Your data
Privacy Policy
CastHaven is operated by Tinker Citadel LLC (“we,” “us”). We collect as little as possible and never sell your personal information. This page lists everything we hold, why, who processes it, and the rights you have over it.
Last updated June 13, 2026
What we collect and why
Newsletter signups. If you subscribe, we store your email address, the lists you chose, and the timestamps of when you consented, confirmed, and (if you do) unsubscribed. Nothing is emailed until you confirm — double opt-in.
Community suggestions. When you use a “Suggest a fix” form to propose an archetype correction, we store your suggestion and a one-way hashed form of your IP address. The hash lets us rate-limit abuse without keeping your raw IP.
Security and delivery logs. Our hosting and content providers log IP addresses, request metadata, browser version, and referring page for security, fraud prevention, and reliability. We do not use these to build a profile of you.
Your preferences. Your theme choice (light, dark, rainbow, or system) is saved in your own browser and never sent to us.
Accounts (coming). CastHaven does not offer user accounts yet. When sign-in launches through our authentication provider, we will collect your name, email, and login metadata to operate your account — and this page will say so before that ships.
Cookies and analytics
We use essential first-party storage to remember your preferences. We run no product analytics and no ad trackers today. We plan to add privacy-respecting product analytics in a later phase to learn which pages are useful; before that ships, this page will describe exactly what it records, and we will ask for consent before setting non-essential cookies where the law requires it (for example, in the EU and UK). If we ever run paid ad campaigns, an ad-network cookie may be set to measure their effectiveness — and a future paid subscription will remove display ads entirely.
Affiliate links
Some “Rent” and “Buy” buttons are affiliate links (for example, ManaTraders and eBay). If you follow one and complete a purchase or rental, we may earn a commission, and the partner site records that the visit came from CastHaven. Those partners have their own privacy policies governing what happens once you leave our site.
Card and tournament data
Card names, text, and images come from Scryfall, with artist and copyright credits shown wherever card art appears. Tournament results come from public sources, credited on each page. This is public competitive data about decks and events — not personal information about you.
Providers that process data
We use the following third-party providers, each handling only the data needed for its job. We keep this list current as the stack changes; a fuller subprocessor list is available on request.
| Provider | Purpose | Data |
|---|---|---|
| Vercel | Application hosting | Request and log data, IP |
| Neon | Database hosting | Newsletter and suggestion records |
| Resend | Email delivery | Email addresses, message content |
| Cloudflare | CDN and asset storage | Request data, IP |
| Clerk | Authentication (admin today; accounts later) | Name, email, login metadata |
| Inngest | Background jobs | Job metadata and identifiers |
Editorial articles are drafted with help from third-party AI models, which process public tournament data — not your personal information.
What we never do
We don’t sell your personal information. We don’t share your email address for anyone else’s marketing. We don’t buy data about you to combine with what you’ve given us.
Access and disclosure
No one at Tinker Citadel LLC reads your data except in limited cases — to help with a support request you raised, to fix a failed automated process, to protect the service while investigating abuse, or when required by a valid U.S. legal order. Where we are legally able, we will notify you before disclosing your data. If Tinker Citadel LLC is ever acquired or merges, we will notify you before your personal information becomes subject to a different privacy policy.
Your rights
We apply the same core rights to everyone, wherever you live: to know what we hold, to access a copy, to correct it, to ask us to delete it, to object to or restrict certain processing, to opt out of any sale (we don’t sell), and to not be treated differently for exercising these rights. To make a request, email privacy@tinkercitadel.com. We may need to confirm your identity first, and an authorized agent must provide written permission.
Security, retention, and location
Data is encrypted in transit (SSL/TLS) between your browser and our servers, and backups are encrypted by our providers. We keep information only as long as needed for the purposes above or to meet legal obligations; if you unsubscribe or ask us to delete your record, we remove it from active systems and backups within 60 days. Our infrastructure is based in the United States. If you are in the EU, UK, or elsewhere, your information is transferred to and stored in the U.S.; for EU transfers we rely on Standard Contractual Clauses.
Ages 18 and older
This site is intended for adults aged 18 and older. We do not direct CastHaven to minors under 18, and we do not knowingly collect personal information from anyone under 18.
California residents
California residents have additional rights and disclosures under the CCPA. See our California Notice at Collection for the details.
Changes and contact
We may update this policy to reflect new practices or legal requirements; the “last updated” date above always reflects the current version. Questions or concerns? Email privacy@tinkercitadel.com.