CardMind
MarketsTop 100SignalsMoversDecksCalculatorPricingBlog
Log inImport collection
  1. CardMind
  2. >Legal
  3. >Privacy Policy
CardMind

MTG price intelligence for serious collectors and traders.

All systems operational
Markets
Top 100 CardsMarket MoversPrice SignalsCalculator
Tools
Import CollectionPrice AlertsDeck IntelligenceAPI Docs
Company
PricingBlogContact
Legal
Privacy PolicyTerms of ServiceAccuracy Statement
© 2026 CardMindCardMind provides market data for informational purposes only. Not financial advice.

Legal

PrivacyTermsMethodologyAccuracy

Need a copy?

All four documents are versioned in our public legal repo. Diff against any prior version at github.com/cardmind/legal.

Last updated April 18, 2026

Privacy Policy

CardMind tracks card prices, not people. This policy describes what we collect, why, and how to delete it.

01What we collect

Account email and a password hash. We use bcrypt with a per-user salt; we cannot read your password and have no mechanism to recover it.

Your collection: card identifiers, quantities, conditions, foiling, and any tags or notes you enter. This is private by default and never shared with vendors.

Anonymized usage analytics: page paths, request timing, error rates. Used to keep the service running and figure out what to fix.

02What we do not collect

No third-party cookies. No advertising trackers. No fingerprinting.

We do not sell email addresses. We do not sell collection data. We do not enrich your profile with data brokers.

03Cookies

A single first-party session cookie keeps you logged in. It is set HttpOnly, Secure, and SameSite=Lax.

A non-essential preference cookie (theme, currency) — disable it under Settings → Privacy.

04Data retention

Account data is retained while your account is active. Delete your account in Settings → Account → Delete and your data is purged within 30 days. Backups age out within 90 days.

Anonymized analytics is aggregated weekly; individual rows are dropped after 30 days.

05Subprocessors

Stripe (payments), Postmark (transactional email), Cloudflare (CDN + DDoS), AWS us-east-1 (hosting). We have data processing addenda on file with each.

A current list with versions and DPA links lives at /legal/subprocessors.

06Your rights

Access, export, correction, and deletion are self-serve. EU and UK residents may also lodge a complaint with their supervisory authority. California residents may opt out of any sale of personal information — though we do not sell it in the first place.

07Contact

privacy@cardmind.app · CardMind Inc., 548 Market St #97014, San Francisco CA 94104. Our DPO is Sarah Chen.