Privacy Policy

Introduction

MTG Card Bazzar ("we," "us," "our," or "Company") operates the MTG Card Bazzar website. This Privacy Policy explains our practices regarding the collection, use, and disclosure of information through our platform.

By accessing and using MTG Card Bazzar, you acknowledge that you have read, understood, and agree to be bound by all the terms in this Privacy Policy.

Information We Collect

We collect information in the following ways:

Account Registration:

• Email address (required)
• Username/Alias (required)
• Password (securely hashed with BCRYPT)
• Address (optional)
• Contact information (optional)
• Profile image (optional)
• Facebook profile link (optional)

Upgrade & Payment Information:

• Slot Boost upgrades (₱500): GCash reference numbers, receipt images
• Store Owner requests: User-submitted reason/explanation, admin review notes
• Payment methods and transaction histories
• Verification status and timestamps

Transaction Information:

• Cards and accessories listed for sale
• Pricing, inventory, and Scryfall-powered card data
• Order history and status
• Payment information (processed securely)
• Shipping addresses (order-specific only)
• Bulk posts, accessories, and store owner inventory

Communication & Activity:

• Messages and chat history (including order and accessory discussions)
• Ratings, reviews, and badges
• Support inquiries and admin moderation actions
• Notifications and offer alerts
• IP address and browser information
• Website usage analytics and sales analytics (for store owners)
• Account tier, upgrade status, and store owner tools usage

How We Use Your Information

We use collected information for:

• Providing and maintaining the marketplace, chat, and notification services
• Processing orders, payments, and accessory sales
• Verifying and processing Slot Boost upgrades (₱500 payments)
• Reviewing and approving Store Owner requests and features
• Communicating with you about orders, offers, badges, and upgrades
• Verifying user identity, preventing fraud, and supporting admin moderation
• Displaying your profile, listings, badges, and analytics
• Calculating user limits, account tiers, and store owner privileges
• Improving our service, user experience, and analytics
• Complying with legal obligations
• Enforcing our terms and policies

Your Privacy Controls

You have control over your privacy settings:

Default: Your address and contact information are hidden by default. You must explicitly enable them if you want to share this information. Your account tier and Facebook account link are hidden by default and can be enabled in your profile settings.

Data Sharing

We share your information only in these cases:

• With other users for order and accessory fulfillment (buyer and seller only)
• With payment processors to process transactions
• With shipping providers for delivery
• With our admin team (super_dev) for dispute resolution, moderation, and upgrade verification
• With store owner reviewers when evaluating promotion requests
• With badge and analytics systems for displaying achievements and stats
• When required by law or legal process

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes. Our admin team is bound by confidentiality agreements.

Data Security

We implement security measures to protect your information:

• HTTPS encryption for all data in transit
• BCRYPT hashing for passwords
• Prepared statements to prevent SQL injection
• Regular security audits and updates
• Access controls limiting employee access
• Secure deletion of sensitive data

Note: While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security.

Cookies & Session Data

We use cookies and session data for:

• Maintaining your login session (HTTPOnly cookies)
• CSRF protection (SameSite=Lax)
• Website analytics (Google Analytics)
• Advertising metrics (Facebook Pixel)

You can disable cookies in your browser settings, but some features may not work properly. Session cookies are deleted when you logout.

Third-Party Services

Our website uses third-party services:

• Scryfall: Card images and pricing data
• Google Analytics: Website usage tracking (anonymized)
• Facebook Pixel: Advertising analytics
• Payment Processors: Secure payment processing
• Shipping Providers: Delivery tracking

These services have their own privacy policies. We are not responsible for their practices.

Data Retention

We retain your data as follows:

• Account data: Retained until account deletion
• Order history: Retained for 7 years (legal requirements)
• Chat/Messages: Retained with order data
• Slot Boost records: Retained indefinitely for verification and dispute resolution
• Store Owner request data: Retained for 2 years (approval/rejection records)
• Ratings and reviews: Retained indefinitely
• Audit logs: Retained for 1 year

You may request account deletion, which will remove personal data but retain transaction history as required by law. Slot Boost and Store Owner request data is retained for verification purposes.

Your Rights

Depending on your location, you may have the right to:

• Access your personal data
• Correct inaccurate information
• Delete your account
• Export your data
• Opt-out of marketing communications
• Restrict data processing

To exercise these rights, contact us through our support system.

Changes to This Policy

We may update this Privacy Policy at any time. Changes are effective when posted. Your continued use of the platform indicates acceptance of changes.

For significant changes, we will provide notice via email or prominent posting on our website.