Back to home

Legal

Privacy Policy

Last updated: July 2, 2026

Operator: TCG CALENDAR Marketing Management

Trade Licence No.: 1624328

Licensing Jurisdiction: DET

Registered Address: Belgravia 3 Ellington, JVC, Dubai, UAE

Contact Email: support@tcgcalendar.ae

This Privacy Policy explains how TCG Calendar UAE handles information across the TCG Calendar website and the TCG Calendar mobile app for iOS and Android. We operate with UAE privacy requirements as the primary compliance baseline and also describe rights and disclosures commonly required by app stores and international privacy laws.

Who We Are

TCG Calendar UAE provides a public calendar for trading card game events in the United Arab Emirates, plus public organizer, vendor, and venue pages. For privacy questions, contact TCG Calendar UAE through the public support or partner channels available on the site.

UAE Privacy Baseline

We treat UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data as the primary privacy baseline for our service. We aim to process personal data fairly, transparently, for clear purposes, and with appropriate security controls. Where consent is required, we ask for it or provide a clear choice. Where processing is necessary to operate the service, respond to a request, maintain security, comply with law, or protect legitimate interests, we limit the data used to what is reasonably needed for that purpose.

Website Information

The website may collect information submitted through public forms, advertising or sponsor inquiries, partner login flows, newsletter signups, invite flows, organizer or vendor profile workflows, event submission or management workflows, and related support messages. This may include names, business contact details, public profile information, event details, venue details, uploaded content, account login information for website-only partner/admin workflows, and technical logs needed to operate and secure the website.

The website also uses necessary cookies or browser storage for login sessions, security, form behavior, and remembering privacy choices. Optional website analytics are not enabled unless the visitor accepts analytics cookies.

Vendor and Organizer Account Terms Acceptance Records

When a vendor or organizer creates, claims, re-accepts, or continues using a vendor or organizer account or profile after accepting the current TCG Calendar Vendor Account Terms or Organizer Account Terms, we store a server-side acceptance record in Supabase. This record may include the vendor or organizer account or profile ID, user or account ID, business name submitted or shown at acceptance time, accepted terms type, terms version or last-updated date, exact terms URL or document slug shown to the user, exact checkbox text shown to the user, acceptance timestamp in UTC, user email where available, IP address, user agent, browser/device/app version metadata where available, and the source flow such as signup, profile claim, profile edit, event application, event creation, event edit, event publish, vendor dashboard, organizer dashboard, or admin import.

We use these records to prove legal acceptance, manage vendor and organizer access, enforce current account terms, protect platform integrity, resolve disputes, and comply with legal, audit, and security obligations.

Mobile App Information

The mobile app is an end-user app for public event discovery. It does not provide admin dashboards, organizer dashboards, vendor dashboards, profile claiming, event editing, moderation, imports, or partner management workflows. The app may load public event, organizer, vendor, sponsor, and venue information from our public data sources.

When a user chooses app features, the app may interact with device capabilities such as sharing, opening external links, requesting notification permission, or adding a public event to the device calendar. We do not use these features to collect contacts, payment data, or precise GPS location. Device advertising identifiers are used only for consent-based app-install ads measurement, as described in the Mobile App Install Ads Measurement section below. The end-user profile feature currently uses generated avatars and does not collect uploaded profile photos or videos.

Mobile End-User Accounts

If the mobile app offers end-user accounts, account features are separate from website-only admin, vendor, and organizer workflows. End users may create or access an account using Supabase Auth with an email verification code, password setup, Sign in with Apple, or Google Sign-In. SMS or WhatsApp-based login may be added later only if the app clearly presents that option.

Account data may include email address, authentication identifiers, provider identifiers from Apple or Google, account creation and login timestamps, session tokens, display name, handle, generated avatar seed, profile visibility and discoverability settings, notification preferences, newsletter preferences, followed events, followed vendors, followed organizers, friend requests, friendship records, blocked-player records, in-app notification records, RSVP records, selected event days, optional arrival times, account deletion requests, and similar account-linked product actions. Passwords are handled by Supabase Auth and are not visible to TCG Calendar in plain text.

The app does not import a user's device contacts to find friends. Friend search uses display names and handles stored inside TCG Calendar. Handles may change over time, but account identifiers are used internally so existing friendships are not based only on the current handle text.

Before creating an end-user account or continuing with Apple or Google, the app may require the user to accept the current Terms of Use and Privacy Policy. We may store an account acceptance record including acceptance timestamp, accepted document version, accepted document URLs, signup or sign-in provider, account ID, app version, and related technical metadata needed to prove consent and operate the account.

The app stores authentication sessions on the device using secure native storage where available, so users can stay signed in. Users can sign out from the app. The mobile app provides an in-app account deletion flow from Profile, and users who cannot access the app may use the public Account Deletion page. Deletion requests may remove or anonymize the end-user account and account-linked personal data, subject to records we must keep for security, fraud prevention, legal compliance, dispute resolution, or platform integrity.

Mobile Social Features, RSVPs, and Blocking

Signed-in mobile users may create a display name and handle, receive a generated avatar, search for other players by name or handle, send and respond to friend requests, maintain a friends list, block players, follow events, vendors, and organizers, and set RSVP choices for events.

Depending on the feature and user settings, a user's display name, handle, generated avatar, friendship state, and relevant RSVP summary may be visible to other signed-in users, such as friends reviewing plans for an upcoming event or a user receiving a friend request. Blocked players should not be able to find the blocking user through friend search or send new friend requests while the block is active.

The app may create in-app notifications and, where the user grants device permission and keeps the relevant setting enabled, push notifications for friend requests, accepted friend requests, followed-event reminders, followed-event updates, vendor updates, organizer updates, and TCG Calendar product updates. Notification settings can be changed in the app, and device-level notification permissions can be changed in iOS or Android settings.

Newsletter Signups

Newsletter signup is optional on both the website and mobile app. If you enter your email address and tick the newsletter consent checkbox, we send your email address, signup source, referrer where available, and the time of the request to beehiiv so it can add you to the TCG Calendar UAE mailing list, send event updates, manage delivery, prevent duplicate subscriptions, and provide unsubscribe tools.

Newsletter subscriptions are managed by beehiiv and are subject to beehiiv's Terms of Use and Privacy Policy. We reference those beehiiv policy URLs when recording newsletter consent proof.

To prove consent for API-created newsletter subscriptions, we store a server-side consent record in Supabase. This record may include your email address, normalized email address, signup source, consent accepted flag, consent text version (newsletter-consent-2026-05-13), consent text, privacy policy version (2026-07-02), privacy policy URL, beehiiv Terms of Use URL, beehiiv Privacy Policy URL, timestamp, request IP address, user agent, and beehiiv subscription status or response metadata.

Newsletter emails are marketing or community update communications. You can unsubscribe from newsletter emails using the unsubscribe link in any newsletter message. Unsubscribing from the newsletter does not remove public event, organizer, vendor, venue, or website account records that are processed for other purposes.

Website Analytics, Mobile Analytics, and Sponsor Reporting

With consent, the website may use PostHog Cloud EU, Vercel Analytics, Vercel Speed Insights, Google Analytics, Google Tag Manager, or similar analytics providers to understand aggregate site usage, measure page performance, and improve public event discovery. Website analytics may include page views, paths visited, referrer or campaign source, browser and device information, approximate region derived from network data, timestamps, performance metrics, and safe interaction events for non-sensitive buttons or controls. We configure website PostHog without session replay and without automatic click or form autocapture.

We may also use Google Search Console to understand how Google Search discovers and indexes TCG Calendar. Search Console provides aggregate search performance, crawl, indexing, and technical SEO reports. It does not give us direct access to individual users' Google Search accounts, private search history, or personal Google profile data.

The mobile app may use PostHog Cloud EU or a similar analytics provider to understand aggregate app usage and improve the product. Mobile analytics may include anonymous screen views, app lifecycle events, public event list views, public event detail views, save and unsave actions, share actions, add-to-calendar actions, RSVP status updates, source-link clicks, public organizer/vendor/venue profile views, notification permission request results, and safe interaction events for non-sensitive buttons or controls.

The mobile app also collects anonymous performance and reliability metrics through Expo's EAS Observe service, such as app startup and screen loading times, time-to-interactive measurements, screen route names, app version, device model, and operating system version. These metrics are aggregate, are not linked to a user's identity, are not used for advertising or cross-company tracking, and are processed by Expo on our behalf solely to monitor and improve app performance and reliability.

The mobile app may also track sponsored placement performance, including sponsored placement renders, viewable impressions, promotion clicks, CTA clicks, sponsored public event views, sponsored public vendor views, campaign identifiers, sponsor slugs, placement names, creative identifiers, public entity slugs, placement position, city, game/category, entry type, and source screen. Sponsor reporting is aggregate and non-identifying.

Website and mobile analytics do not include raw search query text, names, emails, phone numbers, passwords, payment data, private account identifiers, precise GPS coordinates, contacts, push notification tokens, or session replay. Product analytics and performance monitoring do not use IDFA, the Android Advertising ID, GAID, or AdMob identifiers. Account-linked product actions are handled as account functionality, not cross-company advertising tracking. Device advertising identifiers are used only for app-install ads measurement as described in the next section, and on iOS only after the user allows tracking through the AppTrackingTransparency prompt.

Mobile App Install Ads Measurement (Meta)

We may run advertising campaigns on Meta platforms such as Facebook and Instagram to promote the TCG Calendar mobile app. To measure whether those campaigns lead to app installs, the mobile app includes the Meta (Facebook) SDK. The SDK may send Meta app-install and app-launch events together with technical metadata such as app version, device model, operating system version, and network information, and, where permitted, the device advertising identifier (IDFA on iOS, Google Advertising ID on Android). We do not share in-app activity such as searches, viewed events, RSVPs, follows, friends, or account details with Meta.

On iOS, the app shows the AppTrackingTransparency prompt before any Meta event is sent. If the user does not allow tracking, the advertising identifier is not used and Meta measurement falls back to Apple's SKAdNetwork framework, which reports installs to Meta in an aggregate, privacy-preserving way that does not identify the user or device. On iOS this choice can be changed at any time in iOS Settings under Privacy & Security, Tracking. On Android, the advertising identifier can be reset or deleted in device settings under Privacy, Ads.

Meta processes this measurement data under its own Privacy Policy. We receive campaign performance reports from Meta in aggregate form.

How We Use Information

We use information to operate the public calendar, publish and maintain event listings, manage website-only partner/admin workflows, respond to inquiries, send requested updates, prevent abuse, maintain reliability and security, measure aggregate product usage, understand sponsor placement performance, and comply with legal obligations.

Service Providers and Sharing

We may use service providers for hosting, databases, authentication, storage, transactional email, newsletter delivery, analytics, crash or reliability diagnostics, app distribution, and other operational services. These providers process information only as needed to provide their services to us. beehiiv is used for newsletter subscription management and email delivery. Expo (Expo Application Services) is used for mobile app build distribution, app updates, and anonymous app performance monitoring. Supabase is used for database, storage, authentication, and account sessions. Apple and Google may process login-related information when a user chooses Sign in with Apple or Google Sign-In. Expo may process device push tokens and delivery metadata when push notifications are enabled. PostHog may process mobile analytics events where configured. Google may also provide Search Console, Google Analytics, Google Tag Manager, Firebase, or Google Cloud services where configured. Meta Platforms processes app-install and app-launch events for advertising measurement as described in the Mobile App Install Ads Measurement section, subject to the user's tracking choices. We may share aggregate, non-identifying usage statistics with sponsors, vendors, organizers, or partners. We do not sell personal data.

App Store and Google Play Disclosures

For Apple App Store privacy labels, optional newsletter signup means the app may collect Contact Info, specifically Email Address, when the user chooses to provide it. The email address is linked to the user and used for Developer's Advertising or Marketing through direct newsletter communications. We do not use the newsletter email address for cross-company tracking.

For Google Play Data Safety, optional newsletter signup should be disclosed as Personal info, specifically Email address, collected for app communications, marketing communications, and account/subscription management for the newsletter. The email address is shared with beehiiv as a service provider for newsletter processing and delivery.

For Apple App Store privacy labels, anonymous app performance monitoring means the app may collect Diagnostics, specifically Performance Data. This data is not linked to the user's identity and is not used for tracking. For Google Play Data Safety, the same monitoring should be disclosed as App info and performance, specifically Diagnostics, collected for analytics and app functionality and processed by Expo as a service provider on our behalf.

For Apple App Store privacy labels, app-install ads measurement means the app may collect Identifiers, specifically Device ID (the advertising identifier), and this data may be used to track the user when the user grants AppTrackingTransparency permission. This is disclosed under Data Used to Track You as Device ID. For Google Play Data Safety, the same measurement should be disclosed as Device or other IDs (the advertising ID), collected and shared with Meta for advertising or marketing purposes.

If mobile accounts are enabled, App Store and Google Play disclosures should also cover account creation and account management data, including email address, name or display name, user identifiers such as handles and account IDs, device or push identifiers, profile information, authentication provider data, friend requests, friendship and blocked-player records, in-app notification records, and account-linked app activity such as follows, saved events, RSVP records, newsletter preferences, notification preferences, and account deletion requests, as applicable to the shipped feature set. The current end-user profile feature does not collect device contacts or uploaded profile photos.

International Transfers

We are focused on the UAE market, but our service providers may process information in the UAE, the European Union, the United States, or other locations where they operate. When information is transferred internationally, we use appropriate contractual, technical, and organizational safeguards for the service involved.

Retention

We keep information only for as long as reasonably needed for the purposes described in this policy, including operating the service, maintaining records, resolving disputes, enforcing terms, security, and legal compliance. Public event, organizer, vendor, venue, and sponsor records may remain visible while they are relevant to the public calendar or archived for operational history.

Your Choices and Rights

Depending on where you live, you may have rights to request access, correction, deletion, restriction, objection, portability, withdrawal of consent, or information about how your personal data is processed. UAE users may also raise privacy concerns through the applicable UAE data protection channels. To make a request to us, use the public support or partner contact channels available on the site.

Website visitors can accept or reject optional analytics cookies in the cookie banner and can change that choice later through . If a mobile app version includes anonymous analytics controls, users can disable anonymous analytics in the app settings. Device-level permissions, such as calendar or notification permissions, can also be managed through iOS or Android system settings. On iOS, users decide at the AppTrackingTransparency prompt whether the app may use the advertising identifier for ads measurement and can change that choice in iOS Settings under Privacy & Security, Tracking. On Android, users can reset or delete the advertising identifier in device settings under Privacy, Ads.

Mobile users can edit their display name and handle in the app, manage notification settings, unfollow events, vendors, or organizers, remove friends, manage blocked players, sign out, or request account deletion from Profile and App settings.

Children

TCG Calendar is intended for general public event discovery and business/public community listings. It is not directed to children, and we do not knowingly collect personal data from children through the mobile app.

Changes

We may update this Privacy Policy as the website, mobile app, analytics configuration, sponsor reporting, app store requirements, or legal requirements change. The latest version will be posted on this page with the updated date above.

Privacy choices

We use optional analytics cookies and similar technologies to measure site usage and performance. They are only used if you consent. You can read more in our policies.