TCG
Sign inCreate collection

Privacy Policy

Last updated: April 23, 2026

Overview

tcgpile (www.tcgpile.com) is a Magic: The Gathering collection manager. This policy explains what data we collect, how we use it, and your rights regarding that data. It covers both the web platform and the TCGPile Companion browser extension.

Account data

When you create an account, we store:

  • Email address — used for authentication, password resets, and transactional emails (trial reminders, friend requests, lending notifications).
  • Password — hashed and managed by Supabase Auth. We never store or have access to your plaintext password.
  • Username and display name — optional, used for public profiles and the community directory.
  • Profile info — optional bio and location, visible in the community directory based on your visibility setting.

Collection data

Your card collection, buy list, sell list, decks, want list, order sheets, set trackers, and lending records are stored in our database. This data is tied to your account and protected by row-level security — only you can access your own data unless you explicitly share it via public links.

Card metadata (names, images, prices) comes from Scryfall, a public MTG card database. We sync this data periodically. No personal information is sent to Scryfall.

Sharing and visibility

Your data is private by default. You control what's visible to others:

  • Public links — trade binder, buy list, decks, and order sheets can be shared via unique URLs. Only the data you choose to share is visible.
  • Community directory — your profile appears in the community based on your visibility setting (everyone, friends of friends, or nobody).
  • Friends — accepted friends can see your collection and request card loans. You can remove friends at any time.

Payments

Pro subscriptions are processed by Stripe. We store your Stripe customer ID and subscription ID to manage your plan. We do not store credit card numbers, billing addresses, or any payment card details — those are handled entirely by Stripe.

Emails

We send emails via Resend for two purposes:

  • Transactional — friend requests, lending notifications, trial reminders, and welcome messages. These are triggered by actions you or your friends take.
  • Newsletters — occasional product updates and feature announcements. You can unsubscribe from newsletters at any time via the link at the bottom of each email.

Cookies

We use a single authentication cookie managed by Supabase to maintain your login session. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. There are no cookie banners because we don't use cookies that require consent under GDPR.

Analytics and tracking

We use Vercel Analytics to collect anonymous, aggregated usage data such as page views, visit duration, and device type. This data is not tied to your account, does not use cookies, and cannot identify individual users.

We do not use Google Analytics, Facebook Pixel, or any advertising-related tracking service. We do not build user profiles for advertising or sell data to third parties.

Browser extension (TCGPile Companion)

The TCGPile Companion browser extension enhances third-party MTG websites with your collection data. Here's how it handles your information:

Data storage

  • Settings and filter presets are stored in your browser via chrome.storage.sync and synced across your Chrome devices through your Google account. The extension developer has no access to this data.
  • Collection cache is stored locally via chrome.storage.local and refreshed every 15 minutes. This allows instant badge rendering without network requests.

Authentication

No passwords are stored in the extension. When you visit tcgpile.com while logged in, the extension reads your existing session token from the site's cookies. This token is used to authenticate API requests. You can disconnect your account at any time from the extension popup.

Permissions

  • Storage — persist settings, filters, and cached collection data.
  • Tabs — reload affected tabs when settings change and apply Cardmarket filters. The extension does not read or log tab URLs beyond what is needed for these actions.
  • Alarms — schedule periodic collection sync in the background.
  • Host permissions (tcgpile.com, cardmarket.com, tcgplayer.com, mtgstocks.com, mtgdecks.net, mtggoldfish.com, tcdecks.net) — inject content scripts that add ownership badges, import buttons, and Reserved List markers.

Third-party services

The extension loads country flag images from flagcdn.com in the Cardmarket filter panel. No user data is sent to this service. The extension contains no analytics, telemetry, tracking pixels, or advertising scripts.

Data deletion

You can delete your account from Settings. This permanently removes all your data: collection, decks, trade binder, buy list, friends, follows, sessions, and user settings. This action cannot be undone.

To disconnect the browser extension without deleting your account, click "Disconnect" in the extension popup. This clears all locally cached data and stored tokens.

Data location

The platform is hosted on Vercel and the database on Supabase (PostgreSQL). Both services process data in compliance with GDPR.

Changes to this policy

If this policy is updated, the changes will be reflected on this page with an updated date. We do not notify users of minor policy changes. For significant changes affecting your data rights, we will notify registered users via email.

Contact

For questions about this privacy policy, contact us at hey@tcgpile.com or through the contact form.