Privacy policy

This Privacy Policy describes how DeckPunk (“DeckPunk”, the “App”) handles information when you use our mobile application. The App is operated by Thjis, registered in the Netherlands (“Thjis”, “we”, “us”, “our”). By using the App, you agree to this policy together with our Terms of Use.

Summary

DeckPunk does not require you to create a user account. Your collection, decks, wishlist, notes, and preferences are stored on your device (for example in a local database and secure storage) so the App can work offline and remember what you own. We do not operate a social network or central user profile database inside the App for routine use.

When you browse or refresh catalog data, the App contacts our servers over the internet. Those requests are ordinary HTTPS traffic; depending on configuration, servers may log technical data such as IP address, timestamps, and app version for security and reliability — not your card list from local storage.

If a build of the App includes third-party advertising, an ad network (for example Google) may process device or advertising-related data as described in that network’s policies and your device settings.

We use RevenueCat to manage in-app purchases and entitlements. Apple or Google process payments. We do not sell your personal information.

Data controller (EU / UK)

For the purposes of the EU General Data Protection Regulation (“GDPR”) and the UK GDPR / Data Protection Act 2018, the controller is Thjis, registered in the Netherlands. For privacy requests, contact us at the email below. You may lodge a complaint with a supervisory authority, including the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or, if you are in the UK, the ICO.

Information stored on your device

The App stores collection entries, deck lists, wishlist identifiers, sealed inventory, preferences, and similar data locally. That data remains on your device unless you export a backup, delete the App, or clear app data, except where a platform feature syncs device backups under your Apple or Google account according to their policies. We do not receive a copy of your full collection database on our servers solely from normal catalog browsing.

Online catalog and API requests

Catalog content (sets, cards, images, and related metadata) is delivered over HTTPS. Requests may include technical identifiers needed to operate the service. Please avoid sending sensitive personal data through free-text fields inside the App unless necessary for your own notes.

Advertising (if enabled)

If advertising is present in your build, the ad provider’s SDK may process identifiers and usage data to show and measure ads, prevent fraud, and (where allowed) personalize ads. The provider acts under its own policies. You can adjust ad-related settings on your device. See, for example, policies.google.com/privacy when Google services are used.

RevenueCat (purchases SDK)

We use RevenueCat, Inc.’s SDK to manage in-app purchases and entitlements. RevenueCat may process technical identifiers and subscription or purchase-related data on our behalf (for example to validate entitlements with Apple or Google). RevenueCat may act as a processor under the GDPR where applicable. See: revenuecat.com/privacy.

Purchases and payment platforms

Paid products are billed and managed by Apple (App Store) or Google (Google Play), not by us directly. They process payment and account data under their own privacy policies. We do not receive your full payment card details.

• Apple: apple.com/legal/privacy
• Google: policies.google.com/privacy

Offers, pricing display, and product tests

We may show different purchase offers, prices, or paywall layouts to different users based on factors such as region, language, app store country, device type, or similar segments (for example A/B tests), in line with platform rules and this policy.

Legal bases (EU / UK)

Where the GDPR or UK GDPR applies, we rely on: contract (to provide the App and honour purchases as mediated by stores and RevenueCat), legitimate interests (to secure the App, prevent abuse, improve reliability, and respond to support you request), consent where required for certain advertising or analytics processing governed by a provider or the platform (for example where the ATT or GDPR consent frameworks apply), and legal obligation where required.

International transfers

RevenueCat, advertising partners (if any), Apple, Google, and their subprocessors may process data in the United States and other countries. Where required, they use appropriate safeguards (such as Standard Contractual Clauses) as described in their respective policies.

Retention

We do not maintain a central user database for routine App use. Support emails are kept only as long as needed to handle your request and for ordinary business, legal, and tax records. Processors such as RevenueCat, Apple, and Google retain data according to their own policies. Server logs, if collected, are retained for a limited period consistent with security and operations.

Your rights (EU / UK)

Where applicable, you may have the right to access, rectify, erase, restrict, or object to certain processing, and to data portability. To exercise rights against Thjis, email us at the address below. For ad-related data held by a network, use that provider’s tools and device settings. For subscription records, use your Apple or Google account tools.

California residents (CPRA)

This section supplements the above for California residents. We do not sell personal information for money. Advertising, if used, may involve “sharing” or “targeted advertising” as defined under California law; the provider’s disclosures and your opt-out rights are described in its California privacy notices and your device settings.

Your rights. You may have the right to know, delete, and correct personal information, and to opt out of sale/sharing where applicable. Contact us at the email below. We will not discriminate against you for exercising these rights. You may designate an authorized agent where permitted by law.

Support and communications

If you email us for support, we receive what you send (such as your email address and message content) to respond. We do not use support emails for marketing unless you ask us to.

Legal and safety

We may preserve or disclose information if we believe in good faith it is required by law, legal process, or to protect the rights, safety, or integrity of users or the public.

Children

The App is not directed at children under 13 (or the minimum age required in your country to consent to data processing). If you are not old enough, please do not use the App.

Changes to this policy

We may update this Privacy Policy at our discretion. We will post the revised version on this page and update the “Last updated” date. Unless a shorter period is required by law or by an app store, we will notify users at least one (1) month before material changes take effect (for example via an in-app notice, email if we have your address from support, or another reasonable method). Continued use after the effective date means you accept the updated policy, except where applicable law requires your separate consent.

Contact

For privacy questions, contact Thjis at: me@thjis.com