privacy_tip Legal

Privacy Policy

Last updated May 25, 2026 · Effective May 25, 2026

We collect what we need to run a local, peer-to-peer trading platform and not much else. We do not sell your personal information. We do not run third-party advertising trackers. Your phone number is encrypted at rest. This policy explains exactly what we collect, why, who we share it with, how long we keep it, and the choices you have.

On this page
  1. Introduction
  2. Information you give us
  3. Information collected automatically
  4. Location information
  5. Content you create
  6. Card collection & trading data
  7. How we use information
  8. How we share information
  9. Security
  10. Data retention
  11. Your rights and choices
  12. Children’s privacy
  13. International users
  14. Changes to this Policy
  15. Contact

1. Introduction

This Privacy Policy explains how Utopia (“Utopia,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you access or use the Utopia website, mobile-friendly web app, APIs, and related services (the “Service”). It supplements our Terms of Service and is incorporated by reference into those Terms.

Utopia is a free, peer-to-peer platform that helps collectors meet locally and trade physical collectible trading cards. To run that service we need to know who you are, where you are roughly located, what cards you own, and how to deliver an SMS verification code to your phone. We try to collect only what we need.

If you have a question about anything in this Policy, please email legal@utopiamarket.app.

2. Information you give us

When you create or use a Utopia account, you provide us with:

2.1 Account information

  • Username — the public handle you choose (3–20 characters, alphanumeric and underscores). Used to identify you to other users.
  • Email address — used for account recovery, important service notices, and (where you opt in) trade-related notifications.
  • Password — we never see or store your password in plain text. We store a bcrypt hash of your password and use it only to verify sign-in.
  • Full name — collected at sign-up.
  • Display name (optional) — a friendlier name shown alongside your username; you can leave this blank or edit it any time.
  • Profile bio (optional) — a short description you write about yourself; you can leave this blank or edit it any time.
  • Profile picture (optional) — an image you upload to be shown on your profile.
  • Color theme preference — light or dark; this also persists locally in your browser so the page does not flash on load.

2.2 Phone number (verified by SMS)

We require a working mobile phone number to verify new accounts. Verification is sent by SMS through our SMS partner, Twilio (Twilio Verify). Phone verification helps reduce the volume of throwaway, bot, and obviously fraudulent accounts on the platform. It is a deterrent, not a guarantee of any user’s identity, age, or trustworthiness.

Once your number is verified, we store it in our database encrypted at rest using Fernet symmetric authenticated encryption. Separately, we store a salted SHA-256 hash of your phone number. The hash lets us detect when a number is already used by another account without needing to decrypt anyone’s phone number to compare.

2.3 Location you provide

You may provide a state, city, latitude/longitude, and a preferred trade radius (default 25 miles). See Section 4 for full details on how location is used and shared.

2.4 Card collection data

As you use the Service you create card listings, mark cards as part of bundles, decks, or collections, choose conditions (e.g. near mint, lightly played), and may enter optional grading data (PSA, BGS, CGC, or SGC plus a numeric grade and, where applicable, subgrades). See Section 6.

3. Information collected automatically

3.1 Stored on your device

When you sign in, we place a small number of values in your browser’s localStorage, including a short-lived JWT access token, a longer-lived JWT refresh token, your username, your email, your theme preference, and (during signup) the approximate latitude and longitude you used so the signup form can pre-fill them. We do not use third-party advertising or analytics cookies. See our Cookie Policy for the full list of items we store on your device.

3.2 Authentication and security signals

We record signals that are necessary to protect your account, including:

  • The number of recent failed login attempts on your account and, if a threshold is exceeded, the timestamp until which the account is locked (currently five failed attempts triggers a fifteen-minute lockout);
  • Issuance and revocation of refresh tokens (so that signing out actually signs you out);
  • Rate-limiting counters on sensitive endpoints (e.g. signup, login, SMS verification);
  • Whether and when you verified your phone number.

3.3 Operational telemetry

Our backend keeps a small, in-memory ring buffer of recent API requests (method, path, response code, duration). This is used to monitor the health and performance of the Service. The buffer does not contain request bodies or user PII and is not used for advertising or analytics. It is automatically discarded when the server restarts.

Our backend also keeps a short, in-memory log buffer for system health monitoring. The same rules apply: no advertising, no analytics, no third-party export.

4. Location information

Location is central to Utopia because trades happen locally and in person. When you use location features:

  • You may type a state and city manually, search an address, or grant your browser’s location permission so we can pre-fill an approximate coordinate. We record a location_source value of either manual or gps to indicate where the data came from.
  • We store the latitude and longitude you chose with limited precision (currently up to seven decimal places in the database, but used at much lower precision in practice).
  • You may set a “trade radius” (default 25 miles) that controls how far afield the Service looks when surfacing “listings near you.”

4.1 How we use your location

  • To compute approximate distances between you and other users or listings (server-side, using a standard Haversine calculation) for the “nearby” experience;
  • To help you draft a meetup location and time in your trade conversation;
  • To populate your public profile with your city and state, if you have set them.

4.2 What other users can see

Other users can see the city and state you have entered (if you have entered them) and a calculated distance between their location and yours when they are browsing nearby listings or viewing the meetup section of a shared trade. Other users cannot see your raw latitude or longitude, your exact street address, or your trade radius.

4.3 Your control

You can update or remove your location at any time from Settings → Trading Preferences. You can also revoke your browser’s location permission at any time from your browser’s site-settings panel.

5. Content you create

As you use the Service, you create content that is stored and made available to other users or to Utopia, including:

  • Listings — cards you make available for trade, their conditions, optional grading data, photos, and any notes;
  • Messages exchanged within a trade conversation with another user;
  • Reviews and star ratings you leave after a completed trade;
  • Profile bio and profile picture, if you provide them;
  • Watchlist items, decks, bundles, collections, and wishlists.

5.1 Automated message scanning for safety

Messages sent within a trade conversation pass through an automated scam-detection scanner before they are delivered. The scanner looks for patterns commonly associated with off-platform payment scams — for example, requests for wire transfers, gift cards, prepaid cards, peer-to-peer payment apps, cryptocurrency, suspicious short-link URLs, and similar markers. Messages that match are flagged in our database with the reason. Flagged messages are still delivered to the other participant; flagging is a signal, not a block. Utopia staff may review flagged messages to investigate fraud and abuse.

The scanner is a deterrent, not a guarantee. Some scams will get through. You should independently evaluate every offer of off-platform payment with extreme skepticism.

5.2 Public, semi-public, and private content

  • Public: your username, display name, profile picture, profile bio, your active listings, your completed-trade count, your star average, and the public reviews other users have left for you.
  • Visible to a specific trade partner: messages you exchange with that user in their trade conversation, and the city/state and approximate distance you have shared.
  • Private to you and Utopia: your email, your password hash, your encrypted phone number, your raw latitude/longitude, your watchlist items, your private collections, and your unfinished drafts.

6. Card collection & trading data

Your card data lives in your account so that the Service can power listings, fairness scoring, bundle composition, and trade matching. We store:

  • The identifier of each card (the third-party identifier from the underlying TCG database) you have added to a collection, bundle, deck, watchlist, or listing;
  • The condition you selected (e.g. near mint, lightly played);
  • Optional grading data (PSA, BGS, CGC, or SGC; the numeric grade; and where applicable BGS subgrades for centering, corners, edges, and surface);
  • Quantities, notes, and the listing type (e.g. for trade, in collection only);
  • The history of trades you have proposed, accepted, declined, countered, and completed, and the cards involved in each.

Pricing data is fetched from third-party APIs (see Section 8) and cached on our servers so that the Service can compute trade fairness without sending each page-load to those third parties. The cache contains card identifiers and prices, not user data.

7. How we use information

We use the information described above to:

  • Authenticate you and keep your account secure (sign-in, refresh, lockout after repeated failures, rate limiting);
  • Run the core service — listings, search, fairness scoring, bundles, decks, collections, wishlists, watchlists, reviews, and trade conversations;
  • Power local discovery — compute approximate distance between users or listings using the latitude/longitude and radius you chose;
  • Deliver SMS verification codes through Twilio when you sign up or change sensitive account fields;
  • Coordinate meetups — let you propose and confirm a meetup time and location with the other party;
  • Protect users and the platform — detect, investigate, and act on fraud, abuse, harassment, scams, and other violations of the Terms of Service, including by reviewing flagged messages and suspending accounts where appropriate;
  • Send service notifications you have opted in to, such as new trade offers, replies, and price alerts on watchlisted cards;
  • Improve the Service — understand which features are working, fix bugs, monitor performance, and plan changes;
  • Comply with legal obligations and respond to lawful requests, subpoenas, and court orders;
  • Communicate with you about updates to these policies and other important matters.

8. How we share information

We do not sell your personal information. We do not rent it to advertisers, and we do not run third-party advertising or analytics SDKs in the Service. We share information only in the limited circumstances below.

8.1 Service providers we rely on

  • Twilio (SMS verification). When you sign up or change a sensitive field, we send your phone number to Twilio so that it can deliver a one-time verification code. Twilio acts as our processor for this purpose and is bound by its own privacy commitments.
  • Google Maps Platform / Google Fonts. The Service uses the Google Maps JavaScript API to render the small location map on the settings page, and the Google Fonts service to load the Inter and Manrope typefaces. When those assets load in your browser, Google receives your IP address and standard request metadata under its own privacy terms.
  • Card data providers — the Pokémon TCG API (pokemontcg.io), optcgapi.com, and Scryfall. We use these services to fetch card metadata and pricing. We send only card identifiers; we do not send personal information about you.
  • Cloud hosting and operations. Our application code, database, and object storage run on standard cloud-infrastructure providers under industry-standard contracts.

8.2 Other Utopia users

Other users can see the information described in Section 5.2 — in summary, your public profile (username, display name, profile picture, profile bio, completed-trade count, average rating, and public reviews left for you), your active listings, and, where applicable, your city and state and an approximate distance from their location to yours.

8.3 Legal, safety, and policy enforcement

We may disclose information if we reasonably believe it is required to (a) comply with valid legal process, lawful government requests, or applicable law; (b) protect the rights, property, or safety of Utopia, our users, or the public, including investigating fraud, scams, harassment, and other violations of our Terms of Service; or (c) enforce or apply our agreements.

8.4 Business transfers

If Utopia is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will provide notice (for example, via an in-app message or email) of any change in ownership or material change in how your information is used.

9. Security

We take security seriously and use a combination of organizational and technical controls to protect your information:

  • Passwords are hashed with bcrypt before storage; the plaintext never touches our database.
  • Phone numbers are encrypted at rest using Fernet symmetric authenticated encryption. A separate salted SHA-256 hash is stored for fast duplicate lookups.
  • Session authentication uses JSON Web Tokens (JWTs) signed by our backend. Access tokens are short-lived (about thirty minutes). Refresh tokens last about thirty days, or up to ninety days if you check “remember me” at sign-in.
  • Account lockout activates after five consecutive failed login attempts (currently fifteen minutes).
  • Rate limiting protects sensitive endpoints (sign-up, sign-in, SMS verification) against brute force and automated abuse.
  • HTTP security headers — including X-Content-Type-Options, X-Frame-Options, Referrer-Policy, X-XSS-Protection, and a restrictive Permissions-Policy — are set on all responses.
  • Transport security: traffic to the Service is served over HTTPS.
shield
No system is perfect

No method of transmission over the Internet, no method of electronic storage, and no organizational control is 100% secure. We do our best to protect your information, but we cannot guarantee its absolute security. You use the Service at your own risk and you are responsible for using a strong, unique password and keeping your device secure.

10. Data retention

We keep account information for as long as your account is active and for a limited additional period afterwards to allow you to restore the account, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. When you close your account from Settings → Danger Zone → Delete Account, we delete your account and associated personal data, subject to limited exceptions:

  • Records relating to completed trades with other users may be retained in those other users’ trade history so that their own records remain intact (your username and any public reviews you left may continue to appear in those contexts);
  • Records we are required to keep to comply with legal obligations (e.g. tax, audit, investigations into fraud or abuse) may be retained for as long as required by law;
  • Aggregated and de-identified data, which cannot reasonably be associated with you, may be retained for analytical and operational purposes;
  • Reasonable copies in our backups may persist for a limited rolling window before being overwritten.

11. Your rights and choices

You can exercise the following choices directly within the Service:

  • Access and correction — view and edit most of your information (display name, bio, profile picture, email, phone number, password, location, theme, notification preferences) from Settings.
  • Deletion — close your account at any time from Settings → Danger Zone → Delete Account.
  • Notification preferences — toggle in Settings.
  • Location — update, replace, or clear it in Settings; revoke browser location permission in your browser settings.

11.1 California residents (CCPA / CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended, including the right to: (a) know the categories and specific pieces of personal information we have collected about you and the categories of sources, business purposes, and third parties involved; (b) request deletion of personal information we hold about you; (c) request correction of inaccurate personal information; (d) opt out of any “sale” or “sharing” of personal information (we do not sell or share personal information as those terms are defined under the CCPA); (e) limit the use of sensitive personal information; and (f) not be discriminated against for exercising any of these rights.

To exercise any of these rights, email legal@utopiamarket.app from the address associated with your account. We will respond as required by law.

11.2 EEA, UK, and Switzerland (GDPR / UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the GDPR or UK GDPR, including the rights of access, rectification, erasure, restriction of processing, data portability, and objection, as well as the right to lodge a complaint with a supervisory authority. The legal bases on which we process your personal data are, depending on the activity: performance of a contract with you (to provide the Service you signed up for); our legitimate interests in operating, securing, and improving the Service; compliance with a legal obligation; and, where required, your consent (which you may withdraw at any time without affecting the lawfulness of processing already carried out).

To exercise any of these rights, email legal@utopiamarket.app.

12. Children’s privacy

Utopia is intended for users who are at least 18 years old (or the age of majority in their jurisdiction, whichever is greater). The Service is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us with personal information, please contact us at legal@utopiamarket.app and we will promptly take steps to delete it and terminate the account.

13. International users

Utopia is operated from the United States. If you access or use the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States. The data-protection laws of the United States may differ from those of your country. By using the Service, you consent to the transfer of your information to the United States and to the processing described in this Policy.

14. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects when it was last revised. If we make a material change — for example, expanding the categories of data we collect or the purposes for which we use it — we will provide reasonable notice (such as an in-app message or an email to the address associated with your account) before the change takes effect. Your continued use of the Service after the effective date is deemed acceptance of the updated Policy.

15. Contact

Questions, concerns, or requests about this Privacy Policy or your information should be sent to legal@utopiamarket.app.