Privacy Policy

Last updated: April 2026

1. Who We Are

NephboxGames is a UK-based online retailer of trading card game singles. This policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data controller: NephboxGames — [email protected]

2. Data We Collect

When you place an order or create an account we may collect:

  • Name and email address
  • Delivery address (for shop orders)
  • Order history and transaction details
  • IP address and basic browser information (for security and fraud prevention)

If you create an account, we additionally store:

  • Your chosen display name and hashed password
  • Pack simulator pull history
  • Proxy generator and deck pricer history
  • Wish list data
  • Store credit balance

We do not store payment card details — all payments are handled by Stripe.

3. How We Use Your Data

Your data is used to:

  • Process and fulfil your orders
  • Send order confirmations and status notifications
  • Handle returns, refunds, and customer queries
  • Provide account features (order history, collection tracking, wishlists)
  • Meet our legal and tax obligations

We do not sell or share your personal data with third parties for marketing purposes.

4. Third-Party Services

Stripe — Payment processing. When you check out, your payment details are entered directly on Stripe's secure platform. Stripe's privacy policy applies to that data: stripe.com/gb/privacy.

Royal Mail — Your delivery name and address are shared with Royal Mail solely for the purpose of delivering your order.

YGOPRODeck — Card names and images displayed on this site are sourced from the public YGOPRODeck API. No personal data is shared with this service.

5. Cookies

We use a session cookie to keep you logged in and to maintain your shopping cart. This cookie is essential for the site to function and is deleted when you close your browser or log out. We do not use advertising or tracking cookies.

6. Data Retention

Sell and purchase order records (including customer name and email) are retained for 7 years to comply with HMRC requirements. This data is retained independently of your account.

All other account data — including your profile, tool history, and wish list — is deleted immediately when you delete your account.

7. Account Deletion

You can delete your account at any time from your profile page. Deleting your account permanently removes:

  • Your display name and login credentials
  • Pack simulator pull history
  • Proxy generator and deck pricer history
  • Wish list data
  • Store credit balance

Sell and purchase order records associated with your email address are retained for legal compliance and are not removed as part of account deletion.

8. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Delete your account and associated data directly via your profile page
  • Request erasure of retained order data (subject to legal retention obligations)
  • Object to or restrict processing of your data
  • Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise rights relating to retained order data, email [email protected].

9. Changes to This Policy

We may update this policy from time to time. The date at the top of this page will reflect the latest revision.