Privacy Policy
1. Privacy at a Glance
General Information
The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You
can find their contact details in the section "Notice on the Responsible
Party" below.
How do we collect your data?
Your data is collected, on the one hand, when you provide it to us. This could,
for example, be data you enter when registering a user account. Other data is
automatically collected by our IT systems when you visit the website or with
your consent. This is mainly technical data (e.g. internet browser, operating
system, or time of the page request).
2. Hosting
This website is hosted externally. Personal data collected on this website is stored on the servers of the host. This may include IP addresses, metadata, communication data, contact information, names, website access data, and other data generated through a website.
3. General Information and Mandatory Notices
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
Notice on the Responsible Party
The party responsible for processing data on this website is:
Zeasy Software – Sipahi & Zielonka GbR
Alexander Zielonka
Herzogstraße 23
47139 Duisburg, Germany
Phone: +49 170 234 0545
Email: info@zeasy.software
Data Protection Officer
Alexander Zielonka
Email: zielonka@zeasy.software
Storage Duration
Unless a more specific storage period is mentioned within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data.
4. Data Collection on This Website
Server Log Files
The provider of the pages automatically collects and stores information in server log files that your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources. Collection of this data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website.
5. User Accounts and Authentication
Registration
On MetaGoyf you can create a user account to save and manage your own decks. The following personal data is collected and stored during registration:
- Email address
- Username
- Password (stored encrypted using bcrypt hashing)
Legal basis: Processing is carried out to perform pre-contractual measures or to fulfill a contract (Art. 6 (1) (b) GDPR).
Login and Session Management
When you log in to your user account, API authentication tokens are created that secure your session. These tokens are stored server-side and deleted on logout.
Password Reset
If you reset your password, a one-time token is generated and sent to you by email. For security reasons, this token is only valid for a limited time and is deleted after use or expiration.
6. Deck Data and User Content
As part of the MetaGoyf functionality, we process the following content created by you:
- Decklists, comments, and descriptions you create
- Visibility settings of your decks (private / public)
- Timestamps of creation and editing
Legal basis: Processing is necessary to fulfill the contract (Art. 6 (1) (b) GDPR). If you publish a deck publicly, the publication is based on your consent (Art. 6 (1) (a) GDPR), which you can revoke at any time by switching the deck back to private or deleting it.
7. External Services
Scryfall
For displaying card images, card information, and for multilingual card search, we use data and endpoints provided by Scryfall (scryfall.com). When card images are loaded and during non-English search queries, your IP address is transmitted to the Scryfall servers. We have no influence on the scope and type of data processed there. For more information, see Scryfall's privacy policy.
Legal basis: Legitimate interest in providing up-to-date card images and multilingual search (Art. 6 (1) (f) GDPR).
8. Email Communication
As part of our services, we send the following emails:
- Welcome emails upon account creation
- Password reset emails
- Security-related notifications
Delivery is handled through an external email service provider. Your email address and the content of the message are transmitted to the provider.
Legal basis: Contract fulfillment (Art. 6 (1) (b) GDPR) or legitimate interest in effective communication (Art. 6 (1) (f) GDPR).
9. Cookies and Session Management
Our website uses only strictly necessary cookies and similar storage mechanisms (e.g. localStorage) for authentication and session management. No tracking or marketing cookies are set.
Legal basis: The use of strictly necessary cookies is based on our legitimate interest in the operation and security of our website (Art. 6 (1) (f) GDPR).
10. Your Rights
You have the following rights with regard to the personal data concerning you:
- Right to access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Right to Object
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for doing so that arise from your particular situation.
Revocation of Consent
You have the right to revoke consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of consent up to the time of revocation.
11. SSL / TLS Encryption
For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the lock symbol in your browser bar.
Last updated: 2026