Speedway Draft ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fantasy sports platform focused on Australian speedway racing.

We are based in Victoria, Australia, and comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy also addresses how we handle information from users in other jurisdictions, including compliance with applicable international privacy laws.

By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use our Service.

Personal Information

When you create an account or use our Service, we collect:

• Identity Information: Full name, display name, username
• Contact Information: Email address, contact form submissions
• Account Information: Encrypted password, account preferences
• Profile Information: Team name, profile picture, bio (optional)
• Authentication Data: Two-factor authentication settings for admin users

OAuth and Social Media Information

If you choose to sign up using OAuth providers, we collect:

• Google: Name, email address, profile picture, Google account ID
• Facebook: Name, email address, profile picture, Facebook user ID
• Twitter/X: Username, display name, profile picture, Twitter user ID
• Account Linking: OAuth tokens for authentication (stored securely)

We only access the minimum information necessary for account creation and authentication. We do not access your social media posts, friends lists, or other private information.

Fantasy Sports and Gaming Data

When you participate in fantasy leagues, we collect and store:

• Team Management: Driver selections, team compositions, budget allocations
• League Activity: League memberships, join requests, league creation history
• Performance Data: Points earned, rankings, competition history
• Game Interactions: Event entries, lineup changes, trading activity
• Communication: League messages, join request messages

Technical and Usage Information

We automatically collect technical information about your use of our Service:

• Device Information: Device type, operating system, browser type and version
• Connection Data: IP address, internet service provider, location data (city/region level)
• Usage Analytics: Pages visited, time spent on pages, click patterns, navigation paths
• Performance Data: Page load times, error logs, feature usage statistics
• Session Data: Login times, session duration, authentication events
• Cookies and Tracking: Authentication cookies, preference cookies, analytics cookies

Administrative and Support Information

• Support Communications: Contact form submissions, support emails, feedback
• Admin Activity: For admin users, we log administrative actions and system changes
• Compliance Data: Account verification information, age verification (where required)
• Security Logs: Login attempts, security incidents, suspicious activity

Primary Service Delivery

We use your information to:

• Account Management: Create, maintain, and authenticate user accounts
• Fantasy Sports Platform: Enable team creation, driver selection, and league participation
• Competition Management: Calculate points, maintain leaderboards, and track performance
• League Administration: Manage public and private leagues, process join requests
• Event Management: Provide access to current and historical speedway event data

Communication and Support

• Customer Support: Respond to inquiries, resolve issues, and provide assistance
• Service Updates: Send important notifications about service changes or maintenance
• Administrative Communications: Account security alerts, policy updates
• League Communications: Join request notifications, league updates

Service Improvement and Analytics

• Performance Monitoring: Analyze system performance and identify technical issues
• User Experience: Understand how users interact with our platform to improve features
• Feature Development: Identify popular features and areas for enhancement
• Usage Statistics: Generate aggregate, non-personal statistics about platform usage

Security and Compliance

• Security Monitoring: Detect and prevent unauthorized access or fraudulent activity
• Platform Integrity: Maintain fair play and prevent cheating or exploitation
• Legal Compliance: Comply with applicable laws and regulatory requirements
• Terms Enforcement: Monitor compliance with our Terms of Service

Legal Basis for Processing (Where Applicable)

Under applicable privacy laws, we process your information based on:

• Consent: Where you have provided clear consent for specific processing
• Contract Performance: To provide the services you've requested
• Legitimate Interests: To improve our services, ensure security, and communicate with users
• Legal Obligations: To comply with applicable laws and regulations

We are committed to protecting your privacy and do not sell, trade, or rent your personal information to third parties for marketing purposes. We may share your information only in the following specific circumstances:

Within Our Service - Public Information

Certain information is shared within our platform to enable the fantasy sports experience:

• League Participation: Your username/display name and team performance are visible to other league members
• Leaderboards: Public rankings may display usernames, team names, and scores
• Competition Data: Historical performance statistics within leagues you've joined
• Team Information: Your team composition may be visible to league members (depending on league settings)
• League Messages: Communications within leagues are shared with all league members

Essential Service Providers

We share limited information with trusted third-party service providers who assist us in operating our platform:

• Cloud Infrastructure: Database hosting and server management (data encrypted and access-controlled)
• Authentication Services: NextAuth.js and OAuth providers for secure login management
• Email Services: Transactional email providers for account notifications and communications
• Analytics Providers: Aggregated, anonymized usage data to improve platform performance
• Security Services: Fraud detection and prevention services to protect all users

All service providers are bound by strict confidentiality agreements and are only permitted to use your information for the specific services they provide to us.

Legal and Compliance Requirements

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Legal Obligations: Comply with applicable laws, regulations, or court orders
• Law Enforcement: Respond to valid requests from law enforcement agencies
• Platform Protection: Protect our rights, property, or safety, and that of our users
• Terms Enforcement: Investigate violations of our Terms of Service
• Fraud Prevention: Detect, prevent, or investigate security breaches or fraudulent activity

Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or part of our business, your personal information may be transferred to the acquiring entity. We will provide notice before your personal information becomes subject to a different privacy policy.

Consent-Based Sharing

We may share your information for other purposes only with your explicit consent. You can withdraw this consent at any time through your account settings or by contacting us.

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

Technical Safeguards

• Encryption: All sensitive data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption
• Secure Authentication: Password hashing using bcrypt with salt, OAuth integration for secure third-party login
• Database Security: Access-controlled databases with encrypted connections and regular security patches
• API Security: Rate limiting, input validation, and authentication tokens for all API endpoints
• Session Management: Secure session handling with automatic timeouts and regeneration

Administrative Safeguards

• Access Controls: Limited access to personal information by authorized personnel only
• Admin Security: Two-factor authentication required for all administrative accounts
• Regular Audits: Periodic security assessments and vulnerability testing
• Staff Training: Privacy and security training for all team members handling user data
• Incident Response: Established procedures for detecting and responding to security incidents

Physical Safeguards

• Secure Hosting: Cloud infrastructure with certified data centers and physical security controls
• Backup Security: Encrypted backups stored in secure, geographically distributed locations
• Network Security: Firewalls, intrusion detection, and network monitoring systems

Security Limitations

While we implement robust security measures, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security practices and will promptly notify you of any security incidents that may affect your personal information.

User Responsibility: You also play a role in keeping your information secure by using strong, unique passwords, not sharing your account credentials, and promptly reporting any suspicious activity.

We use cookies and similar tracking technologies to enhance your experience on our platform. This section explains what these technologies are and how we use them.

Types of Cookies We Use

• Essential Cookies: Required for basic platform functionality, including user authentication, session management, and security features. These cannot be disabled.
• Functional Cookies: Remember your preferences, settings, and login status to provide a personalized experience across sessions.
• Analytics Cookies: Help us understand how users interact with our platform, identify popular features, and improve overall user experience through aggregated data analysis.
• Performance Cookies: Monitor platform performance, load times, and technical issues to ensure optimal service delivery.

Cookie Management

You have control over cookie settings:

• Browser Settings: Most browsers allow you to view, manage, and delete cookies through your browser settings
• Functional Impact: Disabling certain cookies may limit some platform functionality
• Essential Cookies: Some cookies are essential for security and core functionality and cannot be disabled

Third-Party Tracking

We may use trusted third-party analytics services to help us understand platform usage. These services may use their own cookies and tracking technologies, subject to their own privacy policies. We ensure that any third-party analytics data is aggregated and anonymized to protect individual privacy.

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with our legal obligations.

Retention Periods

• Active Accounts: Personal information retained while your account is active and for reasonable periods after account closure
• Fantasy Data: League participation, team compositions, and performance data retained to maintain historical integrity of competitions
• Communication Records: Support communications and contact form submissions retained for up to 2 years
• Security Logs: Authentication logs and security-related data retained for up to 1 year for security and audit purposes
• Legal Requirements: Some information may be retained longer when required by applicable laws or regulations

Account Deletion

When you request account deletion:

• Personal Information: Removed within 30 days of deletion request
• Public Data: Your username in league standings may be anonymized rather than deleted to preserve competitive integrity
• Legal Retention: Information required for legal compliance may be retained in anonymized form
• Backup Systems: Information in backup systems will be deleted according to our backup retention schedule (typically within 90 days)

Data Archival

Some information may be archived in anonymized form for historical analysis and platform improvement. Archived data cannot be used to identify individual users and is subject to additional security controls.

Under Australian privacy laws and other applicable regulations, you have specific rights regarding your personal information. We are committed to facilitating the exercise of these rights.

Australian Privacy Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

• Access: Request access to your personal information and how we use it
• Correction: Request correction of inaccurate, out-of-date, incomplete, or misleading information
• Complaints: Lodge a complaint about our handling of your personal information
• Notification: Be notified of data breaches that may cause serious harm

Additional Rights

We also provide the following rights to enhance your privacy control:

• Account Deletion: Request permanent deletion of your account and associated data
• Data Portability: Request a copy of your data in a structured, machine-readable format
• Processing Objection: Object to certain types of data processing
• Marketing Opt-out: Unsubscribe from promotional communications (where applicable)
• Consent Withdrawal: Withdraw consent for specific data processing activities

Exercising Your Rights

To exercise any of these rights:

• Account Settings: Many preferences can be updated directly in your account settings
• Contact Us: Use our contact form or email [email protected]
• Identity Verification: We may require identity verification to protect your information
• Response Time: We aim to respond to all requests within 30 days

Complaint Resolution

If you have concerns about our privacy practices, we encourage you to contact us first. If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Speedway Draft is committed to protecting the privacy of children and complying with applicable laws regarding children's online privacy.

Age Requirements

• Minimum Age: Our service is not intended for children under 13 years of age
• Account Creation: Users must be at least 13 years old to create an account
• Parental Consent: Users under 18 should have parental permission to use our service

Children's Data Collection

We do not knowingly collect, use, or disclose personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete that information.

Parental Rights and Responsibilities

If you are a parent or guardian and believe your child has provided personal information to us:

• Contact Us Immediately: Email [email protected] with details
• Account Review: We will investigate and take appropriate action
• Data Deletion: We will promptly delete any information collected from children under 13
• Prevention Measures: We will implement additional safeguards to prevent future occurrences

As a service based in Australia that may serve users internationally, we want to be transparent about how your information may be transferred and processed globally.

Data Transfer Locations

Your personal information may be transferred to and processed in:

• Australia: Our primary data processing location in Victoria, Australia
• Cloud Services: Countries where our cloud infrastructure providers maintain data centers
• Service Providers: Locations where essential third-party services are operated

Transfer Safeguards

When transferring data internationally, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries with adequate privacy protection as recognized by Australian authorities
• Contractual Protections: Standard contractual clauses and data processing agreements with service providers
• Security Measures: Encryption and access controls for all international data transfers
• Provider Agreements: Binding agreements requiring third parties to maintain equivalent privacy standards

Your Rights Regarding Transfers

You have the right to be informed about data transfers and, in some cases, to object to specific transfers. If you have concerns about international data transfers, please contact us to discuss your options.

Our service integrates with and may link to third-party services and websites. This section explains how we handle these integrations and your privacy in relation to them.

OAuth Authentication Providers

We integrate with the following OAuth providers for authentication:

• Google: Subject to Google's Privacy Policy and Terms of Service
• Facebook: Subject to Meta's Privacy Policy and Terms of Service
• Twitter/X: Subject to X Corp's Privacy Policy and Terms of Service

When you use OAuth authentication, these providers may collect information about your interaction with our service according to their own privacy policies.

Third-Party Links and Content

• External Websites: We may link to external websites for additional information or services
• No Control: We do not control the content or privacy practices of linked websites
• Your Responsibility: Review the privacy policies of any external websites you visit
• No Endorsement: Links to external sites do not constitute endorsement of their practices

Analytics and Performance Services

We may use third-party analytics services to understand platform usage and improve our service. These services collect aggregated, anonymized data and are bound by privacy agreements that protect individual user information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational needs.

Types of Updates

• Minor Changes: Clarifications, contact information updates, or non-substantive changes
• Material Changes: Significant changes to data collection, use, sharing, or your rights
• Legal Updates: Changes required by new laws or regulations

Notification Process

We will notify you of privacy policy changes through:

• Website Notice: Updated "last modified" date at the top of this policy
• Account Notifications: In-platform notifications for significant changes
• Email Notifications: Direct email communication for material changes affecting your rights
• Prominent Display: Banner or pop-up notifications on our platform for major updates

Your Continued Use

By continuing to use our service after privacy policy updates take effect, you acknowledge that you have read and understand the revised policy. If you disagree with any changes, you may discontinue use of our service and request account deletion.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Regulatory Complaints

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• • Website: www.oaic.gov.au
• • Phone: 1300 363 992
• • Email: [email protected]