We value your privacy and are committed to transparency in how we handle your data. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is:

Florian Krempl Kleine Pfarrgasse 5 1020 Wien Austria Email: [email protected] Reddit: u/Glumpad

2. What Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (required for authentication)
  • Username (chosen by you)
  • Password (stored encrypted using industry-standard hashing)

2.2 Chat Data

When you use our AI assistants, we collect:

  • Chat messages and questions you send
  • AI responses and interactions
  • Session metadata (timestamps, conversation context)

Note: Chat data is anonymized and used solely to improve the quality of our Magic: The Gathering AI assistants.

2.3 Deck Information

If you use deck management features, we store:

  • Deck names and descriptions
  • Card lists (commander, mainboard, sideboard)
  • Deck metadata (format, primer notes)

2.4 Cookies and Tracking Technologies

We use cookies for:

  • Necessary cookies: Authentication, session management, security (CSRF protection)
  • Functional cookies: User preferences, theme settings, chat history
  • Analytics cookies: Google Analytics (with consent) - page views, user behavior
  • Advertising cookies: Google AdSense (with consent) - ad personalization, conversion tracking

For detailed cookie information, see our Cookie Policy.

3. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract performance: Account creation, authentication, deck management (GDPR Art. 6(1)(b))
  • Legitimate interests: Service improvement, security, fraud prevention (GDPR Art. 6(1)(f))
  • Consent: Analytics and advertising cookies (GDPR Art. 6(1)(a))

4. How We Use Your Data

We use your personal data to:

  • Provide and maintain the Service
  • Authenticate your account and manage sessions
  • Store and manage your deck collections
  • Improve AI assistant responses through anonymized chat analysis
  • Monitor and improve system performance
  • Comply with legal obligations
  • Prevent fraud and ensure platform security

5. Sharing of Data

We do not sell your personal information to third parties.

We share data with third-party service providers only as necessary:

5.1 Google AdSense

  • Purpose: Display personalized advertisements
  • Data shared: Cookie identifiers, browsing behavior (with your consent)
  • Privacy policy: Google Privacy Policy
  • Opt-out: Manage cookie preferences via our cookie banner

5.2 Google Analytics (Future Implementation)

  • Purpose: Analyze website usage and improve user experience
  • Data shared: Anonymized usage statistics, page views
  • Privacy policy: Google Analytics Privacy

5.3 Hosting and Infrastructure

  • Data stored: All user data (accounts, decks, chat history)
  • Location: Servers located in the European Union
  • Security: Industry-standard encryption and access controls

6. Data Retention and Deletion

6.1 Account Data

  • Stored as long as your account is active
  • Deleted within 30 days of account deletion request

6.2 Chat Data

  • Anonymized chat messages are retained indefinitely to improve AI models
  • Cannot be deleted once anonymized (no longer personally identifiable)

6.3 Cookies

  • Session cookies: Deleted when you close your browser
  • Persistent cookies: Expire after 7 days (authentication) or 1 year (preferences)
  • You can delete cookies anytime via browser settings

7. Your Rights Under GDPR

As an EU resident, you have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your account and personal data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw cookie consent anytime via cookie settings

To exercise your rights, contact us at [email protected].

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Passwords encrypted using bcrypt hashing
  • HTTPS/TLS encryption for all data transmission
  • Secure session management with JWT tokens
  • Regular security updates and monitoring
  • Access controls and authentication for database access

9. International Data Transfers

Your data is stored on servers located in the European Union. If we transfer data outside the EU in the future, we will ensure adequate safeguards are in place (e.g., Standard Contractual Clauses, Privacy Shield certification).

10. Children's Privacy

Our Service is not intended for users under 13 years old. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

  • Updated "Effective Date" at the top of this page
  • Email notification (if you have an account)
  • Prominent notice on the website

Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact and Complaints

Questions or Concerns

Contact us at [email protected] or via Reddit at u/Glumpad.

Supervisory Authority

If you believe we have violated your data protection rights, you have the right to lodge a complaint with your local data protection authority:

Austrian Data Protection Authority (Datenschutzbehörde) Website: https://www.dsb.gv.at

Effective Date: December 5, 2024 Last Updated: January 20, 2025

By using Nissa MTG AI Assistant, you acknowledge that you have read and understood this Privacy Policy.