1. Information We Collect

To provide a secure and personalized experience, we collect the following information:

Personal Identification: Full name, date of birth, and phone number provided during onboarding.

Verification Data (KYC): Government-issued identification (e.g., driver's license or passport), a selfie for identity matching, and proof of address (utility bill or bank statement).

Financial Information: Linked bank account details, credit/debit card information, and transaction history.

Technical Data: IP address, device fingerprinting, and geolocation data to comply with regional regulations and prevent fraud.

Platform Usage: Your preferred AFL team, favorite players, and trading patterns.

2. How We Use Your Information

We use your data strictly for operational and regulatory purposes:

Identity Verification: To fulfill Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements.

Personalization: To tailor player recommendations and "Rising Stars" sections to your interests.

Security: To detect suspicious activity, prevent brute force attacks, and manage concurrent session limits.

Communication: To send trade confirmations, injury updates for your holdings, and account status notifications.

Analytics: To perform A/B testing and analyze user behavior for platform optimization.

3. Data Retention and Disclosure

Regulatory Compliance: We retain financial records as required by Australian law, even if an account is closed.

Data Deletion: Upon account closure, we remove personal information while maintaining anonymized transaction data for system integrity.

Third-Party Disclosure: Data may be shared with official AFL data feeds, payment gateways, and regulatory authorities for audit or legal enforcement purposes.

1. Account and Access Security

Authentication: We implement JWT token-based authentication and multi-factor authentication (MFA) to protect your account.

Encryption: All passwords are secured using industry-standard hashing, and sensitive data is transmitted via secure API gateways.

Biometrics: Mobile users can access the platform via Face ID or fingerprint recognition.

Session Management: We utilize refresh token rotation and automatic inactivity timeouts to prevent unauthorized access.

2. Financial and Transactional Safeguards

Fraud Detection: Our backend monitors trading velocity and volume anomalies to identify market manipulation or fraudulent transfers.

Atomic Transactions: All trades use atomic processing with rollback capabilities to ensure your funds and shares are never left in an inconsistent state due to system errors.

Audit Trails: Every financial movement is logged in a centralized system for dispute resolution and regulatory oversight.

3. Infrastructure Protection

Monitoring: We use a centralized logging system (ELK stack) and real-time health checks to monitor system performance and detect threats.

Backups: Automated database replication and backups are performed daily to ensure data integrity and disaster recovery.

Incident Response: In the event of a security breach, we maintain the authority to implement emergency trading halts or system lockdowns to protect user assets.