Revised: November 27, 2025
This Privacy Notice for My Trading Cards LLC (doing business as TCGworld) ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you visit our website at https://tcgworld.gg, or any website of ours that links to this Privacy Notice, use our web-based trading card game platform, including digital card collecting, pack opening, card exchanges, and physical card fulfillment services, or engage with us in other related ways, including any sales, marketing, events, or through our affiliate program.
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at admin@tcgworld.gg.
Table of Contents
- What information do we collect?
- How do we process your information?
- What legal bases do we rely on to process your personal information?
- When and with whom do we share your personal information?
- Do we use cookies and other tracking technologies?
- How do we handle your social logins?
- How long do we keep your information?
- How do we keep your information safe?
- Do we collect information from minors?
- What are your privacy rights?
- Controls for do-not-track features
- Do United States residents have specific privacy rights?
- Do we make updates to this notice?
- How can you contact us about this notice?
- How can you review, update, or delete the data we collect from you?
1. What Information Do We Collect?
Personal Information You Disclose to Us
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include names, email addresses, usernames, passwords, mailing addresses (for physical card fulfillment), contact preferences, phone numbers (optional, for shipping notifications), affiliate/referral codes, and chat messages and communications.
Sensitive Information. We do not process sensitive information.
Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by Stripe. You may find their privacy notice here: https://stripe.com/privacy.
Shipping Data. When you request physical card fulfillment, we collect shipping information including your name, address, and contact details. Shipping services are processed through Shippo. You may find their privacy notice here: https://goshippo.com/privacy.
Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, Google, or other social media account. If you choose to register in this way, we will collect certain profile information about you from the social media provider.
Game Activity Data. We collect information about your gaming activities including card collection and inventory, pack opening history, exchange transactions, server seeds, client seeds, and nonces for provably fair verification, gem balance and transaction history, and fulfillment requests and status.
Information Automatically Collected
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information.
The information we collect includes Log and Usage Data (service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services), Device Data (information about your computer, phone, tablet, or other device you use to access the Services), and WebSocket Connection Data (for real-time features like chat and live updates, we collect connection information including session identifiers and connection timestamps).
2. How Do We Process Your Information?
We process your personal information for a variety of reasons, depending on how you interact with our Services, including to facilitate account creation and authentication and otherwise manage user accounts, to deliver and facilitate delivery of services to the user (including processing gem purchases, managing card pack openings with provably fair randomness, facilitating card exchanges, and processing physical card fulfillment requests), to enable the provably fair system by processing server seeds, client seeds, and nonces to ensure transparent and verifiable randomness in pack openings, to manage the affiliate program by processing referral information to track commissions, apply discounts, and manage affiliate ranks, to respond to user inquiries and offer support to users, to send administrative information to you, to fulfill and manage your orders including coordinating physical card shipments, to enable user-to-user communications through our chat features, to request feedback, to send you marketing and promotional communications (you can opt out at any time), to protect our Services including fraud monitoring and prevention, to evaluate and improve our Services, products, marketing, and your experience, and to comply with our legal obligations.
3. What Legal Bases Do We Rely On to Process Your Personal Information?
If you are located in the EU or UK, this section applies to you.
We may rely on the following legal bases to process your personal information: Consent (we may process your information if you have given us permission to use your personal information for a specific purpose, and you can withdraw your consent at any time), Performance of a Contract (we may process your personal information when necessary to fulfill our contractual obligations to you), Legitimate Interests (we may process your information when reasonably necessary to achieve our legitimate business interests), and Legal Obligations (we may process your information where necessary for compliance with our legal obligations).
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (express consent) or in situations where your permission can be inferred (implied consent). You can withdraw your consent at any time.
4. When and With Whom Do We Share Your Personal Information?
Vendors, Consultants, and Other Third-Party Service Providers
We may share your data with third-party vendors who perform services for us. The categories of third parties we may share personal information with include Authentication Services (Google OAuth), Payment Processors (Stripe), Shipping and Fulfillment Services (Shippo), Cloud Infrastructure Services (Fly.io, Vercel), Communication Services (SendGrid for emails), Data Storage Services (PostgreSQL, Redis), Performance Monitoring Tools, and Customer Support Tools.
Additional Sharing Situations
We also may need to share your personal information in the following situations: Business Transfers (in connection with any merger, sale of company assets, financing, or acquisition), When we use Google Analytics (we may share your information with Google Analytics to track and analyze the use of the Services), and Other Users (when you share personal information or interact with public areas of the Services, such information may be viewed by all users).
5. Do We Use Cookies and Other Tracking Technologies?
We may use cookies and similar tracking technologies to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.
Types of Technologies We Use
Session Cookies (essential for maintaining your login state and game session), Persistent Cookies (remember your preferences and settings), Analytics Cookies (help us understand how users interact with our Services), WebSocket Tokens (for real-time chat and live updates), and LocalStorage (for storing client seeds and user preferences).
Cookie Inventory (Analytics and Tracking)
The following cookies and storage keys are used for analytics and tracking in our current implementation. Analytics tools are enabled only after you accept cookies in our consent banner.
| Name | Provider | Purpose | Type | Typical Retention |
|---|---|---|---|---|
| cookieConsent | TCGworld | Stores your analytics consent choice (accepted/declined). | First-party cookie | 30 days |
| cookieConsentUser | TCGworld | Anonymous token used to log consent history/version. | First-party cookie | 2 years |
| _ga, _ga_* | Google Analytics | Distinguishes users/sessions and supports usage analytics. | First-party analytics cookies | Up to 2 years |
| ph_phc_*_posthog | PostHog | Stores anonymous distinct ID and session metadata for product analytics. | First-party analytics cookie | Up to 1 year |
| _fbp, _fbc | Meta Pixel | Supports ad attribution and conversion/event measurement. | First-party tracking cookies | Up to 90 days |
Some cookie names may include dynamic suffixes (for example, measurement or project IDs). Browser privacy settings, vendor configuration changes, and regional consent requirements may affect cookie behavior and retention.
6. How Do We Handle Your Social Logins?
Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook, Google, or other social media logins). Where you choose to do this, we will receive certain profile information about you from your social media provider, which may include your name, email address, and profile picture. We will use the information we receive only for the purposes described in this Privacy Notice. Please note that we do not control other uses of your personal information by your third-party social media provider.
Google OAuth Data
If you choose to sign in using Google OAuth, we receive your Google account name, email address, and profile image. We use this information solely to create and authenticate your TCGworld account. We do not receive or access your Google password. We do not use Google OAuth data for advertising or share it with third parties, except as necessary to provide our Services. We do not sell or rent any personal information obtained through Google OAuth. You may disconnect your Google account at any time through your TCGworld account settings or your Google Account permissions page.
7. How Long Do We Keep Your Information?
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law.
Specific Retention Periods
Account Information (duration of your account plus 90 days after account deletion), Transaction Records (7 years for tax and accounting purposes), Provably Fair Data (server seeds retained for 30 days after rotation for verification), Chat Messages (90 days unless flagged for moderation), and Physical Fulfillment Records (3 years after fulfillment completion).
8. How Do We Keep Your Information Safe?
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, no electronic transmission over the Internet can be guaranteed to be 100% secure.
Security Measures Include
Encryption (all data transmissions encrypted using TLS/SSL), Access Controls (role-based access controls for internal systems), Password Security (Bcrypt hashing for password storage), API Security (JWT tokens with expiration for authentication), Provably Fair System (cryptographic verification of all randomness), Regular Updates (security patches and dependency updates), and Monitoring (activity logging and anomaly detection).
9. Do We Collect Information from Minors?
We do not knowingly collect, solicit data from, or market to individuals under 18 years of age. Our Services are restricted to users 18 years of age and older. By using the Services, you represent that you are at least 18 years of age. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.
10. What Are Your Privacy Rights?
Withdrawing Your Consent
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us.
Opting Out of Marketing
You can unsubscribe from our marketing communications at any time by clicking the unsubscribe link in emails or by contacting us.
Account Information
If you would like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account, or contact us using the contact information provided.
Cookies and Similar Technologies
Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies.
11. Controls for Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals.
12. Do United States Residents Have Specific Privacy Rights?
Categories of Personal Information We Collect
Identifiers (name, email, address, etc.), Commercial information (transaction history, purchase records), Internet or network activity (browsing behavior, interactions with our Services), and Inferences drawn from collected information.
Your Rights
Right to know whether we are processing your personal data, Right to access your personal data, Right to correct inaccuracies in your personal data, Right to request deletion of your personal data, Right to obtain a copy of your personal data, and Right to non-discrimination for exercising your rights.
To exercise these rights, contact us at admin@tcgworld.gg.
13. Do We Make Updates to This Notice?
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification.
14. How Can You Contact Us About This Notice?
If you have questions or comments about this notice, you may email us at admin@tcgworld.gg or contact us by post at:
My Trading Cards LLC
14337 Pioneer Blvd Unit #1122
Norwalk, CA 90650
United States
15. How Can You Review, Update, or Delete the Data We Collect from You?
Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.
To request to review, update, or delete your personal information, please contact us at admin@tcgworld.gg.
Additional Notices for Specific Features
Provably Fair System
Our provably fair system uses cryptographic methods to ensure transparency in pack openings. The data collected for this system includes Server seeds (hashed and revealed daily), Client seeds (customizable by users), and Nonces (auto-incrementing counters). This data is retained for 30 days after server seed rotation to allow for verification of past results.
Affiliate Program
If you participate in our affiliate program, we collect additional information including Referral codes and links, Commission tracking data, Performance metrics, and Payment information for commission disbursements.
Physical Card Fulfillment
When you request physical cards, we collect Shipping address, Contact information for delivery updates, Insurance preferences, and Tracking information. This information is shared with our shipping partner (Shippo) and retained for 3 years for customer service and legal compliance purposes.
Compliance With Google API Services User Data Policy
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements.