Privacy Policy

Overview

Zwipe is a Magic: The Gathering deck builder for mobile. This policy describes what data we collect, how we use it, and your rights.

Data We Collect

• Account data — email address, username, and a hashed password (never stored in plaintext).
• Deck data — the decks and card selections you create within the app.
• Session data — authentication tokens stored securely on your device.

We do not collect location data, device identifiers, analytics, or any data beyond what is required to operate the app.

How We Use Your Data

• To authenticate your account and maintain sessions.
• To store and sync your decks across devices.
• To send transactional emails (email verification, password reset).

We do not sell, share, or use your data for advertising or analytics.

Third-Party Services

• Scryfall — card data (names, images, oracle text) is sourced from the Scryfall API and stored on our servers. Your account data is never shared with Scryfall.
• Resend — transactional email delivery (verification and password reset emails). Your email address is passed to Resend solely to deliver these messages.

Data Retention

Your data is retained as long as your account exists. You can delete your account at any time from within the app, which permanently removes all associated data.

Security

Passwords are hashed with argon2. Refresh tokens are SHA-256 hashed before storage. All traffic is encrypted in transit via HTTPS. We do not have access to your plaintext password.

Children

Zwipe is not directed at children under 13. We do not knowingly collect data from children under 13.

Contact

Questions or requests? Join the Discord for support.