Privacy Policy

Last Updated: May 22, 2026  |  Version 1.1

1. Introduction

TCGMetric ("we," "us," or "our") operates the website located at www.tcgmetric.com (the "Service"), a Pokemon Trading Card Game pricing and analytics platform based in Oklahoma, United States.

This Privacy Policy describes how we collect, use, and disclose your personal information when you use our Service, and what rights you have regarding that information.

By using TCGMetric, you agree to the collection and use of information in accordance with this Policy.

2. Information We Collect

2.1 Information you provide directly

• Account registration: email address, optional display name, and password (stored as a salted Argon2id hash, never in plaintext).
• Date of birth: collected at registration solely for age verification under the Children's Online Privacy Protection Act (COPPA). If you are under 13, your registration is blocked and the date of birth is not retained.
• Card collection and wishlist data: card selections, portfolio configurations, tracked cards (if you use those features).
• Communications: support emails, contact form submissions, and feedback you send us.

2.2 Information collected automatically

• Usage data: pages visited, features used, search queries, cards viewed, session duration, referral sources, and click patterns.
• Device and technical data: IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers.
• Log data: server logs including access times, pages viewed, IP address, and referring URL.

2.3 Information from cookies and tracking technologies

• Essential cookies: authentication session and CSRF tokens — required for the Service to function.
• Persistent cookies: remember your preferences and settings.
• Analytics cookies: if you consent, we use Google Analytics to collect anonymized usage data that helps us improve the Service. See Section 5 for how to manage this.
• Microsoft Clarity: behavioral interaction data — mouse movement, clicks, scrolls, page navigation, and an anonymous session ID — captured to understand how users navigate the site. Cookies are only set when you grant analytics consent; otherwise Clarity operates cookielessly using a unique-per-pageview identifier.

3. How We Use Your Information

• To provide, maintain, and improve the Service.
• To create and manage your user account.
• To personalize your experience and content.
• To store and display your card collection and wishlist data.
• To send transactional emails (account confirmations, password resets, security alerts).
• To send marketing communications (only with your separate, explicit consent; you can opt out at any time).
• To analyze usage patterns and improve site functionality.
• To detect, prevent, and address technical issues and security threats.
• To comply with legal obligations.
• To enforce our Terms of Service.

4. How We Share Your Information

TCGMetric does not sell, rent, or trade your personal information to third parties.

We may share information with:

• Service providers: hosting (Microsoft Azure), email delivery (Azure Communication Services), and analytics (Google Analytics, if you consent) — only as necessary to provide the Service, under contractual obligations to protect your data.
• Microsoft Corporation (Microsoft Clarity): United States, behavioral analytics. Cross-border data transfers from the EEA, United Kingdom, and Switzerland to the United States are covered by Microsoft's standard contractual clauses, included as part of the Microsoft Online Services Terms which Microsoft accepts on our behalf when we create a Clarity project.
• Legal compliance: when required by law, court order, subpoena, or government request.
• Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to users.
• With your consent: when you explicitly authorize sharing.

5. Cookies and Tracking Technologies

Essential cookies are required for basic site functionality (login sessions, security tokens). These cannot be disabled.

Analytics cookies. TCGMetric may use Google Analytics to understand how visitors interact with the site. Google Analytics uses cookies to collect anonymized information including pages visited, time spent, and referral sources. Google Analytics data is processed by Google LLC. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, or by declining analytics in our cookie consent banner. For more information on how Google uses data from partner sites, visit Google's partner sites policy.

Microsoft Clarity. We partner with Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve the Service. Website usage data is captured using first-party and third-party cookies and other tracking technologies to determine the popularity of features and to diagnose usability issues. We do not share Clarity data with Microsoft Advertising; the ad_Storage consent signal is permanently denied for all users. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Clarity cookies are only set after you accept analytics cookies in our consent banner. The full cookie list:

If you decline cookies (choose "Essential Only" in our consent banner), Clarity continues to operate in cookieless mode: it records anonymized behavioral data using a unique-per-pageview identifier that cannot be linked across sessions. None of the cookies above are set.

How to manage cookies. Most web browsers allow you to control cookies through browser settings. Disabling essential cookies may impair site functionality.

6. Data Security

TCGMetric implements reasonable administrative, technical, and physical security measures to protect personal information, including:

• Encryption of data in transit (TLS/SSL).
• Encryption of sensitive data at rest.
• Argon2id salted hashing of passwords (passwords are never stored in plaintext).
• Access controls limiting access to personal data.
• Regular security assessments and prompt patching of known vulnerabilities.

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

7. Data Retention

• Account data (email, display name, hashed password): retained while your account is active; deleted within 30 days of your account deletion request.
• Collection and wishlist data: deleted within 30 days of account deletion request.
• Date of birth for blocked registrations (users under 13): deleted immediately after the registration is denied.
• Analytics data: retained in anonymized/aggregated form for up to 26 months.
• Server logs: retained up to 12 months for security and debugging purposes.
• Consent records: retained for the duration required by applicable law (minimum 3 years).
• Backup residual copies: automatically purged within 90 days of deletion from production systems.
• Microsoft Clarity data: session replay recordings are retained for 30 days; aggregated click and heatmap data is retained for 13 months. Sessions that we explicitly label or favorite in the Clarity dashboard are retained for 13 months. Data is permanently deleted from Microsoft servers, including backups, after the retention period and cannot be recovered.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Right to access: request a copy of the personal information we hold about you.
• Right to correction: request correction of inaccurate personal information.
• Right to deletion: request deletion of your personal information and account.
• Right to data portability: request your data in a structured, machine-readable format.
• Right to opt out: opt out of marketing communications at any time via unsubscribe links or account settings.
• Right to opt out of sale/sharing: TCGMetric does not sell personal information. If this changes, we will provide a "Do Not Sell or Share My Personal Information" mechanism.

California Residents

Under the California Consumer Privacy Act (CCPA/CPRA), you have additional rights including the right to know what personal information is collected, disclosed, or sold; the right to delete; the right to opt-out of sale; and the right to non-discrimination for exercising your rights.

Oklahoma Residents

Beginning January 1, 2027, the Oklahoma Consumer Data Privacy Act provides rights to access, correct, delete, and port your data, and to opt out of targeted advertising and data sales. We will honor those rights when the law takes effect.

9. Children's Privacy (COPPA Compliance)

TCGMetric is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13.

We use a neutral date-of-birth verification during account registration to determine user age. If a user indicates they are under 13, account creation is blocked and any information entered during the registration process is not stored.

If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as promptly as possible.

Parents or guardians who believe their child under 13 has provided personal information to TCGMetric should contact us at privacy@tcgmetric.com. We will promptly investigate and delete any such information.

Users between the ages of 13 and 17 may create accounts but are encouraged to do so with parental or guardian knowledge and oversight.

10. Do Not Track Signals

TCGMetric currently does not respond to "Do Not Track" (DNT) browser signals. There is no industry-wide standard for DNT compliance at this time. If a standard is adopted in the future, we will update this Policy accordingly. You can still opt out of analytics via our cookie consent banner.

11. International Users

If you are accessing TCGMetric from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where our servers are located. By using TCGMetric, you consent to the transfer of your information to the United States.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland: our legal basis for processing your personal information is legitimate interest (providing and improving our Service) and, where applicable, your consent. You have additional rights under the GDPR including the right to lodge a complaint with your local supervisory authority.

If you access the Service from the European Economic Area (EEA), the United Kingdom, or Switzerland, Microsoft Clarity automatically operates in Consent Mode for your session. No Clarity analytics cookies are set until you explicitly grant consent through our cookie banner. Cross-border data transfers from these regions to the United States (where Microsoft processes Clarity data) are covered by Microsoft's standard contractual clauses as part of the Microsoft Online Services Terms.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days advance notice via email to registered users and/or a prominent notice on the website. The "Last Updated" date at the top of this Policy will be revised. Continued use of TCGMetric after the effective date of changes constitutes acceptance of the updated Policy.

13. Contact Information

TCGMetric
Mailing address: [PO Box - address pending], Oklahoma, USA
Email: privacy@tcgmetric.com

For privacy-related inquiries, data access requests, or to report a concern about a child's privacy, please email privacy@tcgmetric.com.