MTG MasterMTG Master

Privacy Policy

Spanish

Last Updated: 2026-06-07

Privacy Policy

This Privacy Policy explains how MTG Master collects, uses, stores, shares, and protects personal data when you use our website, tools, and services.

MTG Master is operated by Marc Dalmau Ballester, a self-employed professional (“Autónomo”) established in Spain.

We process personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Spanish Organic Law 3/2018 on Data Protection and Digital Rights Guarantee (“LOPDGDD”).

If you have any questions about this Privacy Policy or how your data is handled, you can contact us at:

  • Email: contact@mtgmaster.ai
  • Professional address: Sant Roc 2, 08340, Vilassar de Mar, Barcelona, Spain
  • Tax ID (NIF): 38.834.346L

1. Data Controller

The data controller responsible for processing your personal data is:

Marc Dalmau Ballester
Professional address: Sant Roc 2, 08340, Vilassar de Mar, Barcelona, Spain
Email: contact@mtgmaster.ai
Tax ID (NIF): 38.834.346L

In this Privacy Policy, Marc Dalmau Ballester is referred to as the “Owner”, “we”, “us”, or “our”. MTG Master is referred to as the “Service”.

2. Scope of This Privacy Policy

This Privacy Policy applies to the websites, tools, and services operated under MTG Master, including MTG Master web pages, user accounts, deck tools, collection tools, card scanner features, wishboard features, AI-powered tools, paid features, and related functionality.

It also applies when you contact us by email, submit feedback, request support, or interact with us in relation to the Service.

This Privacy Policy does not apply to third-party websites, platforms, or services that are not operated by us, even if they are linked from MTG Master.

3. What Data We Collect

We collect different types of data depending on how you use the Service.

3.1 Data You Provide Directly

We may collect personal data that you provide when you create an account, use the Service, contact us, or purchase paid features.

This may include:

  • Account data: username, email address, hashed password, profile information, account settings, and login-related information.
  • Content data: decklists, commander preferences, card preferences, saved decks, collection data, wishboards, scanned card data, uploaded images where applicable, notes, comments, saved analyses, and other content you choose to create, upload, generate, or store in the Service.
  • AI feature data: decklists, selected brackets, prompts, card data, collection context, preferences, and other information you provide or select when using AI-powered features.
  • Communication data: messages sent through contact forms, support requests, bug reports, feedback, email communications, or other direct communications with us.
  • Billing-related data: if you purchase credits, subscriptions, or paid features, we may process limited billing-related information such as billing name, billing address, country, VAT or tax-related information where applicable, transaction ID, payment status, invoice information, and purchase history.

Full payment card details are processed by our payment provider, such as Stripe, and are not stored by us.

3.2 Data Collected Automatically

When you access or use the Service, we may automatically collect certain technical and usage information.

This may include:

  • Technical data: IP address, browser type and version, operating system, device type, language settings, approximate location derived from IP address, referring URLs, and similar technical information.
  • Usage data: pages visited, time and date of visits, features used, clicks, interactions, deck tools used, collection tools used, AI tools used, session activity, error logs, and performance diagnostics.
  • Security and diagnostic data: logs related to authentication, abuse prevention, service stability, fraud prevention, debugging, and technical incidents.
  • Cookies and similar technologies: as described in the section on cookies below.

3.3 Data from Third-Party Services

In some cases, we may receive limited data from third-party services used to operate the Service.

This may include:

  • Payment confirmation and billing information from payment providers.
  • Authentication or login-related information if third-party login options are offered.
  • Analytics, performance, or error-reporting information from technical providers.
  • Card data, pricing information, or related metadata from card data providers.

We only use this information as needed to provide, secure, improve, or administer the Service.

4. Why We Process Personal Data

We process personal data for the purposes described below.

4.1 To Provide the Service

We process data to create and manage accounts, allow users to build and store decks, manage collections, use wishboards, use card scanner features, access AI tools, save preferences, and use the main features of MTG Master.

Legal basis:
GDPR Article 6(1)(b): performance of a contract or steps prior to entering into a contract.

4.2 To Provide AI-Powered Features

When you use AI-powered features, we process the information needed to generate the requested result. This may include decklists, selected bracket, card data, collection context, user prompts, saved preferences, and other relevant information provided through the Service.

This processing is used to generate deck analysis, recommendations, explanations, summaries, optimization ideas, and related outputs.

Legal basis:
GDPR Article 6(1)(b): performance of a contract or steps prior to entering into a contract.

Where AI-related processing is used to improve, monitor, secure, or maintain the Service, we may also rely on:

GDPR Article 6(1)(f): legitimate interests in improving, maintaining, and securing the Service.

4.3 To Manage Payments, Credits, and Subscriptions

If you purchase credits, subscriptions, or paid features, we process the information needed to manage the purchase, provide access, maintain purchase history, handle invoices, prevent fraud, and comply with accounting and tax obligations.

Legal basis:
GDPR Article 6(1)(b): performance of a contract.
GDPR Article 6(1)(c): compliance with legal obligations.

4.4 To Provide Customer Support and Communication

We process data to respond to support requests, bug reports, questions, feedback, and other communications.

Legal basis:
GDPR Article 6(1)(b): performance of a contract, where the request relates to your account or use of the Service.
GDPR Article 6(1)(f): legitimate interests in responding to users and improving customer support.

4.5 To Maintain, Secure, and Improve the Service

We process technical, usage, diagnostic, and security data to keep the Service stable, secure, and functional. This includes detecting abuse, fixing errors, improving performance, preventing fraud, monitoring availability, and understanding how users interact with the Service.

Legal basis:
GDPR Article 6(1)(f): legitimate interests in operating, securing, maintaining, and improving the Service.

4.6 To Send Marketing Communications

If you choose to receive newsletters, product updates, offers, or similar communications, we may use your contact details to send them.

Legal basis:
GDPR Article 6(1)(a): your consent.

You can withdraw your consent at any time by using the unsubscribe link in the communication or by contacting us at contact@mtgmaster.ai.

4.7 To Comply with Legal Obligations and Protect Rights

We may process data to comply with applicable laws, respond to lawful requests from authorities, keep required accounting records, enforce our Terms of Service, prevent misuse, and defend or establish legal claims.

Legal basis:
GDPR Article 6(1)(c): compliance with legal obligations.
GDPR Article 6(1)(f): legitimate interests in protecting our rights, users, and the Service.

5. AI Features and Data Use

MTG Master may include AI-powered features that help users analyze decks, understand strengths and weaknesses, review bracket alignment, generate recommendations, summarize deck structure, improve card choices, or explore collection-related ideas.

When you use these features, the Service may process the information needed to provide the result, such as:

  • Decklists and card names
  • Commander and bracket selection
  • Collection or wishboard context, where relevant
  • User prompts, preferences, and selected options
  • Previous analysis context, where needed to provide the feature
  • Public or licensed card data used by the Service

AI features are intended to help with deck-building and Commander analysis. The information processed is used to generate the requested output and to operate, maintain, secure, and improve the Service.

Where we use external AI service providers, those providers may process data on our behalf as processors or service providers, under applicable contractual and data protection safeguards.

We do not intentionally ask users to provide sensitive personal data when using AI features. Users should avoid entering unnecessary personal, confidential, or sensitive information into prompts, deck notes, comments, or other free-text fields.

6. Cookies and Similar Technologies

We use cookies and similar technologies to operate the Service, keep it secure, remember preferences, understand usage, and improve performance.

6.1 What Cookies Are

Cookies are small text files stored on your device when you visit a website. They help the website recognize your browser, remember information, and provide certain features.

Similar technologies may include local storage, pixels, SDKs, or other tracking and storage tools.

6.2 Types of Cookies We May Use

We may use the following types of cookies or similar technologies:

  • Strictly necessary cookies: required for core functionality, such as login, authentication, security, session management, and payment flow support.
  • Preference cookies: used to remember settings such as language, display preferences, or user choices.
  • Analytics cookies: used to understand how the Service is used, measure performance, identify errors, and improve features.
  • Marketing or advertising cookies: used only if implemented and only where legally permitted, for example to measure campaigns or show relevant sponsored content.

6.3 Legal Basis for Cookies

Strictly necessary cookies are used because they are needed to provide a functional and secure Service.

For non-essential cookies, such as analytics or marketing cookies where consent is required, we rely on your consent.

Where required by law, we will ask for your consent before placing non-essential cookies and will provide a way to accept, reject, or manage cookie preferences.

6.4 Managing Cookies

You can manage cookies through the cookie banner or cookie settings where available.

You can also configure your browser to block or delete cookies. Blocking some cookies may affect certain features of the Service, especially login, preferences, or account-related functionality.

More information may be provided in our Cookie Policy.

7. How We Share Personal Data

We do not sell your personal data.

We may share personal data only where necessary for the purposes described in this Privacy Policy.

7.1 Service Providers

We may use third-party providers to operate, secure, improve, and provide the Service.

These may include:

  • Hosting and cloud infrastructure providers
  • Database and storage providers
  • Payment processors, such as Stripe
  • Email delivery providers
  • Analytics providers
  • Error monitoring and performance providers
  • Security and anti-abuse providers
  • Authentication providers, where applicable
  • AI service providers, where applicable
  • Card data, pricing, or metadata providers, where applicable

These providers may process personal data on our behalf and only as needed to provide their services to us.

Where required by GDPR, we use appropriate data processing agreements and require service providers to apply suitable security and data protection measures.

7.2 Legal and Regulatory Authorities

We may disclose personal data where required by law, court order, governmental authority, or regulatory request.

We may also disclose data where reasonably necessary to protect our rights, protect users, investigate misuse, prevent fraud, or respond to security incidents.

7.3 Business Transfers

If MTG Master is involved in a merger, acquisition, restructuring, sale of assets, or similar transaction, personal data may be transferred as part of that process.

Where this happens, we will handle the transfer in accordance with applicable data protection law.

7.4 Public User Content

Some content you choose to publish or share through the Service may be visible to other users or visitors.

This may include public decklists, usernames, profile information, comments, shared pages, or other content depending on your settings and the features you use.

You should avoid including private or sensitive information in public content.

8. International Data Transfers

Some of our service providers may process personal data outside the European Economic Area, including in countries such as the United States.

Where personal data is transferred outside the European Economic Area, we will rely on appropriate safeguards under GDPR, such as:

  • An adequacy decision from the European Commission
  • Standard Contractual Clauses approved by the European Commission
  • Other legally valid transfer mechanisms or safeguards

You may contact us if you want more information about international transfers and applicable safeguards.

9. Data Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

In general:

  • Account data is kept while your account remains active.
  • Decks, collections, wishboards, card notes, scanned card data, and other saved content are kept while your account exists or until you delete the relevant content, unless retention is required for legal, security, or backup reasons.
  • AI prompts, analysis history, and generated outputs may be kept while your account exists or as needed to provide history, saved analysis, quality control, security, or service improvement features.
  • Billing, invoice, tax, and transaction data are kept for the periods required by Spanish accounting and tax laws.
  • Support communications are kept for as long as needed to respond to the request and maintain a reasonable record of the interaction.
  • Technical logs, security logs, and diagnostic data are kept for a limited period needed for security, troubleshooting, abuse prevention, and auditing, unless a longer period is needed to investigate incidents or protect legal rights.
  • Marketing consent records may be kept while consent is active and for a reasonable period afterwards to demonstrate compliance.

When data is no longer needed, we will delete it, anonymize it, or retain it only where legally required.

We may keep anonymized or aggregated data that no longer identifies you for analytics, statistics, and service improvement.

10. Your Data Protection Rights

Under GDPR and applicable Spanish data protection law, you may have the following rights regarding your personal data:

  1. Right of access: to know whether we process your personal data and to receive a copy of it.
  2. Right to rectification: to request correction of inaccurate or incomplete data.
  3. Right to erasure: to request deletion of your personal data where legally possible.
  4. Right to restriction of processing: to ask us to limit processing in certain circumstances.
  5. Right to data portability: to receive certain data in a structured, commonly used, machine-readable format and transmit it to another controller where legally applicable.
  6. Right to object: to object to processing based on legitimate interests, including profiling, where applicable.
  7. Right to withdraw consent: where processing is based on consent, you can withdraw that consent at any time. This does not affect processing carried out before withdrawal.
  8. Right not to be subject to certain automated decisions: to not be subject to decisions based solely on automated processing, including profiling, where they produce legal or similarly significant effects, unless permitted by law.

To exercise your rights, contact us at:

contact@mtgmaster.ai

Please clearly state which right you want to exercise. We may need to verify your identity before responding to your request.

We will respond within the time limits required by applicable law.

11. Right to Lodge a Complaint

If you believe your personal data has been processed in a way that does not comply with GDPR or Spanish data protection law, you have the right to lodge a complaint with a supervisory authority.

In Spain, the competent authority is:

Agencia Española de Protección de Datos (AEPD)
Website: https://www.aepd.es/

You may also contact the supervisory authority in your country of residence or place of work, where applicable.

We encourage you to contact us first at contact@mtgmaster.ai so we can try to resolve your concern directly.

12. Security

We apply appropriate technical and organisational measures to protect personal data against unauthorized access, loss, misuse, alteration, disclosure, or destruction.

These measures may include access controls, encryption where appropriate, secure authentication practices, monitoring, backups, provider security controls, and internal procedures designed to protect the Service and user data.

No online service can guarantee absolute security. However, we work to keep the Service secure and to respond appropriately to potential security issues.

If we become aware of a personal data breach that creates a risk to your rights and freedoms, we will act in accordance with GDPR, including notifying the relevant authority and affected users where required.

13. Children’s Privacy

The Service is not intended for children under 14.

We do not knowingly collect personal data from children under 14 without appropriate consent from a parent or legal guardian.

If you are a parent or guardian and believe that a child under 14 has provided personal data to us without appropriate permission, please contact us at:

contact@mtgmaster.ai

We will take reasonable steps to review the situation and, where appropriate, delete the data or take other necessary action.

14. Links to Third-Party Websites

The Service may contain links to third-party websites, platforms, or services that are not operated by us.

We are not responsible for the privacy practices, security, content, or policies of those third-party services.

We recommend reviewing the privacy policies of any third-party websites or services you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the Service, legal requirements, providers, or data protection practices.

When we update this Privacy Policy, we will publish the new version on this page and update the “Last Updated” date.

If a change is important, we may also provide additional notice through the Service or by email where appropriate.

We encourage you to review this Privacy Policy periodically to stay informed about how we process personal data.

16. Contact

If you have any questions, requests, or concerns about this Privacy Policy or how we handle personal data, please contact:

Marc Dalmau Ballester
Email: contact@mtgmaster.ai
Professional address: Sant Roc 2, 08340, Vilassar de Mar, Barcelona, Spain
Tax ID (NIF): 38.834.346L

MTG Master is free to use. Optional Pro features are available through credits or subscriptions.

Magic: The Gathering, Wizards of the Coast, and all related trademarks are the property of Wizards of the Coast LLC in the U.S. and other countries. © 1993–2026 Wizards. All rights reserved.

MTG Master is an independent, fan-made project and is not affiliated with, endorsed, sponsored, or approved by Wizards of the Coast. MTG Master uses certain Wizards-owned intellectual property under the terms of the Wizards Fan Content Policy. To learn more about Wizards of the Coast and their policies, please visit company.wizards.com.

Card data, images, and some pricing information are sourced from Scryfall. Scryfall provides this information without warranty; always check local stores for final prices and availability.

© 2026 MTG MasterVersion 1.3.1
Terms of ServicePrivacy PolicyCookie PolicyPayment TermsAI Use & LimitationsLegal NoticeAffiliate DisclosuresAboutCommander Guides
Community

We use cookies for analytics to improve the site.

Analytics only runs if you choose “Accept”. You can change your choice anytime.