Privacy Policy

Last updated: December 2024

1. Introduction

This Privacy Policy explains how Gundam-Cards.com collects, uses, and protects your personal information when you use our website and services. We are committed to protecting your privacy and ensuring transparency about our data practices.

2. Data Controller

Website: gundam-cards.com
Contact: support@gundam-cards.com
Hosting: Supabase (AWS France) and Vercel

3. Information We Collect

3.1 Information You Provide

  • Account Information: Email address, username, avatar/profile picture
  • Profile Data: Location (optional), forum signature
  • Collection Data: Cards you own, quantities, conditions, wish lists
  • Community Content: Forum posts, comments, ratings, reviews
  • Communications: Messages sent through our contact forms

3.2 Information Automatically Collected

  • Usage Data: Pages visited, time spent, features used
  • Technical Data: IP address, browser type, device information
  • Analytics: Website performance and usage statistics
  • Cookies: Session cookies, preference cookies, analytics cookies

3.3 Third-Party Information

  • Authentication: If you sign in with third-party providers
  • Public APIs: Card database information from public sources

4. How We Use Your Information

4.1 Service Provision

  • Creating and managing your account
  • Displaying your card collection and statistics
  • Enabling community features (forums, ratings, comments)
  • Providing personalized recommendations

4.2 Communication

  • Responding to your inquiries
  • Sending important service updates
  • Notifying about community activity (if opted in)

4.3 Improvement and Analytics

  • Understanding user behavior and preferences
  • Improving website performance and features
  • Generating anonymized usage statistics

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Consent: For optional features and communications
  • Contract: To provide our services to you
  • Legitimate Interest: For analytics, security, and service improvement
  • Legal Obligation: For compliance with applicable laws

6. Data Sharing and Disclosure

We DO NOT sell your personal data.

6.1 Limited Sharing

  • Service Providers: Supabase (hosting), Vercel (hosting), Google (analytics)
  • Public Content: Forum posts, comments, and ratings are public by design
  • Legal Requirements: When required by law or to protect safety

6.2 Data Transfers

Your data is stored within the European Union (AWS France) and processed according to GDPR standards.

7. Data Retention

Data TypeRetention PeriodNotes
Account DataWhile account is activeDeleted upon account deletion
Collection DataWhile account is activePart of user service
Community ContentIndefinitelyAnonymized after account deletion
Technical Logs12 monthsLegal compliance

8. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Delete your account and associated data
  • Portability: Export your collection data
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: Opt out of optional features

To exercise these rights: Contact us at support@gundam-cards.com

9. Cookies and Tracking

9.1 Essential Cookies

  • Authentication and session management
  • User preferences and settings
  • Security and fraud prevention

9.2 Analytics Cookies

  • Google Analytics (anonymized)
  • Usage statistics and performance monitoring

You can control cookies through your browser settings. Note that disabling essential cookies may affect site functionality.

10. Data Security

10.1 Security Measures

  • Encryption in transit and at rest
  • Regular security updates and monitoring
  • Access controls and audit logs
  • Secure hosting infrastructure

10.2 Data Breaches

In case of a security breach, we will notify affected users and relevant authorities within 72 hours as required by law.

11. Children's Privacy

Our service is available to users 13 years and older. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information immediately.

12. Third-Party Services

12.1 Integrated Services

  • Google Analytics: Website analytics and performance monitoring
  • Supabase: Database hosting and authentication
  • Vercel: Website hosting and deployment

Each service has its own privacy policy governing their data practices.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email notification to registered users and prominent notice on the website.

Continued use after changes indicates acceptance of the updated policy.

14. Contact and Complaints

14.1 Contact Us

For privacy-related questions or requests:
Email: support@gundam-cards.com
Website: gundam-cards.com/contact

14.2 Regulatory Complaints

If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection authority or the CNIL in France (www.cnil.fr).