BINDERBREW
← Back to BinderBrew
Beta v1

Privacy Policy

Last updated: 2026-06-15.

What this is

BinderBrew (“BinderBrew”, “we”) is a Commander deckbuilding service for Magic: The Gathering players. This policy describes the personal data we collect, why we collect it, how long we keep it, and who we share it with.

Data we collect

  • Account data. Email address, account identifier from our authentication provider, and a hashed user ID we generate to scope your saved data.
  • Collection data. Card names, quantities, set codes, and any optional metadata (foil, condition, language) you upload. Files you upload are processed in memory and the parsed inventory is stored against your account.
  • Deck data. Commanders, decklists, build goals (budget, power target, deck vision text), generation run identifiers, and validation results for decks you save.
  • Billing data. If you subscribe, your Stripe customer ID, subscription ID, status, current period end, and tier. We do not see or store your card number — Stripe holds payment instruments.
  • Operational data. Request timing, rate-limit counters, and error logs needed to keep the service running. These do not include the contents of your decks or collection.

What we do NOT collect

  • Payment card numbers, expiration dates, or CVCs (Stripe handles these).
  • Government identifiers, precise location, or biometric data.
  • Contents of files outside the ones you explicitly upload.

How long we keep it

  • Account and saved deck/collection data: until you delete it or close your account.
  • Stripe subscription state: synced from Stripe webhooks; retained while you have an account.
  • Operational logs: rotated within 30 days unless required for security incident response.

Location for local-store lookups

The Buy List screen offers a “Find local game stores” panel. By default we use the approximate location your network provides (city-level, derived from your IP by Vercel) to sort stores by distance. We do not store this location. If you click “Use my exact location” the browser will ask for precise coordinates; those coordinates are sent to our server only for the duration of the lookup and are not stored. Coordinates may also be sent to Google Maps if you click “Get directions” on a store card.

Third parties

  • Scryfall — card data lookups (oracle text, prices, images). We send card names / IDs only; we never send your account identifier to Scryfall.
  • Google Places (optional) — when configured, we send a one-time anonymous lat/lng to the Places Text Search API to discover game stores beyond our curated partner list. No account or device identifier is sent.
  • Stripe — payment processing, hosted checkout, subscription billing, and webhook events. See Stripe's privacy policy.
  • Authentication provider (Clerk). Holds your sign-in credentials, social-login tokens, and session cookies. See Clerk's privacy policy.
  • Vercel — hosting, deployment, CDN, and operational logs. Vercel sees encrypted traffic to the service.
  • Neon — managed Postgres database that stores your saved decks, collections, preferences, and feedback.
  • Sentry — error and performance monitoring. Receives diagnostic events (error messages, stack traces, and request metadata which can include your IP address) so we can keep the service reliable. We do not send your decks or collection contents to Sentry.
  • Upstash — Redis store holding short-lived rate-limit counters keyed by session or IP.
  • Analytics (Google Analytics, Plausible, or PostHog) — when enabled, aggregate page and product-usage analytics. These load only after you accept analytics cookies in the consent banner.
  • ImprovMX — forwards email sent to our @binderbrew.com support address to our inbox.
  • Transactional email provider — when configured, sends account and deck re-engagement emails such as saved-deck reminders. Each message includes an unsubscribe link.

We do not sell your personal data and we do not share it with advertisers.

Cookies and analytics

  • Essential. Sign-in/session cookies from our authentication provider and a cookie storing your consent choice. These are required for the service to work and cannot be turned off.
  • First-party product analytics. We record anonymized funnel events (for example: page viewed, deck generated) tied to a random session identifier stored in your browser. These are stripped of card names, decklists, collection contents, and email before storage.
  • Optional analytics cookies. If you accept analytics in the consent banner, we may load Google Analytics, Plausible, or PostHog to understand aggregate usage. You can decline these in the banner; essential functionality still works.

Privacy choices

We do not sell your personal data. Email support@binderbrew.com if you want to access, correct, export, or delete account data, or if you want us to limit optional processing where the law gives you that right. You can opt out of BinderBrew re-engagement emails with the unsubscribe link in any message.

AI providers

AI-assisted deck explanations are routed through approved providers only. The application's production model policy currently disables third-party Anthropic / Claude routing pending an explicit allowlist. When enabled, prompts contain card and deck metadata; they do not contain your email or account identifier beyond what is strictly needed for caching.

Your rights

  • Access — request a copy of your data.
  • Correction — edit your saved decks, collection, and account details directly in the app.
  • Deletion — delete saved decks/collections in the app, or contact support to close the account entirely.
  • Portability — exports of decklists and buy lists are available in the Review screen.

Email support@binderbrew.com to exercise any of these rights.

Children

BinderBrew is not directed at children under 13. If you believe a child has provided personal data, contact us and we will remove it.

Changes

Material changes to this policy will be announced via email and via the homepage banner at least 14 days before they take effect.

Contact

Email support@binderbrew.com. A postal address will be provided where required by law.

BinderBrew uses cookies for sign-in and basic site usage. Optional analytics help us improve the builder. See our Privacy Policy.