Privacy Policy

1. Who We Are

TCG Snoop is an Australian-operated price comparison service for trading card game singles. This policy explains what data we collect, how we use it, and the choices you have. We aim to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

2. Information We Collect

You give us this directly:

• Account data — email address, display name, and password (passwords are hashed and stored by Supabase Auth; we never see them).
• User content — store reviews, decklists, wishlists, and price alerts you create.
• Store submissions — if you submit or claim a store listing, we collect the contact details and business information you provide.
• Support enquiries — anything you send us by email.

We collect this automatically when you use the site:

• Usage data — pages viewed, searches run, links clicked, referrer, device type, browser, and general location (country/region) derived from IP address. We do not store full IP addresses long-term.
• Cookies and similar technologies — see section 5.
• Advertising identifiers — only if you allow marketing cookies (Meta Pixel, Reddit Pixel, Google Ads). See section 5.

3. How We Use Your Information

• To operate, secure, and improve the site
• To return relevant price comparison results
• To send transactional emails (account, verification, password reset)
• To send marketing emails if you have opted in (you can unsubscribe at any time)
• To measure site performance, ad performance, and content effectiveness
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations

4. Third-Party Services

We use the following third parties to run the site. Each has access only to the data they need to perform their function and is bound by their own privacy policy:

• Vercel (US) — hosting and privacy-respecting site analytics (Vercel Analytics, no third-party cookies).
• Supabase (US) — database hosting for card, price, and account data; authentication (Supabase Auth).
• Railway (US) — background scraper infrastructure that ingests public retailer prices.
• Google (US) — Google Tag Manager, Google Analytics 4, and Google AdSense for ad delivery and measurement.
• Meta Platforms (US) — Meta (Facebook) Pixel for ad delivery and measurement if you allow marketing cookies.
• Reddit (US) — Reddit Pixel for ad delivery and measurement if you allow marketing cookies.
• MailerLite (EU) — email delivery for product updates and marketing communications (account creation and double opt-in).
• Anthropic (US) — AI model used in our editorial content tools. No personal user data is sent to Anthropic; only public card and article metadata.
• Shopify (Canada / global) — if you connect a store, we exchange order and inventory data with Shopify subject to your separate Shopify merchant agreement.

We do not sell your personal information. We do share data with advertising platforms (Google, Meta, Reddit) for ad measurement and retargeting purposes when you have allowed marketing cookies.

5. Cookies, Pixels, and Your Choices

We use cookies and similar technologies in three broad categories. You can change your choice at any time via the button below.

You can also block cookies via your browser settings. Blocking necessary cookies will prevent login and may break parts of the site.

6. Overseas Disclosure (APP 8)

Several of the providers listed in section 4 are based outside Australia, primarily in the United States and European Union. When we use their services, your data may be stored and processed overseas. Privacy laws in those countries may differ from the Australian Privacy Principles and may not afford the same protections. By using TCG Snoop you acknowledge and consent to this overseas disclosure.

7. Data Retention

• Account data — retained until you request deletion, then removed within 30 days (subject to any legal hold requirements).
• Search and click events — retained for up to 24 months for product analytics.
• Reviews and user content — retained while your account is active. On deletion, your content is removed or anonymised.
• Server logs — retained for up to 30 days for security and debugging.
• Advertising platforms — Google, Meta, and Reddit retain pixel data subject to their own retention policies.

8. Your Rights

You can ask us to access, correct, or delete your personal information at any time. You can also withdraw consent for marketing communications or marketing cookies whenever you like. Email us at support@tcgsnoop.com.au. We will respond within a reasonable period (usually within 30 days).

If you believe we have mishandled your personal information, you can complain to the Office of the Australian Information Commissioner at oaic.gov.au.

9. Children

TCG Snoop is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have, please contact us and we will delete it.

10. Security

We use HTTPS for all traffic. Passwords are hashed by Supabase Auth. Service-role database keys are held server-side only. Despite these measures, no online service is 100% secure, and we cannot guarantee absolute security.

11. External Links

Our site contains links to external retailer websites. We are not responsible for the privacy practices of those sites. Review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this policy from time to time. The “Last updated” date at the top of the page reflects the most recent revision. Material changes will be highlighted on the site or by email where appropriate.

13. Contact

Questions about this policy? Email support@tcgsnoop.com.au.