Matchly TCG

Privacy Policy

Last updated: May 11, 2026

1. Introduction

Matchly TCG ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our marketplace platform located at <strong>matchlytcg.com</strong> (the "Platform").

We process your personal data in accordance with the <strong>Lei Geral de Proteção de Dados Pessoais (LGPD) — Law No. 13,709/2018</strong> of Brazil. By using the Platform, you agree to the practices described in this policy.

2. Data Controller

The data controller responsible for your personal data is Matchly TCG. If you have any questions about this policy or wish to exercise your data subject rights, please contact us at:

  • Email: <strong>privacy@matchlytcg.com</strong>

3. What Data We Collect

3.1 Information You Provide Directly

  • <strong>Account Data:</strong> full name, username, email address, phone number, and password when you create an account.
  • <strong>Profile Data:</strong> avatar image, biography, social links, and preferences you choose to share.
  • <strong>Store Data:</strong> store name, description, logo, banner images, product listings, and pricing information.
  • <strong>Payment Data:</strong> when you make a purchase or sell cards, transaction details are processed through Stripe. We do not store full credit card numbers on our servers.
  • <strong>Communications:</strong> messages you send through our platform and correspondence with our support team.

3.2 Information Collected Automatically

  • <strong>Usage Data:</strong> pages visited, time spent, clicks, and interactions with the Platform.
  • <strong>Device Data:</strong> IP address, browser type, operating system, and device identifiers.
  • <strong>Cookies & Similar Technologies:</strong> we use cookies and local storage for authentication, session management, and preferences. See our Cookie Policy below.

3.3 Third-Party Data

  • <strong>Google OAuth:</strong> if you sign up via Google, we receive your name, email address, and Google profile ID.
  • <strong>Stripe:</strong> payment status, transaction amounts, and billing information necessary to process payments.

4. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account and profile.
  • To facilitate buying, selling, and trading of TCG cards on the marketplace.
  • To process payments through Stripe and manage subscriptions.
  • To store and serve images via AWS S3 (e.g., card images, avatars, store banners).
  • To communicate with you about transactions, support requests, and platform updates.
  • To improve and personalize the Platform experience.
  • To detect, prevent, and address fraud, abuse, or violations of our Terms of Service.
  • To comply with legal obligations and regulatory requirements.

5. Legal Basis for Processing (LGPD)

Under the LGPD, we process your data based on the following legal grounds:

  • <strong>Consent (Art. 7, I):</strong> when you agree to our use of cookies and accept this Privacy Policy.
  • <strong>Contract Performance (Art. 7, V):</strong> to provide the services you request, including account creation, transactions, and marketplace functionality.
  • <strong>Legal Obligation (Art. 7, II):</strong> to comply with applicable laws, tax regulations, and court orders.
  • <strong>Legitimate Interest (Art. 7, IX):</strong> for fraud prevention, platform security, and service improvement.

6. Data Sharing and Third Parties

  • <strong>Stripe:</strong> payment processing. Your payment data is handled directly by Stripe under their privacy policy. We receive only transaction status and references.
  • <strong>AWS S3:</strong> image and file storage. Uploaded media files are stored on Amazon Web Services S3 servers located in South America (sa-east-1).
  • <strong>Google:</strong> authentication via OAuth 2.0. We only receive basic profile information you authorize.
  • <strong>Resend / AWS SES:</strong> transactional email delivery (verification, notifications).
  • We <strong>do not sell</strong> your personal data to third parties.
  • We may disclose data if required by law or to protect our legal rights.

7. International Data Transfers

Your data may be transferred to and processed in countries other than Brazil, including the United States (Stripe, AWS). We ensure adequate protection mechanisms are in place, including standard contractual clauses and compliance with LGPD cross-border transfer requirements (Art. 33).

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. After account deletion, we retain data for up to <strong>90 days</strong> for legal and fraud prevention purposes, after which it is securely deleted or anonymized.

9. Your Rights (LGPD)

As a data subject under the LGPD, you have the right to:

  1. <strong>Confirmation (Art. 18, I):</strong> confirm whether we process your data.
  2. <strong>Access (Art. 18, II):</strong> access your personal data.
  3. <strong>Correction (Art. 18, III):</strong> correct incomplete, inaccurate, or outdated data.
  4. <strong>Anonymization / Blocking (Art. 18, IV):</strong> request anonymization, blocking, or deletion of unnecessary data.
  5. <strong>Deletion (Art. 18, VI):</strong> request deletion of data processed with your consent.
  6. <strong>Portability (Art. 18, V):</strong> request data portability to another service provider.
  7. <strong>Withdraw Consent (Art. 8, §5):</strong> withdraw consent at any time without affecting lawful processing before withdrawal.
  8. <strong>Review Automated Decisions (Art. 20):</strong> request review of decisions made solely on automated processing.

To exercise these rights, contact us at <strong>privacy@matchlytcg.com</strong>. We will respond within 15 business days as required by law.

10. Cookie Policy

We use cookies and similar technologies to enhance your experience. You can control cookie preferences through our cookie banner.

Types of Cookies We Use

  • <strong>Essential Cookies:</strong> required for authentication, session management, and platform functionality. These cannot be disabled.
  • <strong>Preference Cookies:</strong> remember your settings, language, and theme preferences.
  • <strong>Analytics Cookies:</strong> help us understand how you use the Platform to improve our services.

You can change your cookie preferences at any time via the cookie banner settings.

11. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS 1.3), encrypted storage, access controls, and regular security audits. However, no method of transmission over the Internet is 100% secure.

12. Children's Privacy

The Platform is not directed to individuals under 13 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on the Platform. Your continued use after changes take effect constitutes acceptance of the updated policy.

14. Contact

If you have questions, concerns, or wish to exercise your LGPD rights, contact our Data Protection Officer:

  • Email: <strong>privacy@matchlytcg.com</strong>

We use cookies to improve your experience, authenticate users, and analyze platform usage. By clicking "Accept All," you consent to our use of cookies. See our Privacy Policy for details.