FaB Bazaar Logo
FaB Bazaar

Privacy Policy

Last updated: 11/4/2025

1. Introduction

Welcome to FaB Bazaar, a Flesh and Blood collection management and trade discovery platform. We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, Discord bot, API services, and related services (collectively, the "Platform").

By using our Platform, you agree to the collection and use of information in accordance with this Privacy Policy and our Terms of Service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Authentication Data: Discord ID, Discord username, email address (from Discord OAuth)
  • Profile Information: Username, display name, local store preferences, location data (city/state for local trading discovery)
  • Account Credentials: MCP tokens for API access (securely hashed and stored)
  • Contact Information: Email addresses for notifications and communication

2.2 Platform Activity Data

  • Card Collections: Binder contents, card conditions, trade availability, pricing preferences
  • Wants Lists: Desired cards, priority levels, trading preferences
  • Deck Information: Deck lists, formats, hero selections, card quantities
  • Trade Workflow Data: Digital trade agreements, communication between traders, trade tracking status
  • Search Activity: Card searches, filter preferences, "Who Has" queries

2.3 Technical Information

  • Usage Data: IP addresses, browser types, device information, page views, session duration
  • Cookies and Tracking: Session cookies, preference settings, analytics data
  • API Usage: MCP integration logs, request patterns, authentication events
  • Webhooks: Notification configurations, endpoint URLs, delivery logs

3. How We Use Your Information

3.1 Platform Services

  • Provide and maintain collection management and discovery tools
  • Authenticate users and manage account security
  • Connect traders with matching collections and wants lists
  • Process binder management and wants list functionality
  • Enable deck building and sharing features
  • Provide digital trade workflow tracking (tracking only - we are not a party to trades)
  • Display local store connections for community discovery

3.2 Communication and Notifications

  • Send trade match alerts when users have complementary wants/haves
  • Deliver webhook notifications for binder and wants list updates
  • Provide Discord bot functionality and commands
  • Send service updates and important account information
  • Notify users of potential trade opportunities

3.3 Platform Improvement and Safety

  • Analyze usage patterns to improve features
  • Generate leaderboards and community statistics
  • Optimize search and matching algorithms
  • Enhance user experience and platform performance
  • Monitor for prohibited activity (sales attempts, fraud, abuse)
  • Enforce our trade-only policies and Terms of Service

4. What We Don't Do

Important clarifications about our platform:

  • We do NOT process payments or handle any financial transactions
  • We do NOT hold cards in escrow or act as an intermediary
  • We do NOT verify user identities, card authenticity, or card conditions
  • We do NOT guarantee trade completion or act as a dispute resolver
  • We do NOT participate in, arbitrate, or take responsibility for user-to-user trades
  • We do NOT collect or track sales data (our platform is trade-only)

5. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Our cookie consent system allows you to control which cookies are used.

5.1 Cookie Categories

  • Necessary Cookies: Essential for platform functionality, authentication, and security (always active)
  • Functional Cookies: Remember your preferences (dark mode, language, local store settings)
  • Analytics Cookies: Google Analytics data to understand usage patterns and improve our services
  • Advertising Cookies: Google AdSense cookies for relevant ad display and performance measurement
  • Affiliate Cookies: Track affiliate referrals and partnerships when you've consented to advertising cookies

5.2 Cookie Consent and Management

We are compliant with cookie consent requirements and provide clear disclosures about cookie usage. When you first visit our Platform, you will see a cookie consent banner that allows you to:

  • Accept all cookies
  • Reject optional cookies (only necessary cookies will be used)
  • Customize your cookie preferences by category

If you opt to allow advertising cookies, this enables:

  • Google AdSense: Display of relevant advertisements
  • Affiliate Links: Tracking of referral partnerships (such as TCGPlayer affiliate links)

You can change your cookie preferences at any time through our cookie settings in the footer of our website. You may also configure your browser to refuse cookies, though this may limit platform functionality. Necessary cookies cannot be disabled as they are essential for the Platform to function.

6. Third-Party Services and Data Sharing

6.1 Authentication and Social Services

  • Discord OAuth: For user authentication and profile information
  • Discord API: For bot functionality and server integration

6.2 Analytics and Advertising

  • Google Analytics: Website usage analytics and performance monitoring
  • Google AdSense: Advertising services and revenue generation

6.3 Data and Infrastructure

  • MongoDB Atlas: Database hosting and data storage
  • Cloud Hosting Services: Platform infrastructure and content delivery
  • TCG Pricing APIs: Card pricing and market data (for informational purposes only)

6.4 Data Sharing Practices

We do not sell, trade, or rent your personal information to third parties. We share information only:

  • With your explicit consent for specific features
  • To connect traders with matching collections (card lists, wants lists visible per your privacy settings)
  • For local trading connections (city/state level only, never full addresses)
  • When required by law or to protect our rights
  • With service providers who assist in platform operations (under strict confidentiality)

We never share financial information because we don't collect it - we don't process payments.

7. Data Security and Protection

We implement comprehensive security measures to protect your data:

7.1 Technical Safeguards

  • Encryption of sensitive data at rest and in transit (TLS/SSL)
  • Secure authentication mechanisms and session management
  • API rate limiting and abuse prevention
  • Regular security monitoring and vulnerability assessments
  • Secure database configurations and access controls

7.2 Operational Security

  • Limited access to personal data on a need-to-know basis
  • Regular backups with encryption
  • Incident response procedures
  • Employee data handling training

7.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law, typically within 72 hours of discovering the breach. Notification will be sent via email and/or posted prominently on the Platform.

8. Your Privacy Rights

8.1 GDPR Rights (EU Users)

Under the General Data Protection Regulation, you have the right to:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Restrict: Limit how we process your data
  • Withdraw Consent: Remove consent for specific processing activities

8.2 CCPA Rights (California Users)

Under the California Consumer Privacy Act, you have the right to:

  • Know what personal information is collected and how it's used
  • Delete personal information held by us
  • Opt-out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

8.3 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information in Section 13. We will respond to your request within 30 days.

9. Data Retention

We retain your personal data based on the following criteria:

  • Account Data: Retained while your account is active and for 2 years after deletion
  • Trade Workflow Tracking: Retained for 3 years for user safety, platform improvement, and legal compliance
  • Analytics Data: Anonymized after 26 months in accordance with Google Analytics policies
  • Communication Logs: Retained for 1 year for support and safety purposes
  • Violation Records: Records of Terms of Service violations (sales attempts, fraud) retained for 5 years for platform safety
  • Legal Compliance: Some data may be retained longer if required by law

10. International Data Transfers

FaB Bazaar operates from Georgia, USA. If you access our Platform from outside the United States, your information may be transferred to, stored, and processed in the United States. We ensure appropriate safeguards are in place for international transfers, including:

  • Adherence to Privacy Shield principles where applicable
  • Standard contractual clauses with service providers
  • Ensuring adequate level of protection for your data

11. Children's Privacy

Account creation on our Platform requires a Discord account. Discord requires users to be at least 13 years of age (or the minimum age required in their country, whichever is greater). By requiring Discord authentication, we comply with age restrictions set by Discord's Terms of Service.

We do not knowingly collect personal information from children below Discord's minimum age requirements. If we discover that we have collected personal information from a user below the required age, we will delete such information immediately.

Users between 13 and 18 (or their country's age of majority) should have parental or guardian consent to use the Platform. Parents are encouraged to monitor their children's use of the Platform and trading activities.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by:

  • Posting a notice on our Platform
  • Sending an email notification (if you have provided an email address)
  • Discord notification through our bot (if you use Discord integration)

Changes will take effect 30 days after notification, except for changes required by law, which may take effect immediately. Your continued use of the Platform after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email:[email protected]
Discord:FaB Bazaar Community
Location:Georgia, USA

14. Legal Basis for Processing (GDPR)

Our legal basis for processing your personal data includes:

  • Consent: For marketing communications and optional features
  • Contract: To provide collection management and trade discovery services
  • Legitimate Interest: For platform improvement, security, and community safety
  • Legal Obligation: For compliance with applicable laws
Return to HomeTerms of Service