Privacy Policy

1. Overview

CardForge is built with privacy in mind. We collect only what is necessary to provide the service and never sell your data to third parties.

2. Information We Collect

When you create an account, we collect your email address and any profile information provided through your OAuth provider (e.g. Google). We store the decks and cards you create when cloud sync is enabled.

If you use CardForge without an account, all data stays in your browser's local storage and never leaves your device.

3. How We Use Your Information

We use your information solely to provide and improve CardForge. Specifically:

• To authenticate your account and keep it secure
• To sync your decks across devices when cloud sync is enabled
• To respond to support requests

We do not use your data for advertising or share it with third parties for marketing purposes.

4. Data Storage

Cloud data is stored on Supabase, which runs on AWS infrastructure. Free-tier hosting is used, so we cannot guarantee 100% uptime or long-term data retention. We recommend exporting your decks as JSON regularly.

5. Cookies

CardForge uses cookies only for authentication session management. We do not use tracking or advertising cookies.

6. Your Rights

You can delete your account and all associated data at any time from the Settings page. Local data can be cleared by clearing your browser's storage. You may also export all your data as JSON at any time.

7. Third-Party Services

CardForge uses the following third-party services:

• Supabase — authentication and database
• Vercel — hosting and deployment

Each service has its own privacy policy governing how they handle data.