Privacy Policy

1. Who We Are

CardStacks is operated through cardstacks.xyz and app.cardstacks.xyz. For privacy or account-data requests, contact support@cardstacks.xyz.

2. Data We Collect

• Account data such as name, email address, auth-provider identifiers, and session records.
• Training data such as deck selection, progress, stats, streaks, reminders, and custom decks.
• Purchase and entitlement metadata needed to verify access to paid features.
• Support communications and operational logs used for security, debugging, and abuse prevention.

CardStacks does not store full payment card numbers. Purchases are processed by Apple App Store or Google Play.

3. How We Use Data

• To create and secure accounts and sign users in.
• To sync training progress, decks, entitlements, and reminders across devices.
• To provide support, detect fraud or abuse, and keep the service reliable.
• To meet legal, accounting, tax, refund, and security obligations.

4. Sharing

We share data only with service providers and platforms needed to run CardStacks, such as authentication, hosting, analytics, email, and native mobile billing providers. We may also disclose data when required by law or to protect users, CardStacks, or the public.

5. Retention

We keep personal data only as long as it is reasonably needed for the purposes above. When accounts are deleted, we aim to delete or de-identify the related data unless we need to retain limited records for legal, tax, refund, fraud, or security reasons.

6. GDPR and Similar Privacy Rights

If you are in the EEA, UK, Switzerland, or another region with similar laws, and where applicable, you may ask to:

• access the personal data we hold about you;
• correct inaccurate or incomplete data;
• delete personal data that is no longer needed or is processed unlawfully;
• restrict or object to certain processing;
• receive portable copies of the data you provided to us; and
• withdraw consent where processing relies on consent.

To exercise these rights, email support@cardstacks.xyz. We may request reasonable identity verification. We aim to respond without undue delay and, in principle, within one month. You may also complain to your local data protection authority if you believe your rights were not handled properly.

7. General Account Deletion Instructions

To request deletion of your CardStacks account or exported copies of your data, email support@cardstacks.xyz from the address associated with your account. Include:

• your account email address;
• whether you want full account deletion, data export, or a correction request; and
• any details that help us identify the account or purchase records.

After verification, we will delete or de-identify the requested account data unless a narrower retention duty applies.

8. Facebook / Meta Login Data Deletion Instructions

If you signed in with Facebook Login, you can revoke CardStacks' access from your Facebook account and request deletion of any remaining CardStacks-side data tied to that login.

• Open Facebook and go to Settings & Privacy -> Settings.
• Open Apps and Websites.
• Find CardStacks in the active apps list and click Remove.
• Then email support@cardstacks.xyz with the subject Facebook Data Deletion Request.

Please include the following in your email:

• your name;
• the email address used with CardStacks or Facebook Login;
• your Facebook app-scoped user ID if available; and
• whether you want full account deletion or only the Facebook login link removed.

Once verified, we will remove Facebook-linked identifiers, tokens, and identity-link records stored by CardStacks, and we will delete any additional account data you ask us to remove unless we must keep limited records for legal, fraud-prevention, security, or accounting reasons.

9. Changes

We may update this policy as the service, vendors, or legal requirements change. The current version is always published on this page.