SignetSignet — Privacy Policy
1. Summary
Signet is a life-tracker for Magic: The Gathering Commander pods. To let pods sync between phones and to remember your decks and game history across devices, Signet needs an account and stores some game data on its servers. Beyond that:
- Signet uses no advertising, ad-targeting, attribution, or cross-app tracking SDK of any kind, and shows no ads.
- Signet's only analytics and diagnostics provider is PostHog — used for anonymous product analytics, session replay, and crash/error diagnostics, entirely on an opt-out basis (Settings → Privacy) and detailed in § 2.4. PostHog never receives your email, decks, card lists, or pod / player names.
- Signet does not sell, rent, or share your personal information with advertisers or data brokers.
- Signet does not request access to your contacts, photos, microphone, calendar, location, or any system data other than the camera (used only for scanning QR pod-join codes, never stored or transmitted).
Signet is not affiliated with Wizards of the Coast or Hasbro.
2. The information Signet collects
Signet only collects the information it actually needs to operate. There are three categories.
2.1 Account information
Signet uses passwordless email sign-in. You enter your email address, Signet sends a 6-digit one-time code to it, and you enter the code to confirm. Signet stores the email address so we can recognize you on future sign-ins. There is no password, and no third-party OAuth sign-in path.
Email delivery for the one-time code is handled by Resend (resend.com). Your email address is sent to Resend only to deliver the code. Resend does not use your address for any other purpose.
2.2 Information you create inside the app
When you use Signet, the following is stored on Signet's servers so it can sync across your devices and across the players in your pod:
| Category | What's stored |
|---|---|
| Profile | A display name you choose. Your account email (see § 2.1). |
| Pods | The pods you host or join: pod name, join code, member list, seat assignments, lobby state. |
| Decks | Deck names, formats, the card list text you paste in, validation results, and version history. |
| Game history | Completed games: timestamps, turn counts, the winner, life-total history, commander damage matrix, and per-player attribution. |
| Card cache | A shared cache of card data fetched from Scryfall (see § 3). Contains no personal information; the same cache is reused across all Signet users to reduce lookups. |
Signet does not store payment information (the app and its features are free at launch).
2.3 Information collected automatically
When you sign in or sync data, the server receives the standard technical information any internet service receives — your IP address, a timestamp, and basic device type information — solely to route the request and apply security checks (rate limiting, abuse prevention). Signet does not log this information for analytics, does not link it to your account beyond the session that needs it, and does not retain it beyond the operational windows of the underlying infrastructure provider.
2.4 Anonymous product analytics
If you leave Settings → Privacy → Anonymous analytics turned on (the default, but you can switch it off at any time), the app sends a small, fixed set of product events to PostHog (see § 3) so we can see how features are used and prioritize fixes:
- App lifecycle events (app opened, app backgrounded).
- Named product moments — for example, when a pod is created, a game is submitted, or a deck is created. Properties attached to these events describe the shape of what happened (player count, format, deck color identity) and never include free-text content, card lists, or pod / player names.
- An anonymous device identifier generated by PostHog. After you sign in, this identifier is linked to your Signet user id so events from the same person across devices aggregate together. The link is removed when you sign out and again when you delete your account.
If you leave Settings → Privacy → Session replay turned on (also default, also independently toggleable), PostHog additionally captures anonymized replays of in-app sessions to help diagnose UI issues that bare events can't explain. The replay recorder runs with default masking on: all text inputs, all images, and all sandboxed system views (photo picker, contact picker) are blanked before the replay leaves the device. Specific UI regions that show personal data — your email address on the account screen, for example — are explicitly excluded from capture in code as well. Turning off Anonymous analytics turns off Session replay automatically; Session replay can also be turned off on its own while keeping events on.
While Anonymous analytics is on, Signet also sends PostHog basic diagnostic data: uncaught errors and unhandled promise rejections are captured automatically, along with structured operational logs that carry only non-personal context (such as a deck id or a request duration). This helps us find and fix crashes and failures. Diagnostic data never includes your email, card lists, deck contents, or pod / player names, and it stops when you turn Anonymous analytics off.
Feedback you send us. If you use the in-app feedback form (Settings → Send feedback), the message you write is sent to PostHog so we can read it — and, only if you choose to include it for a reply, your email address. This is the one case where free-text you type, or your email, is shared with PostHog, and only when you actively submit the form. If Anonymous analytics is off, the form instead opens your email app to message us directly.
Signet does not collect or transmit:
- Device identifiers tied to advertising (IDFA, IDFV, Android Advertising ID, or equivalents).
- Precise or approximate location.
- Advertising, ad-targeting, or attribution data of any kind.
- The free-text contents of pod names, deck names, card lists, or any message you type into the app beyond what § 2.2 describes.
- Anything from your contacts, photos, microphone, calendar, or other system-managed data.
2.5 Push notifications
If you grant notification permission and leave notifications enabled in Settings → Notifications, the app registers a push token — an anonymous identifier issued by your device's operating system (Apple Push Notification service on iOS, Firebase Cloud Messaging on Android) and relayed through Expo's push service (see § 3). Signet stores this token on its server (Supabase), linked to your account, so it can deliver notifications to your device — for example, telling the other players in a pod that the host has submitted a game's results.
A copy of your notification category preferences is also stored on the server so the server knows which notifications you've chosen to receive.
The push token is not an advertising identifier and is not used to track you across apps. It is deleted from Signet's server when you sign out on a device and when you delete your account. You can revoke push delivery at any time by turning notifications off in Settings or in your device's system settings.
3. Third-party services
Signet uses a small number of third-party services. Each is listed below with its role and a link to its own privacy policy.
| Service | Role | Privacy policy |
|---|---|---|
| Supabase (Supabase, Inc.) | Hosts the database, authentication, and realtime sync infrastructure that Signet runs on. | supabase.com/privacy |
| Resend (Resend, Inc.) | Sends the one-time email codes used for passwordless sign-in. | resend.com/legal/privacy-policy |
| Scryfall | Provides card data for the cards in your decks. Signet queries Scryfall using only the card names you enter; Scryfall does not receive your account, email, or any personal information. | scryfall.com/docs/privacy |
| PostHog (PostHog, Inc.) | Anonymous product analytics and session replay, only when you've left the corresponding toggles on in Settings → Privacy. PostHog receives the event types described in § 2.4 and, if Session replay is on, masked session recordings. It does not receive your email, the contents of your decks or card names, the names of your pods or other players, or any free-text input (other than feedback you explicitly submit through the in-app feedback form — see § 2.4). | posthog.com/privacy |
| Expo (Expo, Inc.) | Relays push notifications from Signet's server to your device's operating-system push service (Apple / Google). When notifications are enabled, Expo handles the push token and message described in § 2.5. It does not receive your email or any free-text content. | expo.dev/privacy |
| Vercel (Vercel, Inc.) | Hosts the marketing website at mtgsignet.app and provides cookieless page-view analytics for that site (see § 10). Vercel does not receive any data from the app itself. | vercel.com/legal/privacy-policy |
| Google Analytics (Google LLC) | Counts visits to the marketing website at mtgsignet.app, only if you accept the cookie banner. Google Analytics is not loaded at all until you tap Accept; Decline (or simply ignoring the banner) leaves it disabled. IP addresses are anonymized. Google Analytics never runs inside the app itself and is not linked to your Signet account. See § 10. | policies.google.com/privacy |
| Patreon (Patreon, Inc.) | If you tap the "Support Signet" link, you'll be taken to Signet's Patreon page on patreon.com. Patreon's privacy policy governs everything that happens there. Signet itself receives no payment, contact, or membership information back from Patreon. | patreon.com/policy/privacy |
Beyond PostHog (described above and gated entirely behind a user-controlled opt-out), Signet does not integrate any third-party SDK whose purpose is data collection. No advertising SDK, no crash reporter linked to your account, no attribution SDK, no A/B-testing SDK, no social-login SDK.
4. What other players in your pod can see
Signet is a multiplayer app, so by design some information about you is visible to the other players in any pod you join. Specifically:
- Your display name is visible to every other member of any pod you host or join, in the lobby and during the game.
- The decks you bring to a pod, including the card list you pasted in, are visible to other members of that pod when you arm a deck in the lobby and during the game. Decks you keep in your library but do not bring to a pod are visible only to you.
- Your participation in completed games is visible to the other players in those games, in their copy of the game history (with your display name attributed to your seat).
Other players never see your account email address, your account identifier, or any of your decks that you have not brought to a shared pod. Signet does not surface you to players who are not in a pod with you.
5. Camera permission
Signet asks for camera access for one reason: scanning the QR code displayed by a pod host so you can join their pod. The camera is used only when you actively open the join-by-QR screen. Camera images are processed locally on your device, are never saved, and are never transmitted to Signet's servers or to any third party.
If you prefer not to grant camera access, you can join pods by typing the join code instead.
6. Where data is stored, and security
Account information and the data described in § 2.2 are stored on Supabase's infrastructure in the United States. If you access Signet from outside the United States, your information will be transferred to, processed in, and stored in the United States, which may have different data-protection laws than your country of residence.
All connections between the Signet app and Supabase use TLS encryption in transit. Data is encrypted at rest by Supabase. Access to the production database is restricted to the Signet operator under principle-of-least-privilege.
No system is perfectly secure. If we ever experience a security incident that affects your information, we will notify affected users by email and through the app as required by applicable law.
7. How long Signet keeps your data
- Active account data — kept as long as your account exists.
- Lobby state — automatically purged after inactivity (currently 24 hours) regardless of whether you take action.
- Card cache — refreshed periodically and shared across users; contains no personal information.
- Server access logs — retained only for the operational window of the underlying infrastructure (typically days, not months) for security and debugging purposes.
When you initiate account deletion (see § 8), Signet starts a 30-day grace period. During that window, signing back into the app cancels the deletion automatically and restores your account in full. After 30 days, your profile, decks, and game-history data are permanently removed from Signet's active databases. Encrypted backups maintained by Supabase as part of its standard backup schedule expire on Supabase's own retention timeline (typically within 30 days); once the active record is removed, the data cannot be restored.
8. Your choices and rights
You can:
- See and edit your profile and your decks at any time from inside the app.
- Delete an individual game from your game history in the History screen.
- Delete your entire account at any time from Settings → Delete account inside the app. Confirming starts a 30-day grace period — sign back in at any time during that window to cancel. After 30 days, your profile, your decks, your game history, and your account are permanently removed from Signet's servers. Some references to you in other players' game history may remain as anonymized records (e.g., "Player 2") so their history stays intact.
- Export your data by emailing mtgsignet@gmail.com — we'll provide a copy of the data tied to your account within 30 days.
If you live in a jurisdiction with specific privacy rights (such as the EU/EEA under GDPR or California under CCPA), those rights apply to you. You may exercise them by emailing mtgsignet@gmail.com. We do not sell personal information.
9. Children
Signet is intended for users 13 years of age or older. Signet does not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please email mtgsignet@gmail.com and we will delete the account and any associated data.
10. The website at mtgsignet.app
The website at mtgsignet.app is a thin marketing site that hosts this privacy policy, the Terms of Service, and basic information about the app. It does not require an account and does not have user-facing features beyond reading published content.
The site uses two analytics providers, both limited to anonymous traffic counting:
10.1 Vercel Web Analytics (always on)
Vercel Web Analytics is cookieless: it does not set tracking cookies, does not fingerprint your device, and does not associate visits with personal information. The data Vercel processes is limited to:
- The page you visited and the page you arrived from (referrer).
- An approximate region derived from your IP address (typically country and city).
- Your browser and device type.
- A daily-rotating hash that lets Vercel count unique visitors for a given day without identifying you or tracking you across days.
No personal information is collected and no website data is shared with advertising networks or data brokers. See Vercel's privacy policy for details: vercel.com/legal/privacy-policy.
10.2 Google Analytics (opt-in via cookie banner)
The site also offers Google Analytics 4 (Measurement ID G-DWL6D37XRW) for page-view and session counts. Google Analytics is not loaded until you explicitly accept the cookie banner shown on your first visit. Under the hood we use Google's Consent Mode v2 with all storage signals defaulted to denied — meaning even Google's gtag.js script is held back until you accept. If you Decline, or ignore the banner, no Google Analytics cookies are set and no data is sent to Google.
If you accept, Google Analytics sets a small number of cookies (typically _ga and a stream-specific identifier) used to count visits and approximate unique visitors over short windows. IP addresses are anonymized at collection. Advertising features, ad personalization, and Google Signals are disabled on the stream. We do not use Google Analytics to build cross-site profiles or share data with advertisers.
You can change your mind at any time using the Cookie settings link in the footer of any page — this clears your prior choice and re-shows the banner so you can Decline (or re-accept).
If you visit the website while signed into the app on the same device, your website visit is not linked to your Signet account, regardless of which provider you've allowed.
11. Changes to this policy
If this policy changes in a material way, we will update the Effective date at the top, post the new policy at this URL, and — for material changes — notify signed-in users inside the app on next launch. Non-material changes (typos, clarifications) may be made without notice.
The full history of this policy is available on request.
12. Contact
Questions, requests, or concerns: mtgsignet@gmail.com
Signet is an independent project. Magic: The Gathering and Commander are trademarks of Wizards of the Coast LLC, a subsidiary of Hasbro, Inc. Signet is not affiliated with, endorsed by, or sponsored by Wizards of the Coast or Hasbro.