Privacy Policy

1. Introduction

[LEGAL ENTITY] ("we", "us", or "our") operates CPTCGDB, a Cyberpunk 2077 Trading Card Game database and community platform accessible at this website.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under the General Data Protection Regulation (GDPR) and other applicable privacy laws.

By using CPTCGDB you acknowledge that you have read and understood this policy. If you do not agree, please do not use the service.

2. Data We Collect

We collect the following categories of personal data:

Account information: your email address, chosen username, and any optional profile details you provide (display name, bio, location, website, avatar image URL).

User-generated content: decks you create and save, card collection data, and any other content you submit to the platform.

Chat and AI interaction data: messages you send to our in-app AI assistant (Fixer). These are processed to generate responses and are ephemeral — they are not stored permanently after the session ends.

Technical data: IP address, browser user agent, and access timestamps collected automatically as part of standard server logs and authentication security.

3. How We Use Your Data

We use your personal data for the following purposes:

To provide the service: authenticating your account, displaying your profile, saving your decks, and enabling all core platform features.

To operate AI chat: your chat messages are sent to Google Gemini (our AI provider) solely to generate responses. We do not use them to train models.

To maintain security: IP addresses and user agents help us detect abuse, prevent unauthorized access, and comply with our legal obligations.

To communicate with you: we may send transactional emails (e.g., account confirmation, password reset). We do not send marketing emails without your explicit consent.

4. Legal Basis for Processing

Under GDPR, we process your personal data on the following legal bases:

Contract (Art. 6(1)(b)): processing your account information and user content is necessary to provide the service you signed up for.

Legitimate interests (Art. 6(1)(f)): processing technical data (IP, user agent) to maintain security, prevent fraud, and ensure service reliability — balanced against your privacy interests.

Consent (Art. 6(1)(a)): for optional cookies beyond essential functionality, and for any processing where we have explicitly requested your consent.

You may withdraw consent at any time where consent is the legal basis, without affecting the lawfulness of processing based on consent before withdrawal.

5. Third-Party Services

We share your data with the following third-party providers as necessary to operate the service:

Supabase: our database and authentication provider. Your account data and user content are stored on Supabase infrastructure in the [SUPABASE REGION] region. Supabase processes data as our data processor under a data processing agreement.

Google (OAuth): if you choose to sign in with Google, Google processes your authentication as described in Google's Privacy Policy. We only receive your email address and basic profile information.

Google Gemini: chat messages you send to the Fixer assistant are processed by Google Gemini's API to generate AI responses. Only the content of your messages is sent — no other personal data is shared.

netdeck.gg: we import public card data from netdeck.gg to populate our card database. No personal user data is sent to or shared with netdeck.gg.

We do not sell your personal data to third parties.

6. Data Retention

We retain your personal data for as long as your account is active. Specific retention periods:

Account data (email, profile): retained while account is active, deleted upon account deletion.

Deck and match data: retained while account is active, deleted upon account deletion.

Blog comments: retained while account is active, deleted upon account deletion.

AI chat conversations: not stored permanently; processed in real-time and discarded.

Analytics data: anonymized and aggregated, retained for up to 26 months.

Audit logs: retained for 2 years for security purposes.

When you delete your account, all personal data is permanently removed within 30 days, except for anonymized analytics and audit logs required for security compliance.

7. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights regarding your personal data:

Right of access (Art. 15): you can request a copy of the personal data we hold about you.

Right to rectification (Art. 16): you can ask us to correct inaccurate or incomplete data.

Right to erasure (Art. 17): you can request deletion of your personal data (the "right to be forgotten"), subject to legal obligations.

Right to data portability (Art. 20): you can request your data in a structured, machine-readable format.

Right to object (Art. 21): you can object to processing based on legitimate interests.

Right to lodge a complaint: you have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data lawfully.

To exercise any of these rights, please contact us at privacy@theblackwall.gg.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

Know what personal data we collect and how it is used.

Request deletion of your personal data.

Opt out of the sale of your personal data.

We do not sell personal data. For privacy inquiries, contact privacy@theblackwall.gg.

9. Data Protection Contact

For data protection inquiries, contact us at: privacy@theblackwall.gg

If you have questions about this Privacy Policy or your personal data, please contact us at:

privacy@theblackwall.gg

We will respond to all legitimate requests within 30 days.