Sapphire Back home

Privacy Policy

Last updated: April 24, 2026

1. What we collect

  • Your email address (used for sign-in via magic link and service notifications).
  • Your Discord username and ID, if you choose to link Discord to your account.
  • The product URLs you paste into Sapphire to monitor.
  • Your Stripe customer ID and subscription status (not your card details — see below).
  • Encrypted Discord webhook URLs you add for alert delivery. These are encrypted at rest.
  • Basic server logs (IP, user agent, timestamps) for security, fraud prevention, and debugging.

2. What we don’t collect

  • Your payment card details. Stripe handles payment in full and Sapphire never sees card numbers or CVCs.
  • The content of your Discord servers, DMs, or any messages.
  • Your purchasing history at retailers. We know when a page you monitor changed — we do not know what you bought.
  • Ad-tracking cookies or cross-site analytics trackers.

3. What we use your data for

  • Deliver restock alerts to the webhooks you configure.
  • Process subscription payments via Stripe.
  • Send magic-link sign-in emails.
  • Respond to support requests and enforce our Terms of Service.

We do not sell, rent, or share your data for advertising.

4. Third-party processors

We rely on a small number of trusted vendors to operate the service:

  • Neon — Postgres database hosting.
  • Cloudflare — hosting, DNS, DDoS protection, and Turnstile bot mitigation.
  • Stripe — payment processing and subscription billing.
  • Resend — transactional and magic-link email delivery.
  • Discord — OAuth sign-in (if you link Discord) and webhook delivery.

5. Cookies

Sapphire uses only a NextAuth session cookie (so you stay signed in) and a Cloudflare Turnstile cookie (anti-bot protection on sign-in). We do not use advertising or cross-site tracking cookies.

6. Data retention

Deleting your account removes your profile, watches, webhook URLs, and subscription records from our active database. We retain payment records (via Stripe) for the period required by tax, accounting, and anti-fraud regulations. Server logs are kept for up to 90 days for security purposes.

7. Your rights

Depending on your jurisdiction (including GDPR and CCPA), you may have the right to access, correct, export, or delete your personal data. Email privacy@sapphiretcg.net and we will respond within 30 days.

8. Children

Sapphire is not directed at children under 13 (or 16 in the EU). If you believe a minor has created an account, contact us and we will delete it.

9. Changes to this policy

We may update this policy as the service evolves. Material changes will be announced by email or on-site banner before taking effect.

10. Contact

Privacy questions or data requests: privacy@sapphiretcg.net.