← Back to Binderbrew
Beta v1

Privacy Policy

Last updated: 2026-05-15.

What this is

Binderbrew (“Binderbrew”, “we”) is a Commander deckbuilding service for Magic: The Gathering players. This policy describes the personal data we collect, why we collect it, how long we keep it, and who we share it with.

Data we collect

  • Account data. Email address, account identifier from our authentication provider, and a hashed user ID we generate to scope your saved data.
  • Collection data. Card names, quantities, set codes, and any optional metadata (foil, condition, language) you upload. Files you upload are processed in memory and the parsed inventory is stored against your account.
  • Deck data. Commanders, decklists, build goals (budget, power target, deck vision text), generation run identifiers, and validation results for decks you save.
  • Billing data. If you subscribe, your Stripe customer ID, subscription ID, status, current period end, and tier. We do not see or store your card number — Stripe holds payment instruments.
  • Operational data. Request timing, rate-limit counters, and error logs needed to keep the service running. These do not include the contents of your decks or collection.

What we do NOT collect

  • Payment card numbers, expiration dates, or CVCs (Stripe handles these).
  • Government identifiers, precise location, or biometric data.
  • Contents of files outside the ones you explicitly upload.

How long we keep it

  • Account and saved deck/collection data: until you delete it or close your account.
  • Stripe subscription state: synced from Stripe webhooks; retained while you have an account.
  • Operational logs: rotated within 30 days unless required for security incident response.

Third parties

  • Scryfall — card data lookups (oracle text, prices, images). We send card names / IDs only; we never send your account identifier to Scryfall.
  • Stripe — payment processing, hosted checkout, subscription billing, and webhook events. See Stripe's privacy policy.
  • Authentication provider (Clerk). Holds your sign-in credentials, social-login tokens, and session cookies. See Clerk's privacy policy.
  • Vercel — hosting, deployment, CDN, and operational logs. Vercel sees encrypted traffic to the service.

We do not sell your personal data and we do not share it with advertisers.

AI providers

AI-assisted deck explanations are routed through approved providers only. The application's production model policy currently disables third-party Anthropic / Claude routing pending an explicit allowlist. When enabled, prompts contain card and deck metadata; they do not contain your email or account identifier beyond what is strictly needed for caching.

Your rights

  • Access — request a copy of your data.
  • Correction — edit your saved decks, collection, and account details directly in the app.
  • Deletion — delete saved decks/collections in the app, or contact support to close the account entirely.
  • Portability — exports of decklists and buy lists are available in the Review screen.

Email support@binderbrew.com to exercise any of these rights.

Children

Binderbrew is not directed at children under 13. If you believe a child has provided personal data, contact us and we will remove it.

Changes

Material changes to this policy will be announced via email and via the homepage banner at least 14 days before they take effect.

Contact

Email support@binderbrew.com. A postal address will be provided where required by law.