Privacy Policy
Last updated: April 25, 2026
1. Introduction
TCG Forge ("we", "us", "our") operates the thetcgforge.com website and related services (including the CSV converter, optional Pro features, and account-based tools). This Privacy Policy explains how we collect, use, and protect your information when you use our service.
2. Information We Collect
Account Information (via Google Sign-In):
- Name
- Email address
- Profile picture URL
- Google account ID
We do not collect or store your Google password. Authentication is handled entirely by Google's secure OAuth 2.0 system.
Payment Information:
- PayPal transaction ID
- PayPal subscription ID (if applicable)
- Payment status and plan type
We do not collect, process, or store your credit card number, bank account, or other financial details. All payment processing is handled by PayPal. We never see your card information.
Usage Data:
- Files you upload (CSV files) — processed in memory and not stored on our servers after conversion
- Conversion settings (e.g., rounding threshold)
- Login timestamps
Account / Feature Data (stored in our database while your account is active):
- Subscription tier, plan code, and entitlement flags (e.g., grandfathered Pro, add-ons)
- User-configurable preferences (e.g., spike-alert threshold, per-channel notification choices)
- Watchlist entries you create (card identifiers, optional per-card thresholds, baseline prices used to evaluate alerts)
- Alert / notification history needed to operate the service (e.g., last-fired timestamps so we don't re-spam you)
Discord Linkage (only if you choose to connect your Discord account):
- Your Discord user ID (and basic profile info returned by Discord OAuth) so we can grant roles, send direct messages where you've opted in, and reconcile community access
- Any Discord webhook URL you paste in, which is used solely to deliver notifications you've requested to a channel you control
You can disable any of these channels at any time from your account settings; doing so stops future notifications via that channel.
Email Notifications:
We use your account email address to send service-related messages (e.g., login, payment, account changes) and optional notifications you opt into (e.g., price-spike alerts, periodic Pro newsletter). Email delivery is performed via a third-party SMTP provider; see Section 4.
Technical Data:
- IP address
- Browser type and version
- Session cookies (required for login functionality)
- Application logs (e.g., job runs, error traces) needed for service operation, debugging, and security monitoring
3. How We Use Your Information
We use your information to:
- Authenticate your identity and manage your account
- Process payments and manage subscription status and entitlements
- Provide CSV conversion, the TCGplayer Price Updater, and other tools available on your plan
- Maintain your watchlist and evaluate price-spike conditions on your behalf
- Send you the notifications you've opted into (email, Discord DM, and/or Discord webhook)
- Operate optional Pro features such as the periodic newsletter
- Save your user preferences (e.g., rounding settings, alert thresholds)
- Operate, debug, and secure the service (e.g., logs, abuse prevention, scheduled jobs)
- Enforce our Terms & Conditions
We do NOT:
- Sell your personal data to third parties
- Use your data for advertising
- Share your data with unrelated third parties
- Store your uploaded CSV files after processing
4. Third-Party Services
Our service integrates with the following third-party providers:
- Google — Authentication (OAuth 2.0). Subject to Google's Privacy Policy.
- PayPal — Payment processing. Subject to PayPal's Privacy Policy.
- Scryfall and MTGJSON — Card identification, image, and pricing data. Subject to their respective policies (see Scryfall and MTGJSON). We send card identifiers and similar non-personal lookup data; we do not send your account email, payment details, or other directly identifying information to these providers.
- Discord — Optional account linking, role assignment, direct messages, and/or user-configured webhook delivery, only if you opt in. Subject to Discord's Privacy Policy.
- Email / SMTP delivery provider — Used to deliver service and opt-in notification email. Your email address and message contents are processed by this provider in order to deliver them.
5. Cookies & Session Data
We use a single session cookie to keep you logged in. This cookie:
- Is required for the service to function
- Contains only a session identifier (not personal data)
- Has a server-side session record that expires after a period of inactivity or when you log out
- Cannot be used to track you across other websites
We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.
6. Data Storage & Security
Your account information is stored in an encrypted database on our server. We implement reasonable security measures including:
- HTTPS encryption for all connections
- Secure session management
- No storage of payment card details
- Environment-variable-based secrets management
7. Data Retention
- Account, watchlist, and preference data — Retained as long as your account is active
- Uploaded files — Not retained; processed in memory only
- Payment records — Retained for accounting and dispute resolution purposes
- Operational logs — Retained for a reasonable period for debugging, security, and abuse prevention, then rotated or pruned
- Backups — Periodic encrypted-at-rest backups of the application database are retained for disaster-recovery purposes and may include data that has since been deleted from the live system, until those backups are themselves rotated out
- Session data — Automatically cleared on logout or session expiry
8. Your Rights
You have the right to:
- Access your personal data — contact us to request a copy
- Delete your account — contact us to request account deletion
- Revoke Google access — via your Google Account permissions
- Disconnect Discord — from your TCG Forge account settings, and/or by removing the authorization in Discord directly
- Opt out of optional notifications — at any time from your account settings, on a per-channel basis (email, Discord DM, Discord webhook)
9. Children's Privacy
Our service is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy at any time. Changes will be posted on this page with an updated revision date. Continued use of the service constitutes acceptance of the revised policy.
11. Contact
For privacy-related questions or data requests, contact us through the website.