MyRift

Privacy Policy

Last updated: February 13, 2026

1. Introduction

MyRift (“we”, “our”, or “the Service”) is a companion application for the Riftbound trading card game. This Privacy Policy explains how we collect, use, and protect your information when you use our website and services at myrift.myrlin.io.

2. Information We Collect

Account Information

When you create an account, we collect your email address and name. If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not access any other Google account data.

Collection Data

We store information about your Riftbound card collection, including card ownership, quantities, deck configurations, and scan history. This data is essential to provide the Service.

Card Scan Images

When you use the card scanner, images are sent to a third-party AI service (Google Gemini) for card identification. These images are processed in real-time and are not stored permanently on our servers. Google's use of this data is governed by their own privacy policy.

Usage Data

We automatically collect basic usage data including pages visited, feature interactions, and error logs to improve the Service. We do not use third-party analytics or advertising trackers.

3. How We Use Your Information

  • Provide and maintain the Service (collection tracking, deck building, card scanning)
  • Authenticate your identity and manage your account
  • Display card pricing information from public market data
  • Improve the Service based on usage patterns
  • Communicate important updates about the Service

4. Data Storage and Security

Your data is stored in a secure PostgreSQL database hosted by Neon (neon.tech). Authentication sessions use HTTP-only secure cookies. All connections use TLS encryption. We follow industry-standard security practices to protect your data.

5. Third-Party Services

We use the following third-party services:

  • Google OAuth — for account authentication (name, email, profile picture)
  • Google Gemini — for AI-powered card image recognition
  • Neon — for secure database hosting
  • Vercel — for application hosting and deployment

Each third-party service has its own privacy policy governing their use of data.

6. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We only share data with the third-party services listed above as necessary to provide the Service.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your collection data
  • Revoke Google OAuth access at any time through your Google account settings

To exercise any of these rights, contact us at the email address below.

8. Cookies

We use essential cookies only — specifically, a session cookie for authentication. We do not use advertising cookies, tracking cookies, or any non-essential cookies.

9. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: arthurdmouradian@gmail.com