Privacy Policy

Effective March 4, 2026

1. Introduction

Byndr ("we", "us", "our") operates the website at https://byndr.cards and related services. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform.

Byndr is operated by Clemens Huck, based in Germany. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Clemens Huck

Email: mail@c-huck.com

3. Data We Collect

We collect the following categories of personal data:

Account Data

When you register, we collect your email address and, if you use social login (Google, GitHub), your name and profile picture as provided by the authentication provider. Passwords are hashed and never stored in plain text.

Collection Data

Your trading card collection data, including project names, card entries, goals, purchase prices, conditions, and grading information. This data is created and managed entirely by you.

Usage Data

We use Vercel Analytics to collect anonymized, aggregated usage data such as page views, device type, and general geographic region. This data does not identify you personally and does not use cookies for tracking.

Technical Data

Server logs may temporarily store IP addresses, browser type, and request timestamps for security and debugging purposes. This data is automatically deleted after 30 days.

4. Purpose and Legal Basis

We process your data for the following purposes and on the following legal bases under Article 6 GDPR:

Purpose	Legal Basis
Providing the service (account, collection management)	Art. 6(1)(b) — Contract performance
Authentication via Google/GitHub	Art. 6(1)(b) — Contract performance
Usage analytics (anonymized)	Art. 6(1)(f) — Legitimate interest
Security and abuse prevention	Art. 6(1)(f) — Legitimate interest
API key management and rate limiting	Art. 6(1)(b) — Contract performance
Affiliate link tracking (via third-party partners)	Art. 6(1)(a) — Consent (you choose to click)

5. Cookies

Byndr uses only strictly necessary cookies for authentication and session management. These cookies are required for the platform to function and cannot be disabled.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. Your theme preference (light/dark mode) is stored in your browser's local storage, not as a cookie.

6. Third-Party Services

We use the following third-party services to operate Byndr:

Supabase

Database, authentication, and file storage · EU / US

Vercel

Hosting and anonymized analytics · US (Privacy Shield / SCCs)

Google OAuth

Optional social login · US (Privacy Shield / SCCs)

GitHub OAuth

Optional social login · US (Privacy Shield / SCCs)

Where data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure an adequate level of data protection.

7. Data Retention

We retain your personal data only as long as necessary to provide our services or as required by law. Specifically:

Account and collection dataUntil you delete your account

Server logs (IP, requests)30 days

Analytics dataAnonymized, retained indefinitely

API key usage logs90 days after key revocation

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15)

Request a copy of all personal data we hold about you.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete data.

Right to Erasure (Art. 17)

Request deletion of your account and all associated data.

Right to Restriction (Art. 18)

Request that we limit processing of your data.

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format.

Right to Object (Art. 21)

Object to processing based on legitimate interest.

To exercise any of these rights, contact us at mail@c-huck.com. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (TLS/HTTPS), hashed passwords, hashed API keys, row-level security policies on our database, and regular security reviews.

10. Children's Privacy

Byndr is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For significant changes, we will notify registered users by email.

12. Right to Lodge a Complaint

If you believe that our processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

13. Contact

For any questions or concerns about this Privacy Policy or your personal data, please contact us:

Email: mail@c-huck.com

Website: https://byndr.cards