CardMind
MarketsTop 100SignalsMoversBan WatchDecksCalculatorPricingBlog
Log inImport collection
  1. CardMind
  2. >Legal
  3. >Privacy Policy
CardMind

MTG price intelligence for serious collectors and traders.

All systems operational
Markets
Top 100 CardsMarket MoversBan WatchlistPrice SignalsCalculator
Tools
Import CollectionPrice AlertsDeck IntelligenceAPI Docs
Company
PricingDiscordContact
Legal
Privacy PolicyTerms of Service
© 2026 CardMindCardMind provides market data for informational purposes only. Not financial advice.

Legal

PrivacyTermsMethodology

Need a copy?

All four documents are versioned in our public legal repo. Diff against any prior version at github.com/cardmind/legal.

Last updated April 18, 2026

Privacy Policy

CardMind tracks card prices, not people. This policy describes what we collect, why, and how to delete it.

01What we collect

Account email and a link to your sign-in provider (Google, Discord, Apple, or Microsoft). We authenticate via OAuth exclusively - no passwords are stored on our servers.

Your collection: card identifiers, quantities, conditions, foiling, and any tags or notes you enter. This is private by default and never shared with vendors.

Anonymized usage analytics: page paths, request timing, error rates. Used to keep the service running and figure out what to fix.

02What we do not collect

No third-party cookies. No advertising trackers. No fingerprinting.

We do not sell email addresses. We do not sell collection data. We do not enrich your profile with data brokers.

03Cookies

A single first-party session cookie keeps you logged in. It is set HttpOnly, Secure, and SameSite=Lax.

A non-essential preference cookie (theme, currency). Disable it under Settings → Privacy.

04Data retention

Account data is retained while your account is active. Delete your account in Settings → Account → Delete and your data is purged within 30 days. Backups age out within 90 days.

Anonymized analytics is aggregated weekly; individual rows are dropped after 30 days.

05Subprocessors

Stripe (payments), Postmark (transactional email), Cloudflare (CDN + DDoS), AWS us-east-1 (hosting). We have data processing addenda on file with each.

A current list with versions and DPA links lives at /legal/subprocessors.

06Your rights

Access, export, correction, and deletion are self-serve. EU and UK residents may also lodge a complaint with their supervisory authority. California residents may opt out of any sale of personal information, though we do not sell it in the first place.

07Contact

privacy@cardmind.app · CardMind Inc., 548 Market St #97014, San Francisco CA 94104. Our DPO is Sarah Chen.