Privacy Policy

Last updated: 04/17/2026

Information We Collect

Account Information

When you create a GenieGrove account, we collect:

• Email address
• Username and display name
• Password (hashed and securely stored — never stored in plaintext)
• Account creation date and last-login timestamps
• Profile information you choose to provide (avatar, bio, favorite parks, etc.)

Disney Account Information

If you choose to link your My Disney Experience ("MDX") account for Genie Magic or other integrations, we collect:

• Authentication tokens and session material issued by Disney's systems (stored encrypted at rest)
• Your Disney account identifiers (such as GUID) necessary to make bookings on your behalf
• Party members (names and ages) you choose to add to your booking parties
• Park tickets, reservations, and entitlement metadata needed to determine Lightning Lane eligibility
• Booking activity performed through Genie Magic — including successes, failures, and timing

Important: Your Disney password is never collected, stored, or transmitted to GenieGrove. Authentication is performed through Disney's systems, and we only receive the tokens needed to operate the services you have explicitly enabled. You can unlink your Disney account at any time from your profile settings.

Subscription & Payment Information

When you purchase Grove Plus or a Genie Magic plan, our payment processor (Stripe) collects and processes your payment details. GenieGrove receives and stores:

• Subscription status, plan type, and renewal date
• Payment transaction IDs and billing events (for accounting and support)
• The last four digits and card brand of your primary payment method

GenieGrove does not see or store your full card number, CVV, or banking credentials. All payment processing is handled by Stripe in accordance with their PCI-compliant systems.

Usage Information

We automatically collect information about how you use our Service:

• Pages visited, articles read, and features used
• Search queries and bookmark activity
• Device information (browser type, operating system, screen size)
• IP address and approximate location data
• Access times and session duration

How We Use Your Information

We use your information to:

• Provide, maintain, and improve the GenieGrove service
• Authenticate your account and maintain your session
• Operate Genie Magic on your behalf, based on the parameters you configure
• Display your public profile, bookmarks, decks, tier lists, and community posts
• Process subscription payments and manage billing
• Send service notifications (booking results, subscription events, security alerts)
• Send optional marketing emails (which you can opt out of at any time)
• Prevent fraud, abuse, and unauthorized access
• Comply with legal obligations and enforce our Terms

Information Sharing

Public Information

The following information is publicly visible by default:

• Your username and display name
• Your avatar and any profile fields you choose to make public
• Comments, threads, replies, and votes in the community
• Tier lists, Lorcana decks, and pin collections you choose to publish

You can control the visibility of your collections and profile fields from your account settings.

Third-Party Services

We share limited information with trusted service providers:

• Google Cloud Platform — secure data storage, hosting, and Cloud SQL database
• Stripe — payment processing for subscriptions
• The Walt Disney Company — when you use Genie Magic, we make authenticated calls to Disney's systems on your behalf using the tokens you authorized
• Email delivery providers — to send transactional emails (password resets, booking confirmations, billing notices)
• Analytics providers — aggregated, de-identified usage data to improve the platform

We do not sell your personal information, and we do not share your personal information with third parties for their own marketing purposes.

Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes, subpoenas, or court orders
• Protect our rights, safety, and property
• Investigate potential violations of our Terms
• Prevent fraud, security incidents, or abuse

Data Security

We implement a layered security program, including:

• Password hashing using industry-standard algorithms (bcrypt/argon2)
• Industry-standard encryption for sensitive session material and Disney authentication tokens, stored encrypted at rest
• Secure data storage on Google Cloud Platform with managed backups
• TLS encryption in transit for all traffic between your browser, our servers, and upstream APIs
• Access controls, audit logging, and principle-of-least-privilege for internal systems
• Regular dependency updates and security reviews

Disney Account Security

When you link your Disney account to GenieGrove:

• Your Disney password is never shared with or stored by GenieGrove
• Authentication tokens issued by Disney are encrypted before being written to our database
• Tokens are rotated and refreshed on Disney's schedule and revoked immediately if you unlink your account
• You can disconnect your Disney account at any time from your profile settings — doing so removes all stored tokens from our systems

Cookies & Analytics

GenieGrove uses cookies and similar technologies to:

• Keep you signed in across visits
• Remember your preferences (dark theme, selected section, etc.)
• Measure aggregate usage and performance
• Detect and prevent fraud or abuse

You can control or disable cookies through your browser settings. Disabling essential cookies may prevent you from signing in or using certain features.

Your Rights and Choices

Account Control

You can:

• Update your profile information at any time
• Change your password through account settings
• Link or unlink your Disney account
• Control the visibility of your collections and profile
• Cancel your subscription from your billing settings
• Delete your account and associated data

Data Access and Portability

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate information
• Export your data in a portable format
• Request deletion of your personal data
• Object to certain processing activities

To exercise these rights, email [email protected] with the subject line "Privacy Request". We will respond within 30 days.

California & EEA Residents

If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information is collected and to request deletion. If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the GDPR, including the right to lodge a complaint with a supervisory authority.

Data Retention

We retain your information:

• As long as your account is active
• For legitimate business purposes (fraud prevention, accounting, analytics)
• To comply with legal, tax, and regulatory obligations

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law (for example, billing records retained for tax purposes).

Disney Integration

GenieGrove's Genie Magic service interacts with The Walt Disney Company's systems on your behalf, using authentication material you have voluntarily provided. When you link your Disney account:

• You authorize GenieGrove to act on your Disney account to perform the services you have enabled
• Disney's Privacy Policy and Terms of Use apply to data processed by Disney
• We only retrieve and store information necessary to operate the services you have enabled
• You can revoke GenieGrove's access at any time by unlinking your account

GenieGrove is not affiliated with, endorsed by, or sponsored by The Walt Disney Company. For more information about Disney's data practices, please visit Disney's Privacy Center.

Children's Privacy

GenieGrove is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us at [email protected] and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. We encourage you to review this policy periodically. The "Last updated" date at the top of this page reflects the most recent revision.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• General: [email protected]
• Privacy Requests: [email protected] (subject: "Privacy Request")