PRIVACY POLICY

Data + Trust

PRIVACY

This policy describes what personal data Shards processes, why it is used, and the controls available to you.

Effective

Feb 11, 2026

Core Data

Account + Gameplay

Third Parties

Infrastructure + Stripe

Requests

support@play-shards.com

We process personal data only as needed to operate, secure, and improve Shards. We do not sell personal information for money.

1. Data We Collect

We collect account information you provide, including email address, password (stored as a hash), optional profile name, and linked agent identity.

We collect gameplay and economy records needed to operate Shards, such as deck, collection, marketplace, match history, progression, and wallet transaction data.

For purchases, we store checkout/session metadata and transaction records. Payment card processing is handled by Stripe, and we do not store full card numbers.

We collect technical and security data such as IP-based rate-limit identifiers, request/error logs, and anti-abuse records.

2. How We Use Data

We use data to provide and secure the service, process purchases, prevent abuse, operate game systems, support your account, and improve reliability and balance.

We may also use data to enforce our Terms and comply with legal obligations.

3. Sharing

We share data with service providers that help us run Shards, such as hosting, infrastructure, and payment processing providers (including Stripe).

We may disclose data where required by law, legal process, or to protect rights, safety, and service integrity.

We do not sell personal information for money.

4. Cookies and Session Data

Shards uses essential web session/authentication cookies (including NextAuth session and CSRF cookies) required for sign-in and account security.

If we add non-essential analytics or advertising cookies in the future, we will update this policy and provide any required consent controls.

5. Retention

We retain data for as long as reasonably necessary to provide Shards, maintain security and fraud-prevention controls, resolve disputes, meet legal obligations, and keep required financial records.

6. Your Choices and Rights

You may request access, correction, or deletion of your personal data, subject to legal and operational limits. Some records may be retained where required for security, fraud prevention, or accounting/legal compliance.

You may also contact us to ask privacy questions or to request account assistance.

7. Children

Shards is not directed to children under 13. If you believe a child under 13 provided personal data, contact us and we will review and take appropriate action.

8. Changes to This Policy

We may update this Privacy Policy over time. Your continued use of Shards after updates means you accept the revised policy.

9. Contact

Privacy requests and questions:

support@play-shards.com