Privacy Policy

Last updated: November 24, 2025

Privacy at a Glance

✓ We collect:

  • Email, display name (account basics)
  • Decks and collections you create
  • Basic usage data

✗ We don't:

  • Use advertising or cross-site tracking cookies
  • Sell your data to third parties
  • Track you across other websites

We use essential cookies for authentication and security, plus optional analytics cookies (with your consent) to improve the platform. Read the full details below.

Riftbinder ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at riftbinder.com.

By using Riftbinder, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Display name (if provided)
  • Profile picture (if provided via Google OAuth)
  • Authentication credentials (securely managed by Firebase Authentication)

User-Generated Content

When you use our platform, we store:

  • Deck lists and deck names you create
  • Card collection data you manage
  • Images you upload for AI card scanning
  • User preferences and settings

Important: Only upload images of Riftbound cards. Do not upload images containing faces of identifiable people or any biometric data. We are not responsible for processing biometric data that you upload in violation of these terms.

Usage Information

We automatically collect certain information about your device and how you interact with our platform:

  • IP address and general location
  • Browser type and version
  • Device information
  • Pages visited and features used
  • Date and time of access

Cookies and Similar Technologies

What Are Cookies?

Cookies are small text files stored on your device that help websites function properly and provide information to website owners.

Cookies We Use

Riftbinder currently uses only strictly necessary cookies required for the platform to function. These cookies cannot be disabled without preventing the platform from working properly.

Cookie CategoryPurpose
Session & AuthenticationMaintains your logged-in state and verifies your identity across requests
Security & ProtectionProtects against cross-site request forgery (CSRF) attacks and unauthorized access
User PreferencesRemembers that you acknowledged our cookie notice to prevent repeated prompts

These cookies are stored for varying periods depending on their purpose: security cookies expire within a short timeframe, while authentication and preference cookies may persist for longer periods to maintain your session and remember your choices.

Analytics and Tracking

With your explicit consent, we use Firebase Analytics (provided by Google) to understand how users interact with Riftbinder and improve the platform.

What data is collected:

  • Page views and navigation patterns
  • Device information (browser type, operating system, screen resolution)
  • Approximate geographic location (country/city level, not precise location)
  • Session duration and engagement metrics
  • Feature usage and interaction data

How we use this data:

  • Understand which features are most valuable to users
  • Identify and fix technical issues
  • Improve user experience and platform performance
  • Make informed decisions about feature development

What we DON'T do:

  • Track you across other websites (no cross-site tracking)
  • Serve targeted advertisements
  • Sell your data to third parties
  • Collect personally identifiable information without your account registration

You have full control: When you first visit Riftbinder, you'll see a cookie consent banner where you can choose to accept or reject analytics cookies. If you reject, no analytics data will be collected. Your choice is remembered for one year.

Managing Cookies

Essential cookies (authentication, security) are strictly necessary for the platform to function and cannot be disabled. If you disable these through your browser settings, you may not be able to access your account or use core features.

Analytics cookies are optional. You can accept or reject them when you first visit Riftbinder via the cookie consent banner. Your preference is stored for one year. To change your preference, you'll need to clear your cookies and revisit the site.

How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and maintain our service:To enable core features like deck building, collection management, and user authentication
  • Improve user experience:To understand how users interact with our platform and make improvements
  • Communication:To send important service updates, security alerts, and respond to your inquiries
  • Security:To protect against fraud, abuse, and security threats
  • Subscription management:To process payments and manage subscription tiers
  • Legal compliance:To comply with applicable laws and regulations

Third-Party Services

We use the following third-party services that may collect or process your data:

Firebase (Google Cloud Platform)

We use Firebase services for authentication, database, storage, and hosting. Firebase may collect and process data according to Google's Privacy Policy.

Google Privacy Policy →

Stripe

We use Stripe for payment processing. Stripe collects and processes payment information according to their privacy policy. We do not store your full payment card details.

Stripe Privacy Policy →

Resend (Email Service)

We use Resend for sending transactional emails (account notifications, subscription confirmations, password resets). Resend processes your email address according to their privacy policy. We do not use Resend for marketing emails without your explicit consent.

Resend Privacy Policy →

Google Cloud Vision AI and Gemini Models

We use Google Cloud Vision AI and Gemini models to power our AI Card Scanner feature. When you upload or capture images of Riftbound cards:

  • What we extract: Card ID, card name, and confidence scores for identification purposes only
  • Processing: Images are processed in real-time using Google's AI services and immediately deleted after analysis
  • No storage: We do not store your uploaded images—they are discarded as soon as card data is extracted
  • No training: Your images are not used for AI model training by Google or Riftbinder
  • Security: All processing is subject to Google Cloud's enterprise-grade privacy and security standards

Legal Basis (GDPR Article 6): We process images based on your consent and as necessary to fulfill our contract to provide the AI scanning service you requested.

Google Cloud Privacy Notice →

Riot Games API

We retrieve card data and assets from Riot Games' official API. We do not share your personal information with Riot Games unless you explicitly connect your Riot account (Riot Sign-On feature, planned for future releases).

Data Security

We implement industry-standard security measures to protect your personal information.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we are committed to transparency and prompt notification in compliance with applicable laws (including GDPR Article 33 and 34).

Our breach notification process includes:

  • Notification to supervisory authorities within 72 hours of becoming aware of the breach (as required by GDPR)
  • Direct notification to affected users via email and an in-platform banner
  • Clear description of the nature of the breach, categories of data affected, and potential consequences
  • Information about measures taken to address the breach and mitigate harm
  • Recommended actions you can take to protect yourself

We maintain detailed incident response procedures and conduct regular security assessments to minimize the risk of data breaches.

Your Rights and Choices

Depending on your location, you may have the following rights:

Access and Portability

You have the right to access the personal data we hold about you and request a copy in a portable format.

Correction

You can update your account information at any time through your profile settings.

Deletion

You have the right to request deletion of your account and associated data. Note that we may retain certain information as required by law or for legitimate business purposes.

Objection and Restriction

You may object to certain types of processing or request that we restrict how we use your data.

To exercise any of these rights, please contact us at info@riftbinder.com

GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to be informed about data collection and use
  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making and profiling

Legal Grounds for Processing

We process your personal data based on the following legal grounds:

  • Contract: Processing necessary to provide our services
  • Legitimate interests: To improve our platform and prevent fraud
  • Consent: When you explicitly agree (e.g., for optional features)
  • Legal obligation: To comply with applicable laws

Automated Decision-Making and AI Processing (GDPR Article 22)

Our AI Card Scanner uses automated processing to identify Riftbound cards from uploaded images. This automated decision-making:

  • Analyzes images to extract card IDs and names using Google Cloud Vision AI and Gemini models
  • Provides confidence scores for each identified card
  • Does not produce legal effects or similarly significantly affect you
  • Requires your review and confirmation before cards are added to your collection

Your Rights: You have the right to manually review all AI-identified cards, contest any automated results, and request manual card entry instead of using the AI scanner. The AI serves as a convenience tool—all final decisions about your collection remain under your control.

CCPA Compliance (California Residents)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your California Privacy Rights

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, as well as the categories of sources, purposes for collection, and third parties with whom we share information.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information to third parties. If this changes in the future, we will provide you with notice and the ability to opt-out.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
  • Right to Correct: You have the right to request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes other than those permitted by law.

Categories of Personal Information We Collect

In the preceding 12 months, we have collected the following categories of personal information:

  • Identifiers (email address, username, IP address)
  • Commercial information (subscription tier, payment history)
  • Internet or network activity (pages visited, features used)
  • User-generated content (decks, collections, uploaded images)

How to Exercise Your Rights

To exercise your California privacy rights, please contact us at info@riftbinder.com with the subject line "California Privacy Request". We will verify your identity before processing your request and respond within 45 days.

Children's Privacy

Riftbinder is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to:

  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements
  • Maintain security and prevent fraud

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it by law.

International Data Transfers

Your data may be transferred to and stored on servers located outside your country of residence. We use Firebase (Google Cloud Platform), which may store data in various regions globally.

These international transfers are protected by appropriate safeguards, including:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission
  • EU-US Data Privacy Framework (2023) compliance
  • Google Cloud Platform's GDPR compliance mechanisms and certifications
  • Appropriate technical and organizational security measures

For more information about Google's data protection practices, please visit their GDPR Resource Center.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top

You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Riftbinder isn't endorsed by Riot Games and doesn't reflect the views or opinions of Riot Games or anyone officially involved in producing or managing Riot Games properties. Riot Games, and all associated properties are trademarks or registered trademarks of Riot Games, Inc.

Riftbinder

Your comprehensive platform for Riot Games' Riftbound TCG.

© 2025 Riftbinder v1.6.35. All rights reserved.

Riftbinder isn't endorsed by Riot Games and doesn't reflect the views or opinions of Riot Games or anyone officially involved in producing or managing Riot Games properties. Riot Games, and all associated properties are trademarks or registered trademarks of Riot Games, Inc.

We use cookies to improve your experience. Learn more