Privacy Policy

Last Updated: 09 March 2026 | Version: 2.0

1. INTRODUCTION

Harley Studio Pty Ltd (ABN: 24 688 789 184) (“Harley”, “Harley Meets”, “we”, “our”, or “us”) is committed to protecting your privacy and building a trustworthy relationship with our community. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services for sports and social events (collectively, the “Platform” or “Service”).

1.1 Our Privacy Commitment

At Harley, we collect only necessary data, protect it securely, give you meaningful control, and comply with privacy laws globally to support the growth and development of sports communities through responsible data use.

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. Our legal bases for processing your personal information are detailed in Section 4.6. If you do not agree with our policies and practices, please do not use our Service.

This Privacy Policy is governed by the laws of the State of Victoria, Australia, and complies with the Australian Privacy Principles (APP), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy and data protection laws in jurisdictions where we operate.

2. DEFINITIONS

“Content” means all information, data, text, software, music, sound, photographs, graphics, video, messages, tags, or other materials.

“Host” (also referred to as “Organiser”) means a Member who creates and manages events on the Platform.

“Member” means any person who has registered for an account on the Platform.

“Personal Information” has the meaning given in the Privacy Act 1988 (Cth).

“Platform” means the Harley mobile application, website, and all related services.

“Player” means any Member who registers to attend an event on the Platform.

3. INFORMATION WE COLLECT

We use your information for specific, legitimate purposes related to delivering and improving our sports and social events platform.

3.1 Information You Provide to Us

Account Information: Name, email address, password, and phone number (used primarily for account security and verification).

Profile Information: Profile picture, biography, sport preferences, skill level, and general location. You control visibility through your privacy settings.

Sports and Event Information: Sports you play, events you create or join, communities you participate in, content you post, and messages you send through the Service.

Payment Information: Payment details including credit card information, billing address, and transaction history. Full payment card details are processed through secure third-party payment processors and are not stored on our servers.

Communications: Information you provide when contacting customer support, providing feedback, or participating in surveys.

Health and Fitness Data: With your explicit consent, you may provide health-related information relevant to sports participation (e.g., injuries, medical conditions, fitness levels). This information is classified as sensitive information under applicable privacy laws and is subject to additional safeguards, including restricted access controls and separate storage. Health data is only used for the purpose of ensuring your safety during sports participation and is only shared with event organisers when necessary for safety purposes and with your permission. You may withdraw consent for health data processing at any time without affecting your ability to use the core features of the Service.

3.2 Information We Collect Automatically

Device Information: Device type, operating system, unique device identifiers, IP address, mobile network information, and browser type.

Usage Information: Time spent, features used, search queries, clicking behaviour, and pages viewed.

Performance and Error Data: Application crashes, error logs, and performance metrics to identify and fix technical issues.

Location Information: With your explicit consent, we collect precise location information from your device for features like finding nearby events, venues, and players. You can disable precise location sharing through your device settings while still using most Service features.

Cookies and Similar Technologies: On our website, we use cookies, web beacons, and similar tracking technologies to collect usage information and improve our Service. For detailed information about website cookies, refer to our Cookie Policy. In our mobile application, we use SDKs, mobile advertising identifiers, and local storage for equivalent purposes — see Section 14.2 of this Privacy Policy for details.

4. HOW WE USE YOUR INFORMATION

We use the information we collect for specific, legitimate purposes related to delivering and improving our sports and social events platform. Here’s how we use your information:

4.1 Essential Service Provision

  • Creating and managing your account
  • Connecting you with sports events, players, coaches, and communities
  • Facilitating communications between event organisers, coaches, and participants
  • Processing payments and registrations for events
  • Providing customer support and responding to inquiries

4.2 Service Improvement and Personalisation

  • Analysing usage patterns to enhance features and fix bugs
  • Developing new features based on community needs
  • Testing and improving platform performance
  • Recommending events, groups, and players matching your interests
  • Customising your feed based on sport preferences and activity
  • Developing and refining matching algorithms and recommendation systems

4.3 Communications

  • Sending essential service messages about your account or upcoming events
  • Providing updates about the Service, including new features and policy changes
  • Delivering marketing communications you’ve opted into (with easy opt-out options)
  • Sending reminders about events you’ve registered for or expressed interest in

4.4 Safety, Security, and Compliance

  • Verifying user identities to prevent fraud and ensure community trust
  • Monitoring for suspicious activity to protect user accounts
  • Enforcing our Terms of Service and Community Standards
  • Protecting user safety during sports and social events
  • Resolving disputes between users when necessary
  • Preventing automated data extraction and platform abuse
  • Complying with applicable laws and regulations
  • Responding to valid legal requests from authorities
  • Establishing, exercising, or defending legal claims

4.5 Business Operations and Analytics

  • Conducting market research and sports industry analysis using aggregated, anonymised data
  • Developing insights about sports participation trends and community needs
  • Creating reports and analytics for business development purposes
  • Supporting partnership discussions with sports organisations and potential investors
  • Measuring and improving business performance

We process your data based on: contract performance (service delivery), legitimate interests (security, fraud prevention, service improvement), consent (marketing, precise location, health data, non-essential cookies), and legal obligation (tax compliance, law enforcement). You may withdraw consent at any time without affecting prior lawful processing.

5. DISCLOSURE OF YOUR INFORMATION

We do not sell your personal information to third parties for their marketing purposes. We may disclose your information as follows:

5.1 Service Providers

We share information with carefully selected third-party vendors and service providers who perform services on our behalf. All service providers processing personal data on our behalf are bound by data processing agreements that require them to process data only on our instructions, implement appropriate security measures, and comply with applicable data protection laws. These service providers include:

  • Payment processing
  • Cloud hosting and data storage
  • Email and notification delivery
  • Customer support tools
  • Analytics and performance monitoring
  • Error tracking and crash reporting
  • Fraud prevention and identity verification

5.2 Sports Community Members

Event Organisers and Clubs: When you register for an event or join a club, organisers receive necessary information to manage your participation, including name, contact details, and relevant sports information.

Coaches and Instructors: When you book coaching services, relevant profile information and sports preferences are shared with your coach.

Team Members: When you join a team, basic profile information is shared with team members for coordination and communication.

5.3 Other Users

Information you provide in public areas of the Service is visible to other users based on your privacy settings. You control visibility through your privacy settings, which we encourage you to review regularly.

5.4 Business Development and Partnerships

We may share strictly anonymised, aggregated data with sports organisations, research institutions, and potential business partners for community development, market research, and sports participation studies. We apply robust anonymisation techniques, including minimum group size thresholds, to prevent re-identification. Individual user data is never shared for business development unless:

  • Required for merger, acquisition, or financing transactions (under strict confidentiality agreements)
  • You provide explicit consent for specific partnerships

Third parties receiving such data sign agreements prohibiting re-identification attempts.

We may disclose your information when required by law, in response to valid legal processes (court orders, subpoenas), to comply with regulatory requirements, or to protect the safety, rights, or property of our users, the public, or Harley. This includes enforcing our Terms of Service and protecting our intellectual property.

5.6 Business Transfers

If Harley is involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any ownership change or changes to uses of your personal information, as well as any choices you may have.

We may disclose your information for any other purpose with your explicit consent.

6. DATA RETENTION

We retain your personal information only as long as necessary to fulfil the purposes outlined in this Privacy Policy, including providing the Service, complying with legal obligations, resolving disputes, enforcing agreements, and supporting legitimate business purposes.

Retention Periods:

  • Active Accounts: Duration of account existence plus 2 years
  • Deleted Accounts: 90 days for complete deletion (allowing account recovery)
  • Transaction Records: 7 years for legal and tax compliance
  • Communication Records: 3 years from last communication
  • Technical and Usage Data: 2 years unless longer retention required for security
  • Anonymised, Aggregated Data: Up to 10 years for analytics, research, and business development purposes

We periodically review the necessity of retaining data, including anonymised data, and delete data that is no longer required for its stated purpose. When data is no longer required, we securely delete or anonymise it. You can request deletion of your data at any time through your account settings or by contacting us.

7. DATA SECURITY

We implement robust technical and organisational measures to safeguard your personal information, including:

  • Encryption of sensitive data in transit and at rest using industry-standard protocols
  • Regular security assessments and penetration testing
  • Access controls and multi-factor authentication for staff
  • Regular security training for our team
  • 24/7 security monitoring and incident response procedures
  • Physical security measures for facilities and data centers

Data Breach Response: If a breach risks your rights and freedoms, we notify relevant authorities within the timeframes required by applicable law (including within 72 hours where required under the GDPR and as soon as practicable under the Australian Notifiable Data Breaches scheme) and affected users without undue delay, including breach nature, likely impact, mitigation measures, and recommended user actions.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we use industry-standard technical and organisational measures to protect your information, we cannot guarantee absolute security.

8. INTERNATIONAL DATA TRANSFERS

As a global sports platform, your information may be transferred to and processed in countries other than your country of residence, including Australia, the United States, and countries where our service providers operate. These countries may have different data protection laws than your country.

We ensure appropriate safeguards are in place to protect your personal information during international transfers, including:

  • Using Standard Contractual Clauses approved by relevant authorities
  • Relying on adequacy decisions by the European Commission or other relevant authorities
  • Ensuring partners comply with applicable data protection laws
  • Implementing additional data security measures for international transfers
  • Conducting data protection impact assessments where appropriate

9. YOUR PRIVACY RIGHTS

We believe you should have meaningful control over your information. Depending on your location, you have specific legal rights regarding your personal information.

9.1 Access and Portability

You have the right to access the personal information we hold about you and receive a copy of your data in a structured, commonly used, machine-readable format (JSON). You can access most data directly through your account settings.

9.2 Correction

You can correct inaccurate or incomplete personal information by updating information directly in your account settings or contacting us for assistance.

9.3 Deletion and Restriction

You have the right to request deletion of your personal information in certain circumstances, request that we restrict processing of your information, or deactivate your account temporarily.

To request account deletion, you may use the account deletion feature in your account settings, or submit a written request by emailing us at support@harleymeets.com with “DELETE ACCOUNT” in the subject line. If emailing, please include your registered email address and username in the request. We will process your deletion request within 30 days and send you a confirmation email once completed.

You have the right to object to our processing of your information based on legitimate interests, withdraw consent previously given for certain processing activities, and opt out of marketing communications. Each marketing email contains an “unsubscribe” link.

9.5 Automated Recommendations and Profiling

Our matching algorithms may use profiling to recommend events and players based on your preferences and activity, but do not make decisions that significantly affect you without human oversight. You may request human review of any automated or profiling-based decisions, or opt out of personalised recommendations in your privacy settings.

9.6 Regional Rights

Australian Users: Under the Privacy Act 1988 and Australian Privacy Principles, you have the right to access and correct your personal information and complain about privacy breaches. Regulatory contact details are provided in Section 18.

European Users: Under GDPR, you have additional rights including data portability and restriction of processing. You may lodge complaints with your local Data Protection Authority.

California Residents: Under CCPA/CPRA, you have the right to know what personal information is collected, disclosed, or sold, and to opt out of sale. We do not sell personal information.

Other Jurisdictions: We comply with local privacy laws where we operate. Contact us to learn about specific rights in your jurisdiction.

To exercise these rights, contact us using details in Section 18. We will respond within the timeframe required by applicable law (typically 30 days).

10. CHILDREN’S PRIVACY

Our Service is designed for users aged 16 and older. We do not knowingly collect personal information from children under 16. If we learn we have collected information from a child under 16, we will delete that information from our servers within 72 hours and take reasonable measures to prevent similar collection.

If a parent or guardian becomes aware their child has provided us with personal information, they should contact us immediately using details in Section 18.

For sports events or activities that may include younger participants, event organizers are responsible for ensuring appropriate consent and supervision for participants under 16.

11. SPORTS-SPECIFIC PRIVACY CONSIDERATIONS

11.1 Event Photography and Recording

Many sporting events involve photography or recording. We require event organisers to inform participants if events will be photographed, allow you to opt out of promotional materials, provide guidelines regarding appropriate image use, and respect your right to request removal of your image from our platforms.

11.2 Performance Data

For competitive events, we may collect performance data such as scores, rankings, or statistics. This information helps track progress, provide meaningful competition, and may be displayed publicly as part of leaderboards or results. Performance data can be anonymised upon request in certain circumstances and is handled according to competitive standards of each sport.

11.3 Venue and Facility Information

We collect and share information about sports venues and facilities, including location and accessibility details, facility features, availability, and user reviews. This information is generally considered public and helps users find appropriate locations for sporting activities.

12. PLATFORM INTEGRITY AND INTELLECTUAL PROPERTY

To protect our Service, community, and intellectual property rights, users must not use automated tools to extract data, reverse engineer our systems, or compromise our intellectual property. Detailed restrictions are set forth in Sections 5 and 6 of our Terms of Service.

Harley owns all rights in aggregated, anonymised, and statistical data derived from Platform activity, and all insights, algorithms, models, and derivative works generated therefrom. This data does not constitute personal information and is not subject to individual data rights requests. This clause does not affect your rights in your personal information under applicable privacy laws. We may use such data for sports industry research, market insights, sports development initiatives, benchmarking tools, academic research partnerships, and public health studies.

Our Service may contain links to third-party websites, apps, or services not operated by us, and certain features may integrate with third-party services including social media platforms, payment processors, map services, sports-specific tools, and analytics services.

We have no control over and assume no responsibility for the content, privacy policies, or practices of third-party services. We encourage you to review the privacy policies of any third-party services you access through our Service. When we integrate third-party services, we conduct due diligence on potential partners’ privacy and security practices, carefully select partners with strong privacy practices, and limit data sharing to what is necessary for feature functionality.

14. COOKIES AND TRACKING TECHNOLOGIES

14.1 Website Cookies

On our website (harleymeets.com), we use cookies, web beacons, pixels, and similar tracking technologies to remember your preferences, authenticate your account, analyse usage, provide personalised content, measure marketing effectiveness, and prevent fraud and abuse. You can control website cookies through your browser settings or our cookie consent banner. For detailed information about cookies on our website, including how to manage your preferences, refer to our Cookie Policy.

14.2 Mobile Application Tracking Technologies

In our mobile application, we use similar tracking technologies that are not browser-based cookies but serve equivalent purposes. These include:

  • Software Development Kits (SDKs): Analytics and performance SDKs (such as Firebase and Google Analytics) that collect usage data, crash reports, and performance metrics
  • Mobile Advertising Identifiers: Device-level identifiers (such as Apple’s IDFA and Google’s GAID) used for analytics and advertising measurement
  • Local Storage: On-device storage for authentication tokens, user preferences, and cached data

Your Controls for In-App Tracking:

  • iOS: You can manage tracking permissions via Settings > Privacy & Security > Tracking. We comply with Apple’s App Tracking Transparency (ATT) framework and will request your permission before tracking your activity across other companies’ apps and websites
  • Android: You can manage advertising preferences via Settings > Google > Ads, including opting out of ads personalisation
  • In-App Settings: You can manage your tracking preferences within the app at Settings > Privacy

We do not enable non-essential tracking in the mobile application without your consent, consistent with the principles described in our Cookie Policy for website cookies.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes to our practices, new features, or legal requirements. When we make material changes, we will provide notice through our Service or by other means, update the “Last Updated” date at the top, re-obtain your consent where required by applicable law (including where changes affect the legal basis of processing), and for significant changes, provide 30 days’ advance notice where possible.

The updated Privacy Policy is effective when posted unless otherwise specified. We encourage you to review this Privacy Policy whenever you access the Service to stay informed about our information practices.

16. ELECTRONIC SIGNATURES AND COMMUNICATIONS

16.1 Electronic Signature Validity

You agree that electronic signatures, including clicking “I agree,” checking acceptance boxes, email confirmations, and digital consent mechanisms, have the same legal force and effect as handwritten signatures. This agreement complies with the Electronic Transactions Act 1999 (Cth), Electronic Transactions Act 2000 (Vic), and similar laws in other jurisdictions.

You consent to receive all communications from us electronically, including notices about this Privacy Policy, account information, legal disclosures, and other communications. Electronic communications satisfy any legal requirement for written communication and will be delivered via email, in-app notifications, or posting on the Platform.

17. INTERNATIONAL COMPLIANCE AND ENFORCEABILITY

17.1 Global Application

This Privacy Policy is designed for global enforceability while respecting local law requirements. Where local laws require modifications, those modifications apply only in the relevant jurisdiction.

17.2 Jurisdiction-Specific Provisions

European Union: GDPR compliance provisions apply to EU users. Additional data protection rights may be available. Unfair contract terms regulations may override certain provisions.

United States: State-specific consumer protection laws may apply. The Platform is not available to users under 16 years of age. Specific state privacy laws (including CCPA/CPRA) may grant additional rights.

Other Jurisdictions: Local consumer protection and privacy laws may grant additional rights. Specific provisions may be unenforceable where prohibited by local law. Alternative dispute resolution mechanisms may be required.

17.3 Severability

If any provision is found unenforceable in a particular jurisdiction, the provision will be modified to the minimum extent necessary for enforceability, the remainder of this Privacy Policy remains in full effect, and the unenforceable provision remains valid in other jurisdictions.

18. CONTACT INFORMATION

For questions, concerns, or notices regarding this Privacy Policy:

Legal Inquiries Email: legal@harleymeets.com For: Legal matters, partnerships, contracts

General Support Email: support@harleymeets.com For: Technical issues, account questions

Privacy Matters Email: privacy@harleymeets.com For: Privacy inquiries, data requests, complaints

Postal Address Harley Studio Pty Ltd (ABN: 24 688 789 184) 8B Theresa Street, Sunshine North, VIC 3020, Australia

Response Times:

  • General support: 5 business days
  • Urgent matters: 2 business days
  • Legal inquiries: 5 business days

19. GENERAL PROVISIONS

19.1 Entire Agreement

This Privacy Policy, together with our Terms of Service, Community Standards, Payment Policy, Cancellation and Refund Policy, Cookie Policy, and where applicable, our Release Waiver, constitutes the entire agreement between you and Harley regarding the collection, use, and disclosure of your personal information and supersedes all prior agreements and understandings. For data protection matters, this Privacy Policy prevails over any conflicting provisions in our other policies.

19.2 Waiver

No waiver of any term or condition shall be deemed a continuing waiver or waiver of any other term. Our failure to assert any right or provision does not constitute a waiver of that right or provision.

19.3 Assignment

You may not assign or transfer your rights under this Privacy Policy without our prior written consent. We may assign this Privacy Policy to any affiliate or successor entity without restriction. Any attempted assignment in violation of this section is void.

19.4 Relationship of Parties

This Privacy Policy does not create any partnership, joint venture, employment, or agency relationship between you and Harley. Neither party has authority to bind the other except as expressly provided in this Privacy Policy.

19.5 Language

This Privacy Policy is drafted in English. Any translations are provided for convenience only, and the English version controls in case of conflicts.

ACCEPTANCE

By using the Harley Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy, our Terms of Service, Cookie Policy, Community Standards, Payment Policy, Cancellation and Refund Policy, and where applicable, our Release Waiver.

This Privacy Policy is effective as of the Last Updated date shown above and applies to all users of the Harley Platform.