Privacy Policy

Enzo Berther

Sonnenbergstrasse 127205 ZizersSchweiz

Email: info@sithvault.com

This policy explains which personal data may be processed when using SithVault, why it is processed, which service providers are used, and which rights users may have. The service is operated from Switzerland and is intended as an unofficial fan tool for Star Wars: Unlimited deckbuilding, card browsing, meta information, account-based deck sync, public profiles, billing-gated AI features, and related community features.

We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP). Where the EU/EEA or UK data protection rules apply to a particular user or processing activity, the relevant additional requirements are also considered.

When you visit this website, technically necessary access data may be processed, including IP address, access date and time, browser and device information, requested URL, and server log data. This data is required for operation, stability, security, and troubleshooting.

Application logs are kept deliberately limited and may include route, method, status, duration, feature-specific counters, and error codes. They are used to diagnose failures, monitor abuse, and keep the service available.

Authentication, user management, and billing-related access checks are provided through Clerk. If you create an account or sign in, Clerk andSithVault may process identifiers such as your Clerk user ID, email address, username, display name, profile image, account creation date, session information, plan/entitlement status, and similar account data.

Profile bio text is stored in Clerk public metadata and can be shown on public profile pages. Theme preferences are stored in the database together with your Clerk user ID. Internal AI access overrides may store your Clerk user ID, enabled status, expiry date, reason, grantor, and administrative notes.

Paid plans and subscription flows are handled through Clerk and its payment providers. SithVault receives the information needed to decide whether a feature is available, but does not store full payment card numbers.

Deckbuilder state is stored in your browser and, for signed-in users, can also be synced to the database. Stored deck data can include deck ID, deck name, format, leader card IDs, base card IDs, main deck card IDs and counts, sideboard card IDs and counts, visibility status, deck snapshot, creation date, update date, and owner Clerk user ID.

Public decks are visible to visitors and may be associated with your public username and profile. Private drafts are intended to be visible only to your signed-in account. Deck likes store the public deck ID, your Clerk user ID, and the like timestamp so that each signed-in user can like a deck only once. Like counts may be shown publicly.

SithVault uses browser storage and technically necessary cookies to provide app features. It does not use marketing cookies.

• swu.deckbuilder.decks: locally saved decks.
• swu.deckbuilder.activeDeckId: currently selected deck.
• swu.deckbuilder.deck: legacy local deck data used for migration.
• swu.deckbuilder.sealedPacks: local sealed pack state.
• swu.deckbuilder.sealedStage: local sealed workflow step.
• swu.cookie-consent.v1: stores that the cookie notice was acknowledged.

Clerk sets authentication cookies when you sign in or sign up. These cookies are required for account sessions and cannot be disabled without preventing login. The service worker may cache static app files and the offline page so the app can load more reliably.

You can delete local data and cached files through your browser settings.

Vercel Analytics is used to understand aggregate usage such as page views, referrers, device/browser information, and rough region-level usage. It is intended to be privacy-friendly and does not use third-party marketing cookies. Do not include personal data in URLs or search parameters.

AI-assisted deck generation, deck improvement, and RAG search are available only to signed-in users with the required access. When these features are used, selected card IDs, decklists, format, leader/base choices, goals, feedback, search queries, relevant card/rule/meta context, technical metadata, and generated responses may be processed by the server and sent to OpenAI as the configured AI service provider.

AI requests are rate-limited by Clerk user ID. OpenAI API requests are configured with response storage disabled where supported by the API, but OpenAI may still process and retain API data or abuse-monitoring logs according to its platform policies.

When importing a public SWUDB decklist, the SWUDB URL or deck ID you enter is sent to the server. The server retrieves the public decklist from SWUDB and converts it into the local deck format.

Card images and game information may be loaded from or refer to third party sources, including the official Star Wars: Unlimited CDN and public tournament/decklist sources. Public meta data may include player names, rankings, archetype names, tournament names, public decklists, and related event information from public sources.

We use service providers only as needed to operate the app. Depending on the feature used, recipients can include Vercel for hosting, analytics, logs, and deployment infrastructure; Neon for PostgreSQL database hosting; Clerk for authentication, user management, billing, session cookies, profile data, and access checks; OpenAI for AI and embedding requests; SWUDB for imported public decklists; Hostpoint for domain or related infrastructure services; and public content/CDN providers for card images and game data.

These providers may process data in Switzerland, the EEA, the United Kingdom, the United States, or other countries. If personal data is transferred abroad, we rely on the provider contracts, applicable adequacy decisions, standard contractual clauses, data processing agreements, or other recognized safeguards where required.

Data is processed to provide the website and account features, sync and publish decks, show public profiles, process likes, provide AI and RAG features, check paid or internal feature access, import public deck lists, improve reliability, measure aggregate usage, prevent misuse, protect security, respond to requests, and comply with legal obligations.

Depending on the use case, processing may be based on contract performance or pre-contractual steps, legitimate interests in operating and securing the service, consent, compliance with legal obligations, or the user's decision to publish information publicly.

Locally stored data remains in your browser until you delete it. Account data is kept while your account exists or as needed for legal, security, billing, or support purposes. Private and public deck data remains stored until it is deleted, unpublished, your account deletion request is handled, or it is no longer needed for the service. Likes remain stored until removed, the deck is deleted, the account deletion request is handled, or retention is otherwise no longer necessary.

Server logs, analytics data, and provider logs are retained only as long as necessary for operation, security, troubleshooting, analytics, legal obligations, or according to the provider's own retention rules.

SithVault does not make solely automated individual decisions with legal or similarly significant effects on users. AI outputs are generated suggestions, not binding decisions about users.

Depending on applicable data protection law, you may have rights to access, data portability, rectification, erasure, restriction of processing, objection, and withdrawal of consent. Requests can be sent to the contact address above.

Requests should identify the account or data concerned. We may need to verify your identity before acting on a request. If you believe that data processing is unlawful, you may contact the Swiss Federal Data Protection and Information Commissioner (FDPIC) or another competent supervisory authority.

This privacy policy may be updated if features, technical processes, or legal requirements change. The version published on this website applies.