CCG Source

Privacy Policy

Last updated: November 1, 2025

1. Introduction

CCG Source ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

This policy complies with the EU General Data Protection Regulation (GDPR), California Privacy Rights Act (CPRA), and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

  • Account Information: Name, username, email address, password
  • Transaction Information: Purchase history, cart contents, payment method details (processed by third-party payment processors)
  • Communication Data: Messages with sellers, customer support inquiries

2.2 Automatically Collected Information

  • Usage Data: Pages visited, products viewed, search queries, click patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies and Tracking: See our Cookie Policy below

3. How We Use Your Information

We use your information for the following purposes:

  • Providing and maintaining our marketplace services
  • Processing transactions and managing your orders
  • Communicating with you about your account and purchases
  • Improving our website, products, and services
  • Analyzing usage patterns and optimizing user experience
  • Preventing fraud and ensuring platform security
  • Complying with legal obligations
  • Marketing communications (with your consent)

4. Legal Basis for Processing (GDPR)

For EU users, we process your data based on:

  • Contract Performance: Processing necessary to provide our services
  • Consent: Marketing emails, optional cookies
  • Legitimate Interests: Fraud prevention, analytics, service improvement
  • Legal Obligation: Tax records, transaction history

5. How We Share Your Information

We may share your information with:

  • Sellers: Your shipping address and contact information to fulfill orders
  • Service Providers: Payment processors, hosting providers, email services, analytics tools
  • Legal Authorities: When required by law or to protect our legal rights
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

We do not sell your personal information to third parties.

5.1 Third-Party Data Processors

We use the following third-party processors to provide our services:

  • Microsoft Clarity: User behavior analytics, session recordings, heatmaps (Microsoft Corporation, USA). Privacy Policy: https://privacy.microsoft.com
  • Replit: Hosting infrastructure and services (Replit, Inc., USA)
  • Scryfall: Card images and data (external CDN, USA)

All third-party processors are required to comply with applicable data protection laws and maintain appropriate security measures.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies as follows:

6.1 Essential Cookies (No Consent Required)

  • connect.sid: Session authentication cookie (HTTP-only, Secure). Duration: Session (deleted when browser closes)

6.2 Analytics Cookies (Requires Consent)

  • Microsoft Clarity: Multiple cookies for user behavior tracking, session recordings, and heatmaps. Duration: Up to 1 year

6.3 Browser Storage

We also use browser localStorage and sessionStorage for:

  • Cart State: Persist shopping cart items across sessions (localStorage)
  • Auth State: Store user login state (localStorage)
  • Analytics Session ID: Track unique sessions for event deduplication (sessionStorage)

You can manage cookie preferences through our cookie consent banner or your browser settings. Note that disabling essential cookies may prevent certain features from working properly.

7. Your Privacy Rights

7.1 GDPR Rights (EU Users)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing or optional cookies

7.2 California Privacy Rights (CPRA)

  • Right to know what personal information is collected
  • Right to know if personal information is sold or shared
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt-out of sale/sharing
  • Right to limit use of sensitive personal information
  • Right to non-discrimination

To exercise your rights, contact us at privacy@ccgsource.com

8. Data Security

We implement industry-standard security measures to protect your data, including:

  • HTTPS encryption for all data transmission
  • Secure password hashing
  • Regular security audits and updates
  • Access controls and employee training
  • Third-party payment processing (we do not store full credit card details)

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Data Retention

We retain your personal information according to the following retention periods:

  • Account Data: Duration of account plus 90 days after account closure
  • Transaction Records: 7 years (tax and legal compliance requirements)
  • Communication Logs: 3 years from last interaction
  • Analytics Data: Up to 25 months (Microsoft Clarity retention policy)
  • Session Cookies: Deleted when browser session ends
  • Marketing Consent: Until consent is withdrawn

After the retention period expires, we securely delete or anonymize your data. You may request early deletion by exercising your right to erasure (see Section 7).

10. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence. We ensure adequate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with service providers
  • Compliance with applicable data protection frameworks

11. Children's Privacy

Our services are not directed to individuals under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

12. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for material changes)

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us:

EU Representative (if applicable): [EU Representative Details]

Data Protection Officer: dpo@ccgsource.com

15. Supervisory Authority

If you are located in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.