We're in beta. Help us improve by .
YourGrails
Back to YourGrails

Privacy

YourGrails Privacy Policy

Effective Date. 30 May 2026

This policy explains what information YourGrails collects, how it is used, how it is shared, and the choices available to users.

1. Who We Are

This Privacy Policy describes how YourGrails LLC, a Wyoming limited liability company ("YourGrails," "we," "us," or "our") collects, uses, shares, and protects personal information when you use our website at yourgrails.com, our mobile applications, and all related services (together, the "Service").

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, do not use the Service.

This Privacy Policy is incorporated into our Terms of Service.

2. Information We Collect

We collect three categories of information. Information you give us directly, information we collect automatically when you use the Service, and information we receive from third parties.

2.1 Information You Give Us

Account information. Username, email address, password, and account preferences.

Identity verification information. Full legal name, date of birth, government-issued ID, photo or selfie, residential address, and other information required to satisfy our Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations.

Contact information. Mailing address (for card redemption and shipping), phone number, and any other contact details you provide.

Wallet information. Public wallet address and connection metadata. We do not collect, store, or have access to your private keys or seed phrases.

Transactional information. Records of pack purchases, pack openings, Pack Battles, buyback exercises, redemption requests, and marketplace activity.

Payment information. Cryptocurrency transaction data, and, where you use a fiat onramp or payment processor, billing details transmitted through that processor. We generally do not store payment card numbers directly.

Communications. Messages you send to our support team, survey responses, and any feedback you provide.

User content. Profile photos, comments, posts, and any other content you submit through the Service.

2.2 Information We Collect Automatically

When you use the Service, we and our service providers automatically collect the following.

Device data. IP address, device type, operating system, browser type and version, screen resolution, and unique device identifiers.

Usage data. Pages viewed, features used, time spent, click paths, referring URL, and similar interaction data.

Location data. Approximate location derived from IP address, used in part to enforce geographic restrictions for Pack Battles and other features.

Cookies and similar technologies. As described in Section 6.

On-chain data. Activity associated with your connected wallet on the Avalanche blockchain. This data is public and is not unique to YourGrails.

2.3 Information From Third Parties

We may receive information from third parties, including the following.

Identity verification providers. Results of KYC and AML checks performed on our behalf.

Payment processors and fiat onramps. Confirmation of payment, fraud signals, and related metadata.

Analytics providers. Aggregated and individual-level data about how users interact with the Service.

Marketing partners. Information from influencers, affiliates, and advertising platforms that send users to the Service.

Public sources. Information from public blockchain explorers, public records, and publicly available social media.

Sanctions and risk databases. Information from sanctions screening providers and other compliance vendors.

3. How We Use Your Information

We use the information we collect for the following purposes.

Operating the Service. Creating and maintaining your account, processing pack purchases, executing Pack Battles, exercising buybacks, fulfilling redemption requests, and supporting marketplace activity.

Compliance. Completing KYC and AML checks, screening against sanctions lists, enforcing geographic restrictions, and meeting our obligations under applicable law.

Security and fraud prevention. Detecting and preventing unauthorized access, fraud, and abuse.

Communications. Responding to your inquiries, sending transactional notices (such as pack pull confirmations, buyback receipts, and shipping updates), and sending administrative messages.

Marketing. With your consent where required, sending newsletters, promotions, and product announcements. You may opt out at any time.

Analytics and product development. Understanding how users use the Service so we can improve features, fix bugs, and develop new offerings.

Legal. Responding to legal process, enforcing our Terms of Service, defending our legal rights, and protecting the safety of our users and the public.

Business transactions. Evaluating, negotiating, and completing financings, mergers, acquisitions, or asset sales.

4. Legal Bases for Processing (For Users in the European Economic Area and United Kingdom)

If you are in the EEA or UK, we rely on the following legal bases under the GDPR or UK GDPR.

Contract. Processing necessary to provide the Service to you under our Terms of Service.

Legal obligation. Processing necessary to comply with KYC, AML, sanctions, tax, and other applicable laws.

Legitimate interests. Processing necessary for security, fraud prevention, analytics, and improving the Service, where not overridden by your interests or rights.

Consent. For marketing communications and certain cookies, where required by law. You may withdraw consent at any time.

5. How We Share Your Information

We do not sell your personal information for money. We share information in the circumstances described below.

Service providers. Cloud hosting, KYC vendors, payment processors, customer support tools, analytics platforms, email providers, fraud prevention services, custodians, grading companies, shipping carriers, and similar vendors that process information on our behalf under contractual confidentiality obligations.

Other users. Limited public profile information (such as username) is visible to other users when you list cards for sale, win a Pack Battle, or otherwise interact publicly on the Service.

Public blockchain. When you transact on the Avalanche blockchain, your wallet address and transaction data are visible on the public ledger. This is a feature of all public blockchains and is not within our control.

Legal and safety. Government authorities, law enforcement, regulators, courts, or other third parties where we believe disclosure is necessary to comply with law, respond to legal process, or protect the rights, property, or safety of YourGrails, our users, or others.

Business transactions. Counterparties and their advisors in connection with a financing, merger, acquisition, sale of assets, or similar transaction, subject to appropriate confidentiality protections.

With your consent. Other recipients, where you direct us to share or otherwise consent to the sharing.

We may also share aggregated, anonymized, or de-identified information that does not reasonably identify you. This information may be used for any purpose.

6. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies to operate the Service, remember your preferences, analyze usage, and support marketing.

You can control cookies through your browser settings and through any cookie preferences tool we make available on the Service. Disabling certain cookies may affect the functionality of the Service.

7. Public Blockchain Disclosure

The Avalanche blockchain is a public, permanent ledger. Any transaction involving your wallet address is visible to anyone with internet access. This includes pack purchases, pack openings, Pack Battles, buyback exercises, transfers, and marketplace activity associated with your wallet.

We cannot delete, modify, or hide on-chain transactions. If you do not want your activity on the Service to be publicly visible, do not use the Service.

8. Data Retention

We retain personal information for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.

KYC records are generally retained for at least five (5) years after the closure of your account, or longer where required by law.

Transactional records are retained for the periods required by applicable financial recordkeeping laws.

On-chain data is permanent and outside our control.

9. Data Security

We use commercially reasonable administrative, technical, and physical safeguards to protect personal information. These include encryption in transit, access controls, vendor security review, and employee training.

No system is perfectly secure. We cannot guarantee that personal information will not be accessed, disclosed, altered, or destroyed by breach of our safeguards. You are responsible for protecting your account credentials and wallet keys. We are not responsible for losses caused by your failure to do so.

If we become aware of a data breach affecting your personal information, we will notify you as required by applicable law.

10. Children

The Service is not directed to children under eighteen (18) and we do not knowingly collect personal information from anyone under eighteen. If we learn that we have collected personal information from a person under eighteen, we will delete it. Parents or guardians who believe a child has provided personal information to the Service may contact us at support@yourgrails.com.

11. International Data Transfers

YourGrails is based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your country.

Where required by law, we use appropriate safeguards (such as Standard Contractual Clauses) to protect personal information transferred outside the EEA or UK.

12. Your Rights

Depending on where you live, you may have certain rights regarding your personal information.

12.1 California Residents

Under the California Consumer Privacy Act and California Privacy Rights Act, you may have the following rights.

The right to know what personal information we collect, use, share, and disclose.

The right to request deletion of personal information, subject to legal exceptions.

The right to correct inaccurate personal information.

The right to opt out of the sale or sharing of personal information for cross-context behavioral advertising. We do not sell personal information for money, and we will honor opt-out signals where required.

The right to limit the use of sensitive personal information.

The right to non-discrimination for exercising any of these rights.

To exercise these rights, contact us at support@yourgrails.com. We may need to verify your identity before responding.

12.2 EEA and UK Residents

Under the GDPR and UK GDPR, you may have the following rights.

The right of access to your personal information.

The right to rectification of inaccurate personal information.

The right to erasure (the "right to be forgotten"), subject to legal exceptions.

The right to restrict processing.

The right to data portability.

The right to object to processing based on legitimate interests.

The right to withdraw consent at any time, where processing is based on consent.

The right to lodge a complaint with a supervisory authority.

To exercise these rights, contact us at support@yourgrails.com.

12.3 Other Jurisdictions

Residents of other U.S. states and other countries may have similar rights under applicable law. Contact us at support@yourgrails.com to exercise rights in your jurisdiction.

12.4 Limits

Certain information cannot be deleted or modified because we are required to keep it under law (for example, KYC records and transaction logs). On-chain data is permanent and cannot be deleted by us.

13. Third-Party Services and Links

The Service may contain links to third-party websites, applications, or services that we do not operate. This Privacy Policy does not apply to those third parties. We are not responsible for their privacy practices. Review their privacy policies before providing them with personal information.

14. Do Not Track

Some browsers transmit "do not track" signals. We currently do not respond to these signals because there is no industry consensus on how to do so.

15. Changes to This Privacy Policy

We may update this Privacy Policy at any time. When we do, we will post the updated version on the Service and update the Effective Date above. Material changes will also be communicated by email or in-app notice. Continued use of the Service after the update constitutes acceptance.

16. Contact Us

Questions, requests, or complaints regarding this Privacy Policy or our data practices can be sent to the following.

YourGrails LLC Attn. Privacy 30 N Gould St Ste N, Sheridan, SHERIDAN COUNTY, WY 82801 USA

Email. support@yourgrails.com