Logo
Sign InSign Up
Privacy Policy
Learn how we collect, use, and protect your personal information.
Last updated: December 2024

Privacy Policy

Only Cards is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital collectible card platform.

1. Information We Collect

Personal Information

We collect information you provide directly to us, including:

  • Account Information: Name, email address, username, password, and profile details
  • Payment Information: Credit card details, billing address, and payment history
  • Shipping Information: Physical addresses for card shipment services
  • Communication Data: Messages, support tickets, and feedback you send us

Automatically Collected Information

When you use our service, we automatically collect:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent on platform, click patterns
  • Performance Data: Load times, errors, and platform performance metrics
  • Location Data: General geographic location based on IP address

Gameplay and Collection Data

We track your platform activity including:

  • Card Collection: Cards owned, pack opening history, trade history
  • Transaction Records: Purchases, sales, and marketplace activity
  • Platform Interactions: Social features, reviews, and user-generated content

2. How We Use Your Information

Service Provision

  • Create and manage your account
  • Process payments and transactions
  • Fulfill physical card shipment requests
  • Provide customer support and respond to inquiries
  • Send service-related communications

Platform Improvement

  • Analyze usage patterns to improve user experience
  • Develop new features and services
  • Conduct research and analytics
  • Monitor platform performance and security

Marketing and Communication

  • Send promotional emails and newsletters (with your consent)
  • Personalize content and recommendations
  • Notify you of new features, updates, or events
  • Conduct surveys and gather feedback

Legal and Security

  • Prevent fraud and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Protect our rights and property
  • Ensure platform security and integrity

3. Information Sharing and Disclosure

Third-Party Service Providers

We share information with trusted partners who help us operate our platform:

  • Payment Processors: Stripe, PayPal for secure payment processing
  • Shipping Partners: FedEx, UPS, USPS for physical card delivery
  • Email Services: SendGrid, Mailchimp for communication
  • Analytics Providers: Google Analytics for usage insights
  • Cloud Services: AWS, Vercel for hosting and storage

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to equivalent privacy protections.

Legal Requirements

We may disclose information when required by law or to:

  • Respond to subpoenas, court orders, or legal processes
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users
  • Prevent fraud or other illegal activities

With Your Consent

We may share information for other purposes with your explicit consent.

4. Data Security

Security Measures

We implement industry-standard security measures including:

  • Encryption: All data transmitted using SSL/TLS encryption
  • Secure Storage: Encrypted data storage with access controls
  • Authentication: Multi-factor authentication options
  • Monitoring: Continuous security monitoring and threat detection
  • Regular Audits: Security assessments and vulnerability testing

Account Security

To protect your account:

  • Use strong, unique passwords
  • Enable two-factor authentication when available
  • Log out of shared devices
  • Report suspicious activity immediately
  • Keep your contact information updated

Data Breach Response

In the event of a data breach:

  • We will assess the scope and impact immediately
  • Affected users will be notified within 72 hours
  • Law enforcement and regulators will be notified as required
  • We will provide guidance on protective measures

5. Your Privacy Rights

Access and Control

You have the right to:

  • Access: Request a copy of your personal data
  • Update: Modify or correct your account information
  • Delete: Request deletion of your personal data
  • Export: Download your data in a portable format
  • Restrict: Limit how we process your information

Communication Preferences

You can control communications by:

  • Unsubscribing from marketing emails
  • Updating notification preferences in your account
  • Contacting support to opt out of specific communications
  • Managing cookie preferences in your browser

Data Portability

Upon request, we will provide your data in a structured, commonly used format that allows you to transfer it to another service.

6. Cookies and Tracking Technologies

Types of Cookies

We use various cookies and similar technologies:

  • Essential Cookies: Required for platform functionality
  • Performance Cookies: Help us understand how you use our platform
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used to deliver relevant advertisements

Cookie Management

You can control cookies through:

  • Browser settings to block or delete cookies
  • Our cookie preference center
  • Third-party opt-out tools
  • Ad blocker extensions

Do Not Track

We currently do not respond to Do Not Track signals, but we provide other privacy controls as described in this policy.

7. Children's Privacy

Age Restrictions

  • Our service is not intended for children under 13
  • Users between 13-17 require parental consent
  • We do not knowingly collect information from children under 13
  • If we discover we have collected such information, we will delete it promptly

Parental Controls

Parents can:

  • Request information about their child's account
  • Request deletion of their child's account
  • Update consent preferences
  • Monitor their child's platform activity

8. International Data Transfers

Cross-Border Processing

Your information may be processed in countries other than your residence, including:

  • United States (our primary operations)
  • European Union (some service providers)
  • Other countries where our service providers operate

Transfer Safeguards

When transferring data internationally, we ensure:

  • Adequate protection through legal frameworks
  • Contractual protections with service providers
  • Compliance with applicable data protection laws
  • User notification of significant changes

9. Data Retention

Retention Periods

We retain your information for different periods:

  • Account Data: Until account deletion plus 30 days
  • Transaction Records: 7 years for financial compliance
  • Support Communications: 3 years for quality assurance
  • Usage Analytics: 2 years in aggregated form
  • Marketing Data: Until you opt out plus 30 days

Deletion Process

When information is deleted:

  • It is removed from active systems within 30 days
  • Backup copies are deleted within 90 days
  • Some information may be retained for legal compliance
  • Aggregated, anonymized data may be retained indefinitely

10. California Privacy Rights (CCPA)

Rights for California Residents

If you are a California resident, you have additional rights:

  • Right to Know: What personal information we collect and how it's used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information
  • Right to Non-Discrimination: Equal service regardless of privacy choices

Exercising Your Rights

To exercise these rights:

  • Submit a request through our privacy portal
  • Email us at privacy@onlycards.com
  • Contact customer support with verification
  • We will respond within 45 days

Verification Process

To protect your privacy, we may require:

  • Account login verification
  • Email confirmation
  • Additional identity verification for sensitive requests

11. European Privacy Rights (GDPR)

Legal Basis for Processing

We process your data based on:

  • Contract: To provide our services
  • Consent: For marketing communications
  • Legitimate Interest: For platform improvement and security
  • Legal Obligation: For compliance requirements

Additional Rights

European residents have additional rights:

  • Right to Rectification: Correct inaccurate information
  • Right to Restriction: Limit processing in certain circumstances
  • Right to Object: Object to processing based on legitimate interests
  • Right to Data Portability: Receive data in a portable format

Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at dpo@onlycards.com.

12. Updates to This Policy

Policy Changes

We may update this Privacy Policy to reflect:

  • Changes in our practices
  • Updates to applicable laws
  • New features or services
  • User feedback and concerns

Notification Process

When we make material changes:

  • We will notify you via email
  • We will post a notice on our platform
  • We will update the "Last Updated" date
  • Continued use constitutes acceptance of changes

Version History

Previous versions of this policy are archived and available upon request.

13. Contact Information

Privacy Inquiries

For privacy-related questions or requests:

  • Email: privacy@onlycards.com
  • Mail: Only Cards Privacy Team, [Your Address]
  • Phone: [Your Phone Number]
  • Response Time: Within 5 business days

Data Protection Officer

For GDPR and data protection matters:

Customer Support

For general account and service questions:

14. Effective Date

This Privacy Policy is effective as of December 2024 and was last updated on December 2024.

Your privacy is important to us. If you have any questions about this Privacy Policy or our privacy practices, please don't hesitate to contact us.