Legal draft
Privacy Policy
Draft privacy policy for BinderPlug, operated by Wyrdbit LLC. Preview pending final owner and attorney review.
Draft — not yet in effect. This is a preview of BinderPlug's privacy policy pending final owner and attorney review. Nothing here is a live policy yet.
Version: privacy-policy-draft-2026-07-05
Effective date: To be set at publication
Operated by: Wyrdbit LLC ("Wyrdbit", "we", "us")
Contents
Summary
This summary is here to help you read the policy. It is not a substitute for the full text below.
- BinderPlug is a mobile app for discovering and coordinating local trading card game trades. It is operated by Wyrdbit LLC.
- We collect what the app needs to work: your email address, a display name, a password (stored only as a hash), your approximate location if you grant permission, your card lists, and your trade activity.
- Location is optional and approximate. The app asks for coarse location only and does not request precise GPS positioning.
- We do not sell personal data, we do not show ads, and the app has no private-message system to read.
- Analytics and crash reporting are configured to avoid personal information: no advertising identifiers, no location lookup from your network address, and no email addresses or names in events.
- Deleting your account anonymizes your personal information. Some anonymized records (like trade and feedback history) are kept so other traders' history stays intact and to prevent abuse.
- Questions or requests: [email protected].
1. Who we are
BinderPlug is operated by Wyrdbit LLC, a California limited liability company. Our mailing address is 31441 Santa Margarita Pkwy, Ste A #8099, Rancho Santa Margarita, CA 92688, USA. You can reach us at:
- General support and privacy requests: [email protected]
- Account deletion requests: [email protected]
- Account access issues: [email protected]
- Security vulnerability reports: [email protected] (see also https://binderplug.app/.well-known/security.txt)
2. What BinderPlug does
BinderPlug helps trading card game collectors discover possible local card trades by comparing wanted cards with cards people are willing to trade, and helps them coordinate a meetup. Trades happen in person, between users, outside the app. This shapes what data we handle: the app works with card lists, approximate proximity, and trade coordination records — not payments, shipping addresses, or private conversations.
3. Information we collect
3.1 Account information
When you create an account we collect:
- Email address — used to sign in, verify your account with a one-time code, and send account-related email (verification codes, password resets).
- Display name — shown to other users. Display names are checked against a content filter at creation.
- Password — stored only as a cryptographic hash (Argon2). We cannot read your password.
When you accept the registration notice, we record the notice version you accepted and the time of acceptance, as evidence of account creation.
Older accounts created before email-based registration may have a phone number on file. New registrations do not collect phone numbers.
3.2 Location (optional, approximate)
If you grant location permission, the app collects your approximate location to rank nearby traders and suggest public meetup spots. Specifics:
- On Android, the app requests coarse location only and explicitly blocks the precise-location permission at the manifest level.
- On iOS, the app requests when-in-use location. The app's own location requests use balanced (reduced) accuracy, not navigation-grade GPS.
- We store your most recent location point and when it was updated, plus your chosen search radius (default 25 km).
- Other users never see your stored location. They see derived information such as distance ranking ("nearby") in discovery surfaces.
- Location permission is optional. You can create an account without it and add or revoke it later in your device settings. Without it, proximity features are unavailable but the rest of the app works.
3.3 Cards, trades, and community activity
- Card lists — the cards you add to your Wishlist and Offer Binder, including printing, condition, and treatment details you select. Card catalog data itself comes from public card databases (see Section 6).
- Trade records — proposals, responses, schedule and meetup-zone negotiation, status changes, and a history log of trade actions.
- Feedback — per-trade ratings and optional comments you exchange with trade partners, and aggregate reputation derived from them.
- Reports — if you report another user (for example for a no-show, harassment, or a suspected scam), we store the report, its category, and its resolution. Reports are visible to us for review, not to other users.
- Share Binder links and saved traders — share codes you generate, and the traders you save.
- Avatar — a selection from the app's built-in icon set. The app does not upload your photos.
- Preferences — the games you're interested in, search radius, units, notification preferences, and privacy preferences (whether to show online status and whether to share stats).
3.4 Device and technical data
- Push notification tokens — if you enable push notifications, we store the token needed to deliver them (via Expo's push service). You can disable push in settings; the token is cleared when you delete your account.
- Device integrity attestation — the app uses Apple App Attest and Google Play Integrity checks during registration to limit automated abuse. We receive and store attestation results and a device-to-account link record — not device contents.
- Server logs — our API keeps operational logs for reliability and abuse prevention. Log fields are designed to mask email addresses and never record passwords or tokens in plain form.
- Local storage on your device — the app stores session tokens, cached data, and settings on your device. This data stays on the device and is removed by uninstalling the app or clearing its storage.
3.5 Analytics and crash reporting
We use two narrowly configured tools:
- PostHog (product analytics), hosted in the EU. We record product events (for example: account created, trade proposed, share link opened) tied to a random account identifier. Configuration: automatic capture is off, session replay is off, location lookup from your network address is disabled, and events must not contain email addresses, names, coordinates, or card values.
- Sentry (crash and error reporting). Reports contain technical error context. Personal information is disabled in the Sentry configuration; our telemetry layer sends presence flags (for example "a trade id was present") instead of raw ids, and never sends emails, phone numbers, tokens, or passwords. We can disable it entirely.
3.6 What we do not collect
- No payment information (the app has no purchases).
- No contacts, photos, camera, or microphone access.
- No precise GPS location.
- No advertising identifiers, and no third-party advertising or tracking SDKs.
- No private messages — BinderPlug has no direct-message or chat system.
4. How we use information
We use the data above to:
- create and secure your account, and sign you in;
- match Wishlists with Offer Binders and rank nearby traders;
- coordinate trades: proposals, schedules, and meetup-zone suggestions;
- deliver notifications you enable;
- show trade partners the reputation signals the community produces (feedback scores, trade counts);
- review reports, enforce our Terms of Service, and prevent fraud, spam, and abuse (including re-registration abuse after bans);
- diagnose crashes and errors, and understand aggregate product usage;
- comply with legal obligations.
We do not sell personal data, rent it, or share it with advertisers or data brokers. We do not use your data to train AI models.
5. What other users can see
BinderPlug is a trading community, so some information is visible to other users by design:
- your display name, avatar, and trust/reputation level;
- your Offer Binder and Wishlist contents in discovery and trade surfaces, and in any Share Binder link you generate (share links can be revoked, and web share pages are excluded from search-engine indexing);
- your feedback scores, trade statistics, and feedback comments on completed trades;
- approximate proximity (for example, that you are within a chosen radius) — never your stored location itself;
- online status and stats, subject to your privacy preferences.
6. Service providers
We share data with providers only as needed to run BinderPlug:
| Provider | What it does | What it handles |
|---|---|---|
| Render | Hosts our API and database | All server-side data described above |
| Postmark | Sends transactional email | Your email address and message content (codes, resets) |
| Expo (EAS) | App builds and push delivery | Push tokens and notification payloads |
| Sentry | Crash and error reporting | Technical error data as scoped in 3.5 |
| PostHog (EU) | Product analytics | Event data as scoped in 3.5 |
| Cloudflare | DNS and bot protection (Turnstile) on our website forms | Web request metadata on binderplug.app |
| Google Workspace | Our support mailboxes | Email you send to our addresses |
| Google Maps / Places | Meetup-zone suggestions | Place queries the server makes; suggestions are "powered by Google" |
| Apple / Google | Device integrity attestation | Attestation tokens and verdicts |
Card catalog data comes from public card databases (Scryfall for Magic: The Gathering, the Pokémon TCG API for Pokémon cards). Requests for catalog data go through our servers; these providers do not receive your account information.
7. Retention and deletion
Your data is retained while your account exists. When you delete your account (in the app, or via [email protected] after we verify control of the account email):
- your display name, email, phone (if any), avatar, location, push token, and game preferences are anonymized or cleared immediately;
- your password hash is replaced so the account can never be signed into;
- your sign-in sessions are revoked and Share Binder links are deactivated;
- your card lists are removed from matching and discovery;
- in-progress trades are cancelled and your trade partners keep an anonymized record that the trade was cancelled;
- completed trade records, feedback ratings, and report records are retained in anonymized form ("Deleted User") to keep other users' trade and reputation history accurate and to prevent abuse; your feedback comments are replaced with "[deleted]".
We keep some records where required for safety, fraud prevention, security, or legal obligations. Database backups may retain deleted data for a limited period before rotating out. Deletion is not reversible.
8. Your choices and rights
- Access, export, correction: request them at https://binderplug.app/account/data or by emailing [email protected]. We verify account control before sharing account-specific information.
- Deletion: delete your account in the app (Settings → Delete Account) or request it at https://binderplug.app/account/delete.
- Location: grant or revoke location permission in your device settings at any time.
- Push notifications: turn them off in the app or in device settings.
- Visibility: control online-status and stats sharing in the app's privacy preferences.
Depending on where you live (for example the EEA/UK under GDPR, or California under the CCPA), you may have statutory rights to access, correct, delete, export, or restrict processing of your personal data, and the right to complain to a supervisory authority. We honor the mechanisms above for all users regardless of region. We do not sell or share personal data as defined by the CCPA.
9. Children and parents
You must be at least 13 years old to create a BinderPlug account. Younger players may participate in trades only through an account created, held, and supervised by a parent or legal guardian; the account holder is responsible for all activity on the account. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact [email protected] and we will delete it.
10. Security
Passwords are stored only as Argon2 hashes. Connections to our servers use TLS. Sign-in uses short-lived tokens with revocable refresh tokens. Email verification uses expiring one-time codes with rate limits. We design our logging, analytics, and crash reporting to exclude personal identifiers, and we accept vulnerability reports at [email protected]. No system is perfectly secure, and we cannot guarantee absolute security.
11. Where data is processed
Our servers and database are hosted by Render in the United States. Analytics data is hosted by PostHog in the EU. If you use BinderPlug from outside those regions, your data will be transferred to and processed in them.
12. Changes to this policy
We version this policy and record the date of each change in the changelog below. If we make material changes, we will notify you in the app, and where the change affects the registration notice you accepted, the app will ask you to review and accept the updated version before continuing.
Changelog
- privacy-policy-draft-2026-07-05 — initial draft for owner review. Not in effect.
13. Contact
Wyrdbit LLC
31441 Santa Margarita Pkwy, Ste A #8099
Rancho Santa Margarita, CA 92688, USA
[email protected]