SHARP is a sports analysis and information service operated from Melbourne, Victoria, Australia. We operate the Platform at sharp.com.au and deliver AFL multi-bet research content to paying members.

For the purposes of this Privacy Policy, "SHARP", "we", "us", and "our" refer to the operator of the SHARP platform. "You" and "your" refer to any person who accesses, uses, or subscribes to SHARP.

Privacy enquiries and complaints should be directed to: [email protected]

We collect and hold the following categories of personal information:

We do not intentionally collect sensitive information as defined under the Privacy Act (including health, financial, or biometric information) unless you voluntarily provide it in a support communication. Where such information is received incidentally, it is treated with the highest level of protection and used only to respond to your enquiry.

We collect personal information through the following means:

• Account registration: When you create a SHARP account, you provide your name and email address directly.
• Subscription purchase: When you subscribe, billing information is processed by Stripe. We receive a payment confirmation and summary (tier, date, card type/last 4 digits) — we do not receive or store your full card number, CVV, or expiry date.
• Platform use: We automatically collect usage data and technical data when you access the Platform, including through cookies and server logs.
• Communications: When you contact us via email or support channels, we collect and retain those communications.
• Third-party providers: We may receive limited information from Stripe (billing confirmations), Supabase (authentication logs), and email delivery services.

We collect only the information that is reasonably necessary for our functions and activities. We will not collect personal information by unlawful or unfair means.

We use your personal information only for the purposes for which it was collected, or for directly related purposes you would reasonably expect. These purposes include:

• Providing the service: Creating and managing your account, processing subscription payments, delivering Content, and personalising cards with your member details;
• Security and integrity: Detecting and preventing account sharing, unauthorised access, fraud, and Content redistribution using session monitoring, IP logging, and device fingerprinting;
• Service communications: Sending round card availability notifications, billing receipts, account alerts, and important updates about the service;
• Customer support: Responding to your enquiries, resolving disputes, and processing refund requests;
• Legal compliance: Meeting our obligations under applicable law, including cooperating with regulatory investigations;
• Service improvement: Analysing usage patterns in aggregate (non-personally-identifiable form) to improve the Platform.

We may send you service-related communications and, where you have consented, information about new features or offerings. You can opt out of non-essential communications at any time by clicking the unsubscribe link in any email or by contacting [email protected]. Opting out of marketing communications will not affect your access to the Platform or receipt of essential account notifications.

We do not sell, rent, or trade personal information. We may disclose personal information to the following categories of third parties, strictly on a need-to-know basis and only to the extent necessary:

All third-party service providers are required to handle your personal information in accordance with applicable privacy law and our data processing requirements. We do not authorise any third party to use your information for their own marketing purposes.

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Security measures include:

• Encrypted data transmission using TLS/HTTPS across all Platform connections;
• Password hashing and secure authentication via Supabase Auth;
• Access controls limiting internal access to personal information on a need-to-know basis;
• Session logging and anomaly detection to identify suspicious account activity;
• Payment data handled exclusively by Stripe — SHARP does not store full payment card details;
• Regular review of security practices as the Platform develops.

While we implement commercially reasonable security measures, no system is perfectly secure. You are responsible for maintaining the confidentiality of your account credentials and should notify us immediately at [email protected] if you suspect unauthorised access to your account.

SHARP uses the following types of cookies and similar technologies:

• Essential cookies: Required for the Platform to function, including authentication session tokens. These cannot be disabled without impairing service functionality.
• Analytics cookies: Used to understand aggregate usage patterns and improve the Platform. Where used, analytics data is collected in pseudonymised or anonymised form.
• Security cookies: Used to detect and prevent fraud, account sharing, and unauthorised access.

SHARP does not use third-party advertising cookies or tracking pixels for the purpose of building advertising profiles. You may configure your browser to refuse cookies, but this may impact your ability to log in or use the Platform.

Some of our service providers are located overseas, including in the United States of America (Stripe, Supabase). When we disclose personal information to overseas recipients, we take reasonable steps to ensure those recipients handle information in a manner consistent with the Australian Privacy Principles.

In accordance with APP 8.1, before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient does not breach the APPs in relation to that information. Where an overseas recipient handles your information, you may have reduced recourse under Australian law if that recipient mishandles it, and by using our service you acknowledge this in accordance with APP 8.2.

We will not disclose your personal information to overseas recipients beyond those described in Section 5 without updating this Policy and, where required, obtaining your consent.

Under APP 12, you have the right to request access to the personal information SHARP holds about you. To make an access request, contact [email protected] with your name and member ID. We will respond within 30 days. We will provide access in the format you request where it is reasonable to do so. We may charge a reasonable fee for providing access where the request is complex or requires significant effort.

Under APP 13, if you believe information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request correction by contacting [email protected]. We will take reasonable steps to correct the information within 30 days.

You may request deletion of your personal information by contacting [email protected]. We will delete or de-identify your information where we are no longer required to retain it by law or legitimate business necessity. Note that some information may be retained for legal compliance, fraud prevention, and enforcement of our rights under the Terms and Conditions, even after account closure.

See Section 12 for information on how to make a privacy complaint.

You may opt out of non-essential communications at any time using the unsubscribe link in any email or by contacting [email protected]. You cannot opt out of essential service communications (such as billing receipts, account security alerts, or material changes to Terms).

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention guidelines are:

• Active account data: Retained for the duration of your membership;
• Post-cancellation account data: Retained for up to 2 years to allow reactivation, resolve disputes, and meet legal obligations;
• Billing records: Retained for 7 years in accordance with Australian taxation law;
• Security and session logs: Retained for 12 months for fraud and intellectual property enforcement purposes;
• Support communications: Retained for 3 years.

After the applicable retention period, personal information is securely deleted or de-identified.

SHARP is not intended for use by persons under the age of 18. We do not knowingly collect personal information from persons under 18. If we become aware that a person under 18 has provided us with personal information, we will take steps to delete that information and close the associated account. If you believe a person under 18 has registered with SHARP, please contact [email protected] immediately.

If you believe SHARP has handled your personal information in a way that does not comply with the Australian Privacy Principles or this Policy, you may lodge a complaint by:

• Emailing [email protected] with the subject line "Privacy Complaint";
• Providing your name, member ID, a description of your concern, and what outcome you are seeking.

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If we are unable to resolve your complaint within that period, we will notify you of the reason and a revised timeframe.

If you are not satisfied with our response to your complaint, or if you prefer to lodge a complaint directly with the regulator, you may contact the Office of the Australian Information Commissioner (OAIC):

For matters relating to personal information held by SHARP in Victoria, you may also contact the Office of the Victorian Information Commissioner (OVIC) at ovic.vic.gov.au, though OVIC's jurisdiction p