Privacy Policy

Who We Are

TCG Calendar UAE provides a public calendar for trading card game events in the United Arab Emirates, plus public organizer, vendor, and venue pages. For privacy questions, contact TCG Calendar UAE through the public support or partner channels available on the site.

UAE Privacy Baseline

We treat UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data as the primary privacy baseline for our service. We aim to process personal data fairly, transparently, for clear purposes, and with appropriate security controls. Where consent is required, we ask for it or provide a clear choice. Where processing is necessary to operate the service, respond to a request, maintain security, comply with law, or protect legitimate interests, we limit the data used to what is reasonably needed for that purpose.

Website Information

The website may collect information submitted through public forms, advertising or sponsor inquiries, partner login flows, newsletter signups, invite flows, organizer or vendor profile workflows, event submission or management workflows, and related support messages. This may include names, business contact details, public profile information, event details, venue details, uploaded content, account login information for website-only partner/admin workflows, and technical logs needed to operate and secure the website.

The website also uses necessary cookies or browser storage for login sessions, security, form behavior, and remembering privacy choices. Optional website analytics are not enabled unless the visitor accepts analytics cookies.

Mobile App Information

The mobile app is an end-user app for public event discovery. It does not provide account creation, login, admin dashboards, organizer dashboards, vendor dashboards, profile claiming, event editing, moderation, imports, or private account workflows. The app may load public event, organizer, vendor, sponsor, and venue information from our public data sources. Saved events are stored locally on the device unless a later app version clearly says otherwise.

When a user chooses app features, the app may interact with device capabilities such as sharing, opening external links, requesting notification permission, or adding a public event to the device calendar. We do not use these features to collect contacts, payment data, precise GPS location, passwords, private account data, or device advertising identifiers.

Newsletter Signups

Newsletter signup is optional on both the website and mobile app. If you enter your email address and tick the newsletter consent checkbox, we send your email address, signup source, referrer where available, and the time of the request to beehiiv so it can add you to the TCG Calendar UAE mailing list, send event updates, manage delivery, prevent duplicate subscriptions, and provide unsubscribe tools.

Newsletter subscriptions are managed by beehiiv and are subject to beehiiv's Terms of Use and Privacy Policy. We reference those beehiiv policy URLs when recording newsletter consent proof.

To prove consent for API-created newsletter subscriptions, we store a server-side consent record in Supabase. This record may include your email address, normalized email address, signup source, consent accepted flag, consent text version (newsletter-consent-2026-05-13), consent text, privacy policy version (2026-05-13), privacy policy URL, beehiiv Terms of Use URL, beehiiv Privacy Policy URL, timestamp, request IP address, user agent, and beehiiv subscription status or response metadata.

Newsletter emails are marketing or community update communications. You can unsubscribe from newsletter emails using the unsubscribe link in any newsletter message. Unsubscribing from the newsletter does not remove public event, organizer, vendor, venue, or website account records that are processed for other purposes.

Website Analytics, Mobile Analytics, and Sponsor Reporting

With consent, the website may use PostHog Cloud EU or a similar analytics provider to understand aggregate site usage, measure page performance, and improve public event discovery. Website analytics may include page views, paths visited, referrer or campaign source, browser and device information, approximate region derived from network data, timestamps, and performance metrics. We configure website PostHog without session replay and without automatic click or form autocapture.

The mobile app may use PostHog Cloud EU or a similar analytics provider to understand aggregate app usage and improve the product. Mobile analytics may include anonymous screen views, app lifecycle events, public event list views, public event detail views, save and unsave actions, share actions, add-to-calendar actions, source-link clicks, public organizer/vendor/venue profile views, notification permission request results, and safe interaction events for non-sensitive buttons or controls.

The mobile app may also track sponsored placement performance, including sponsored placement renders, viewable impressions, promotion clicks, CTA clicks, sponsored public event views, sponsored public vendor views, campaign identifiers, sponsor slugs, placement names, creative identifiers, public entity slugs, placement position, city, game/category, entry type, and source screen. Sponsor reporting is aggregate and non-identifying.

Website and mobile analytics do not include raw search query text, names, emails, phone numbers, passwords, payment data, private account identifiers, Supabase user IDs, precise GPS coordinates, contacts, push notification tokens, IDFA, Android Advertising ID, GAID, AdMob identifiers, or session replay. We do not use AppTrackingTransparency prompts because the app is not designed to use IDFA or cross-company tracking for targeted advertising.

How We Use Information

We use information to operate the public calendar, publish and maintain event listings, manage website-only partner/admin workflows, respond to inquiries, send requested updates, prevent abuse, maintain reliability and security, measure aggregate product usage, understand sponsor placement performance, and comply with legal obligations.

Service Providers and Sharing

We may use service providers for hosting, databases, authentication, storage, transactional email, newsletter delivery, analytics, crash or reliability diagnostics, app distribution, and other operational services. These providers process information only as needed to provide their services to us. beehiiv is used for newsletter subscription management and email delivery. We may share aggregate, non-identifying usage statistics with sponsors, vendors, organizers, or partners. We do not sell personal data.

App Store and Google Play Disclosures

For Apple App Store privacy labels, optional newsletter signup means the app may collect Contact Info, specifically Email Address, when the user chooses to provide it. The email address is linked to the user and used for Developer's Advertising or Marketing through direct newsletter communications. We do not use the newsletter email address for cross-company tracking.

For Google Play Data Safety, optional newsletter signup should be disclosed as Personal info, specifically Email address, collected for app communications, marketing communications, and account/subscription management for the newsletter. The email address is shared with beehiiv as a service provider for newsletter processing and delivery.

International Transfers

We are focused on the UAE market, but our service providers may process information in the UAE, the European Union, the United States, or other locations where they operate. When information is transferred internationally, we use appropriate contractual, technical, and organizational safeguards for the service involved.

Retention

We keep information only for as long as reasonably needed for the purposes described in this policy, including operating the service, maintaining records, resolving disputes, enforcing terms, security, and legal compliance. Public event, organizer, vendor, venue, and sponsor records may remain visible while they are relevant to the public calendar or archived for operational history.

Your Choices and Rights

Depending on where you live, you may have rights to request access, correction, deletion, restriction, objection, portability, withdrawal of consent, or information about how your personal data is processed. UAE users may also raise privacy concerns through the applicable UAE data protection channels. To make a request to us, use the public support or partner contact channels available on the site.

Website visitors can accept or reject optional analytics cookies in the cookie banner and can change that choice later through Cookie settings. If a mobile app version includes anonymous analytics controls, users can disable anonymous analytics in the app settings. Device-level permissions, such as calendar or notification permissions, can also be managed through iOS or Android system settings.

Children

TCG Calendar is intended for general public event discovery and business/public community listings. It is not directed to children, and we do not knowingly collect personal data from children through the mobile app.

Changes

We may update this Privacy Policy as the website, mobile app, analytics configuration, sponsor reporting, app store requirements, or legal requirements change. The latest version will be posted on this page with the updated date above.