reports so we can fix bugs.

Camera and photos

If you grant the app access to your camera or photo library, we use it solely to let you photograph or upload images of physical cards you own. Images you choose to upload are stored on Firebase Storage. We do not access your camera or photo library without your action.

Help reports

If you submit a help report (the "Report an issue" button on a card), we collect the report text, the card you were viewing, your username, your email, and basic device information. This is used solely to investigate and respond to your report.

2. How we use your information

• To create and operate your account
• To match you with other users for trades
• To deliver chat messages and trade proposals
• To send push notifications about your trades (only if you enable them)
• To improve the Service and fix bugs
• To respond to your help reports and support requests
• To detect and prevent abuse, fraud, or violations of our terms

We do not sell your personal information. We do not use your data for advertising. We do not share your data with third parties except as described in section 3.

3. Service providers

We rely on the following third-party services to operate MultiTCG:

• Google Firebase (authentication, Firestore database, Cloud Storage, Cloud Messaging) — your account, collection data, and trade history are stored on Firebase. Firebase is a Google service; their privacy policy is at https://firebase.google.com/support/privacy.
• Netlify (web hosting and form submissions) — the website is served by Netlify and our help-report form is delivered through Netlify Forms. Privacy: https://www.netlify.com/privacy/.
• Scrydex and Limitless TCG (card data and pricing) — we fetch publicly available card metadata and price data from these services. We do not transmit your personal data to them.
• Apple and Google (app distribution and push notifications) — when you install our app from the App Store or Google Play, those platforms collect their own analytics per their policies.

4. Data retention and deletion

We retain your account data for as long as your account is active. You can request deletion of your account and all associated data at any time by emailing us at the address below. We will delete your data within 30 days of receiving a verified deletion request, except where we are required by law to retain it.

5. Your rights

Depending on where you live, you have the following rights:

• Access — you can request a copy of the data we hold about you.
• Correction — you can update inaccurate data directly in the app, or by contacting us.
• Deletion — you can request deletion of your account and data.
• Portability — you can request your data in a machine-readable format.
• Opt-out — you can disable push notifications in your device settings at any time.

If you are in the European Economic Area, the United Kingdom, or California, you have additional rights under the GDPR, UK GDPR, and CCPA respectively. Contact us to exercise any of these rights.

6. Children

MultiTCG is not directed to children under the age of 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

7. Security

We use industry-standard measures to protect your data, including TLS encryption in transit, Firebase's server-side security rules, and authentication-based access control. No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

8. International transfers

Your data is processed and stored on servers operated by Google (Firebase) and Netlify, which may be located outside your country of residence. By using the Service, you consent to this transfer.

9. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the Service or by email. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

10. Contact us