The short version: your decklist never leaves your browser unless you explicitly
save it to an account, we run no third-party trackers, and one click exports or deletes
everything we hold about you.
DRAFT — written 2026-07-02, pending human review before public launch.
It describes what the code actually does today; if the code and this page ever disagree,
tell us — that's a bug in one of them.
What never leaves your browser
Your decklist, by default. The simulation runs entirely client-side. Pasting a list
and running it sends nothing about the list to our servers.
Share links. "Copy share link" packs the deck, goal, and seed into the URL
fragment (the part after #), which browsers do not send to servers —
a share link reproduces your result without the list ever touching us.
Local drafts. The deck draft on the practice/trainer pages, your daily-hand streak,
and your theme preference live in your browser's localStorage only.
What we store if you create an account
Accounts are optional and exist for one purpose: saving your things across devices.
If you sign up we store, in our database (hosted by Supabase):
your email address and a salted password hash (handled by Supabase Auth — we never see
the password);
whatever you explicitly save: decks, named goals, runs (including their sample hands),
and Broken Trainer labels (the hand, the played-out line, and your broken/fine/borderline
call). Saving is always an explicit click — nothing uploads on its own.
Row-level security scopes every row to your account: other users can't read your saves,
and neither can anonymous visitors.
Telemetry — first-party, and deliberately blind
We run our own minimal telemetry to know whether pages load, runs finish, and errors happen.
It is engineered not to identify you:
no decklists, no card names, no emails, and no persistent identifiers — the session tag
is random per page-load and never stored in a cookie;
events are things like "pageview", "run", "compare", plus JavaScript error messages;
your IP address is used for rate limiting and stored only as a short one-way hash;
data lands as daily files on our own server — no analytics company is involved;
it can be disabled entirely by the telemetry:false flag in the site config.
Services we rely on (and what they see)
Fly.io hosts the site — as the web host it sees standard request logs (IP, URL, user agent).
Supabase hosts accounts and saved data (above).
Resend delivers account emails (confirmation, password reset) — it sees your email address.
Scryfall serves card images — your browser fetches images from their CDN, so they see
those image requests.
Google Fonts serves the site's typefaces — your browser requests font files from Google.
Moxfield import: if you import by URL, the request for that (public) deck page may be
relayed through public CORS proxies — the deck's public Moxfield ID passes through them, and
they see the request. If that bothers you, use paste import: it involves no third party at all.
We use no ad networks, no third-party analytics, and no cross-site tracking of any kind.
Your data, your call
Export: Account menu → Export my data (JSON) — your profile and every saved
deck, goal, run, and trainer label, in one file, instantly.
Delete: Account menu → Delete my account — removes the account and cascades
through everything it owns. This is immediate and irreversible.
Retention
Account data: kept until you delete it (or your account).
Telemetry files: capped per day and rotated; kept for operational debugging, not profiling.
Server logs: short-lived operational logs on the host.
Children
Decksmith is not directed at children under 13, and we don't knowingly collect their data.
Changes & contact
If this policy changes materially we'll note it here with a date. Questions or requests:
[contact email — pending: pick before launch].