DeckHunter App - Privacy Policy
Last Updated: June 20, 2025
Linking Lotus Ltd ("us", "we", or "our") operates the DeckHunter mobile application (the "App"). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our App and the choices you have associated with that data.
We use your data to provide and improve the App. By using the App, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
1. Data Controller
Linking Lotus Ltd, an Irish registered company, is the data controller for the personal data collected through the DeckHunter App.
Our contact email for privacy concerns is: Support@deckhunter.app
2. Information We Collect
We collect several different types of information for various purposes to provide and improve our App to you.
2.1. Personal Data Provided Directly by Users:
When you create an account or use certain features of the App, you provide us with:
- Account Information:
- Email Address: Used for account verification, password resets, and essential communications.
- Username: Your chosen identifier within the App.
- Password: Stored securely (encrypted). We do not have access to your raw password.
- Optional Profile Information (for Trade Features): If you choose to use the trade binder feature, you have the option to provide:
- Instagram Handle: Your Instagram username.
- Discord Handle: Your Discord username.
- Area: Your general location (Country, County/State, City).
Please note: This optional profile information (Instagram/Discord handles and Area) will be publicly visible to other DeckHunter users when you list cards in your trade binder, for the purpose of facilitating contact outside the App for trading discussions. You control whether to provide this information.
- Customer Support Information: If you contact our support team at Support@deckhunter.app, we collect your email address, username, and the details of your query to respond to your request and resolve any issues.
- Subscription Status: We receive information from Apple App Store and Google Play Store regarding your subscription status (e.g., active, expired, renewal date) to grant you access to premium features. We do not receive your payment details.
2.2. Data Collected Automatically (Anonymized/Pseudonymous):
We collect limited automated data to monitor and improve the App's performance and stability:
- Firebase Crashlytics Data: We use Firebase Crashlytics to collect anonymized crash reports and app performance data. This includes information about the app version, device operating system version, unique installation UUIDs (pseudonymous), and crash traces. This data helps us identify and fix bugs and improve the overall stability of the App. This data does not directly identify you.
- No Other Automated Data Collection: We do not collect device identifiers, precise usage data beyond crash reports, precise or approximate location data (other than your user-inputted area), cookies, or advertising identifiers.
2.3. Information from Third Parties:
- App Stores (Apple/Google): As mentioned above, we receive subscription status information from them. They handle your payment data directly and do not share it with us.
- TCGplayer/Cardmarket: We only receive card pricing data from these services; no personal data about users is shared with us from TCGplayer or Cardmarket.
3. Purpose of Data Collection and Legal Basis for Processing (GDPR)
We process your personal data for the following purposes, relying on the specified legal bases under GDPR:
| Purpose of Processing | Types of Data Processed | Legal Basis for Processing (GDPR) |
|---|---|---|
| To Provide & Maintain the App: | Email, Username, Password, Subscription Status | Contractual Necessity (to fulfill our agreement with you) |
| To Manage Your Account: | Email, Username, Password | Contractual Necessity |
| To Process Subscriptions & Payments: | Subscription Status (from App Stores) | Contractual Necessity (to confirm access to premium features) |
| To Enable Trading Features: | Optional Instagram/Discord Handle, Area | Legitimate Interests (to provide an enhanced trading feature that users opt-in to, without overriding your fundamental rights/freedoms) and/or Consent (implied by user explicitly providing optional public data) |
| To Communicate with Users: | Email, Username, Support Query Details | Contractual Necessity (for essential service updates); Legitimate Interests (for customer support, addressing inquiries) |
| To Improve App Performance & Fix Bugs: | Anonymized Crashlytics Data | Legitimate Interests (to improve and optimize the App for all users) |
| For Security Purposes: | Email, Username, Password (hashed) | Legitimate Interests (to protect our services and users from fraud and unauthorized access) |
| To Comply with Legal Obligations: | Potentially all data categories | Legal Obligation (e.g., maintaining records for tax or legal compliance) |
4. Data Sharing and Disclosure
We share your personal data only in the following circumstances:
- With Your Consent: For the optional Instagram/Discord handle and Area, you explicitly consent to this information being publicly visible to other DeckHunter users when you use the trade binder feature.
- With Third-Party Service Providers: We use third-party companies and individuals to facilitate our App ("Service Providers"), to provide the App on our behalf, to perform App-related services, or to assist us in analyzing how our App is used.
- Google Cloud Platform: Your primary account data, including your email, username, and any optional profile information (Instagram/Discord handles, Area), and trade binder data is hosted and processed on Google Cloud Platform servers. Google acts as our data processor.
- Firebase Crashlytics: Anonymized crash reports and app performance data are shared with Firebase Crashlytics to help us identify and resolve issues.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
- App Stores (Apple/Google): They process subscription payments. We receive only subscription status from them.
- Legal Requirements: We may disclose your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation (e.g., subpoena or court order).
- Protect and defend the rights or property of Linking Lotus Ltd.
- Prevent or investigate possible wrongdoing in connection with the App.
- Protect the personal safety of users of the App or the public.
- Protect against legal liability.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
- No Sale of Personal Data: We do not sell your personal data to any third parties.
5. Data Retention
We retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, or as required by law.
- Account Data (Email, Username, Password, Optional Handles/Area): We retain this data for as long as your account is active. Once you initiate account deletion through the App, all associated personal data in your user collection in Firebase will be irreversibly destroyed as soon as technically feasible (typically within 24-48 hours).
- Subscription Data: We retain subscription status information for the duration of your subscription and for a period of up to 3 years after cancellation for auditing and billing reconciliation purposes.
- Customer Support Communications: We retain records of your customer support inquiries for up to 2 years after resolution to assist with future queries and improve our services, unless a longer retention period is required for legal purposes.
- Legal Obligations: We may retain certain data for longer periods if required by law (e.g., tax records related to subscriptions are typically retained for 7 years in Ireland).
6. Data Security
The security of your data is important to us. We rely on the robust security measures provided by Google Cloud Platform and Firebase to protect your Personal Data. These include:
- Encryption of data in transit and at rest.
- Strict access controls and authentication mechanisms.
- Regular security audits and compliance certifications maintained by Google.
While we strive to use commercially acceptable means to protect your Personal Data, no method of transmission over the Internet or method of electronic storage is 100% secure.
Data Breach Response: In the unlikely event of a data breach, we have a plan in place to address it. We will notify the Irish Data Protection Commission (DPC) within 72 hours of becoming aware of the breach, where required by GDPR. We will also inform affected users without undue delay if the breach poses a high risk to their rights and freedoms, through in-app notifications and/or email.
7. International Data Transfers (GDPR)
As Linking Lotus Ltd is based in Ireland, any transfer of your Personal Data outside the European Economic Area (EEA) is subject to GDPR rules. We use Google Cloud Platform and Firebase as our service providers, whose servers may be located outside the EEA (e.g., in the United States).
To ensure that your data remains protected when transferred internationally, we rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards implemented by Google, acting as our data processor. These mechanisms are designed to provide a level of data protection equivalent to that offered within the EEA.
8. Your Data Protection Rights Under GDPR
In accordance with the General Data Protection Regulation (GDPR), you have the following data protection rights. To exercise any of these rights, please contact us at Support@deckhunter.app unless otherwise specified below. We will respond to your request within one month. We may need to verify your identity (using your email address and username) before fulfilling your request.
- The Right to Access: You have the right to request copies of your personal data.
- The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete. You can update your email or username by contacting support.
- The Right to Erasure ("Right to be Forgotten"): You have the right to request that we erase your personal data, under certain conditions. You can exercise this right for your core account data by using the in-app account deletion feature.
- The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, in a structured, commonly used, machine-readable format, under certain conditions.
- The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions (e.g., processing based on legitimate interests, if applicable). As we do not engage in direct marketing, this right is primarily relevant to data processed under legitimate interests like analytics.
Rights related to automated decision-making and profiling: We do not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.
9. Children's Privacy
Our App is not directed to individuals under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you become aware that your child has provided us with Personal Data, please contact us at Support@deckhunter.app. If we become aware that we have collected Personal Data from children under 13 without verification of parental consent, we will take steps to delete that information promptly and terminate the child's account.
10. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via an in-app notification and/or a prominent notice on our website, prior to the change becoming effective, and update the "Last Updated" date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. We will provide at least 15 days' notice before any material changes take effect.
11. Contact Information for Privacy Concerns
If you have any questions about this Privacy Policy or wish to exercise any of your data protection rights, please contact us:
- By email: Support@deckhunter.app
Right to Lodge a Complaint with a Supervisory Authority:
You also have the right to lodge a complaint with the Data Protection Commission (DPC), the supervisory authority in Ireland, if you believe your data protection rights have been infringed.
Data Protection Commission Contact Details:
- Website: www.dataprotection.ie
- Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
- Email: info@dataprotection.ie