Privacy Policy

Last Updated: 01 November 2025 | Version: 1.0

1. INTRODUCTION

Harley Studio Pty Ltd ABN 24 688 789 184 (“Harley,” “Harley Meets,” “we,” “our,” or “us”) is committed to protecting your privacy and building a trustworthy relationship with our community. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services for sports and social events (collectively, the “Platform” or “Service”).

1.1 Our Privacy Commitment

At Harley, we collect only necessary data, protect it securely, give you meaningful control, and comply with privacy laws globally to support the growth and development of sports communities through responsible data use.

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by all terms of this Privacy Policy and our Terms of Service. If you do not agree with our policies and practices, please do not use our Service.

This Privacy Policy is governed by the laws of the State of Victoria, Australia, and complies with the Australian Privacy Principles (APP), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws globally.

2. INFORMATION WE COLLECT

We use your information for specific, legitimate purposes related to delivering and improving our sports and social events platform.

2.1 Information You Provide to Us

Account Information: Name, email address, password, and phone number (used primarily for account security and verification).

Profile Information: Profile picture, biography, sport preferences, skill level, and general location. You control visibility through your privacy settings.

Sports and Event Information: Sports you play, events you create or join, communities you participate in, content you post, and messages you send through the Service.

Payment Information: Payment details including credit card information, billing address, and transaction history. Full payment card details are processed through secure third-party payment processors and are not stored on our servers.

Communications: Information you provide when contacting customer support, providing feedback, or participating in surveys.

Health and Fitness Data: With your explicit consent, you may provide health-related information relevant to sports participation. This information is treated with extra care and is only shared with event organizers when necessary for safety purposes and with your permission.

2.2 Information We Collect Automatically

Device Information: Device type, operating system, unique device identifiers, IP address, mobile network information, and browser type.

Usage Information: Time spent, features used, search queries, clicking behaviour, and pages viewed.

Performance and Error Data: Application crashes, error logs, and performance metrics to identify and fix technical issues.

Location Information: With your explicit consent, we collect precise location information from your device for features like finding nearby events, venues, and players. You can disable precise location sharing through your device settings while still using most Service features.

Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect usage information and improve our Service. For detailed information, refer to our Cookie Policy.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for specific, legitimate purposes related to delivering and improving our sports and social events platform. Here’s how we use your information:

3.1 Essential Service Provision

  • Creating and managing your account
  • Connecting you with sports events, players, coaches, and communities
  • Facilitating communications between event organisers, coaches, and participants
  • Processing payments and registrations for events
  • Providing customer support and responding to inquiries

3.2 Service Improvement and Personalisation

  • Analysing usage patterns to enhance features and fix bugs
  • Developing new features based on community needs
  • Testing and improving platform performance
  • Recommending events, groups, and players matching your interests
  • Customising your feed based on sport preferences and activity
  • Developing and refining matching algorithms and recommendation systems

3.3 Communications

  • Sending essential service messages about your account or upcoming events
  • Providing updates about the Service, including new features and policy changes
  • Delivering marketing communications you’ve opted into (with easy opt-out options)
  • Sending reminders about events you’ve registered for or expressed interest in

3.4 Safety, Security, and Compliance

  • Verifying user identities to prevent fraud and ensure community trust
  • Monitoring for suspicious activity to protect user accounts
  • Enforcing our Terms of Service and Community Standards
  • Protecting user safety during sports and social events
  • Resolving disputes between users when necessary
  • Preventing automated data extraction and platform abuse
  • Complying with applicable laws and regulations
  • Responding to valid legal requests from authorities
  • Establishing, exercising, or defending legal claims

3.5 Business Operations and Analytics

  • Conducting market research and sports industry analysis using aggregated, anonymised data
  • Developing insights about sports participation trends and community needs
  • Creating reports and analytics for business development purposes
  • Supporting partnership discussions with sports organisations and potential investors
  • Measuring and improving business performance

We process your data based on: contract performance (service delivery), legitimate interests (security, fraud prevention, service improvement), consent (marketing, precise location, health data, non-essential cookies), and legal obligation (tax compliance, law enforcement). You may withdraw consent at any time without affecting prior lawful processing.

4. DISCLOSURE OF YOUR INFORMATION

We do not sell your personal information to third parties for their marketing purposes. We may disclose your information as follows:

4.1 Service Providers

We share information with carefully selected third-party vendors and service providers who perform services on our behalf, such as:

  • Payment processing
  • Cloud hosting and data storage
  • Email and notification delivery
  • Customer support tools
  • Analytics and performance monitoring
  • Error tracking and crash reporting
  • Fraud prevention and identity verification

4.2 Sports Community Members

Event Organisers and Clubs: When you register for an event or join a club, organisers receive necessary information to manage your participation, including name, contact details, and relevant sports information.

Coaches and Instructors: When you book coaching services, relevant profile information and sports preferences are shared with your coach.

Team Members: When you join a team, basic profile information is shared with team members for coordination and communication.

4.3 Other Users

Information you provide in public areas of the Service is visible to other users based on your privacy settings. You control visibility through your privacy settings, which we encourage you to review regularly.

4.4 Business Development and Partnerships

We may share strictly anonymised, aggregated data (minimum 50+ user groups to prevent re-identification) with sports organisations, research institutions, and potential business partners for community development, market research, and sports participation studies. Individual user data is never shared for business development unless:

  • Required for merger, acquisition, or financing transactions (under strict confidentiality agreements)
  • You provide explicit consent for specific partnerships

Third parties receiving such data sign agreements prohibiting re-identification attempts.

We may disclose your information when required by law, in response to valid legal processes (court orders, subpoenas), to comply with regulatory requirements, or to protect the safety, rights, or property of our users, the public, or Harley. This includes enforcing our Terms of Service and protecting our intellectual property.

4.6 Business Transfers

If Harley is involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any ownership change or changes to uses of your personal information, as well as any choices you may have.

We may disclose your information for any other purpose with your explicit consent.

5. DATA RETENTION

We retain your personal information only as long as necessary to fulfil the purposes outlined in this Privacy Policy, including providing the Service, complying with legal obligations, resolving disputes, enforcing agreements, and supporting legitimate business purposes.

Retention Periods:

  • Active Accounts: Duration of account existence plus 2 years
  • Deleted Accounts: 90 days for complete deletion (allowing account recovery)
  • Transaction Records: 7 years for legal and tax compliance
  • Communication Records: 3 years from last communication
  • Technical and Usage Data: 2 years unless longer retention required for security
  • Anonymised, Aggregated Data: Up to 10 years for analytics, research, and business development purposes

When data is no longer required, we securely delete or anonymise it. You can request deletion of your data at any time through your account settings or by contacting us.

6. DATA SECURITY

We implement robust technical and organisational measures to safeguard your personal information, including:

  • Encryption of sensitive data in transit and at rest using industry-standard protocols
  • Regular security assessments and penetration testing
  • Access controls and multi-factor authentication for staff
  • Regular security training for our team
  • 24/7 security monitoring and incident response procedures
  • Physical security measures for facilities and data centers

Data Breach Response: If a breach risks your rights and freedoms, we notify relevant authorities within 72 hours and affected users without undue delay, including breach nature, likely impact, mitigation measures, and recommended user actions.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. INTERNATIONAL DATA TRANSFERS

As a global sports platform, your information may be transferred to and processed in countries other than your country of residence, including Australia, the United States, and countries where our service providers operate. These countries may have different data protection laws than your country.

We ensure appropriate safeguards are in place to protect your personal information during international transfers, including:

  • Using Standard Contractual Clauses approved by relevant authorities
  • Relying on adequacy decisions by the European Commission or other relevant authorities
  • Ensuring partners comply with applicable data protection laws
  • Implementing additional data security measures for international transfers
  • Conducting data protection impact assessments where appropriate

8. YOUR PRIVACY RIGHTS

We believe you should have meaningful control over your information. Depending on your location, you have specific legal rights regarding your personal information.

8.1 Access and Portability

You have the right to access the personal information we hold about you and receive a copy of your data in a structured, commonly used, machine-readable format (JSON). You can access most data directly through your account settings.

8.2 Correction

You can correct inaccurate or incomplete personal information by updating information directly in your account settings or contacting us for assistance.

8.3 Deletion and Restriction

You have the right to request deletion of your personal information in certain circumstances, request that we restrict processing of your information, or deactivate your account temporarily.

To request account deletion, you must submit a written request by emailing us at support@harleymeets.com with “DELETE ACCOUNT” in the subject line. Please include your registered email address and username in the request. We will process your deletion request within 30 days and send you a confirmation email once completed.

You have the right to object to our processing of your information based on legitimate interests, withdraw consent previously given for certain processing activities, and opt out of marketing communications. Each marketing email contains an “unsubscribe” link.

8.5 Automated Recommendations

Our matching algorithms recommend events and players but don’t make decisions significantly affecting you without human oversight. You may request human review of algorithmic decisions or opt out of personalised recommendations in privacy settings.

8.6 Regional Rights

Australian Users: Under the Privacy Act 1988 and Australian Privacy Principles, you have the right to access and correct your personal information and complain about privacy breaches. Regulatory contact details are provided in Section 17.

European Users: Under GDPR, you have additional rights including data portability and restriction of processing. You may lodge complaints with your local Data Protection Authority.

California Residents: Under CCPA/CPRA, you have the right to know what personal information is collected, disclosed, or sold, and to opt out of sale. We do not sell personal information.

Other Jurisdictions: We comply with local privacy laws where we operate. Contact us to learn about specific rights in your jurisdiction.

To exercise these rights, contact us using details in Section 17. We will respond within the timeframe required by applicable law (typically 30 days).

9. CHILDREN’S PRIVACY

Our Service is designed for users aged 16 and older. We do not knowingly collect personal information from children under 16. If we learn we have collected information from a child under 16, we will promptly delete that information from our servers and take reasonable measures to prevent similar collection.

If a parent or guardian becomes aware their child has provided us with personal information, they should contact us immediately using details in Section 17.

For sports events or activities that may include younger participants, event organizers are responsible for ensuring appropriate consent and supervision for participants under 16.

10. SPORTS-SPECIFIC PRIVACY CONSIDERATIONS

10.1 Event Photography and Recording

Many sporting events involve photography or recording. We require event organisers to inform participants if events will be photographed, allow you to opt out of promotional materials, provide guidelines regarding appropriate image use, and respect your right to request removal of your image from our platforms.

10.2 Performance Data

For competitive events, we may collect performance data such as scores, rankings, or statistics. This information helps track progress, provide meaningful competition, and may be displayed publicly as part of leaderboards or results. Performance data can be anonymised upon request in certain circumstances and is handled according to competitive standards of each sport.

10.3 Venue and Facility Information

We collect and share information about sports venues and facilities, including location and accessibility details, facility features, availability, and user reviews. This information is generally considered public and helps users find appropriate locations for sporting activities.

11. PLATFORM INTEGRITY AND INTELLECTUAL PROPERTY

To protect our Service, community, and intellectual property rights, users must not use automated tools to extract data, reverse engineer our systems, or compromise our intellectual property. Detailed restrictions are set forth in our Terms of Service.

We reserve the right to use aggregated, anonymised data that cannot identify individual users for sports industry research, market insights, sports development initiatives, benchmarking tools, academic research partnerships, and public health studies.

Our Service may contain links to third-party websites, apps, or services not operated by us, and certain features may integrate with third-party services including social media platforms, payment processors, map services, sports-specific tools, and analytics services.

We have no control over and assume no responsibility for the content, privacy policies, or practices of third-party services. We encourage you to review the privacy policies of any third-party services you access through our Service. When we integrate third-party services, we carefully select partners with strong privacy practices and limit data sharing to what’s necessary for feature functionality.

13. COOKIES AND TRACKING TECHNOLOGIES

We use cookies, web beacons, pixels, and similar tracking technologies to remember your preferences, authenticate your account, analyse Service usage, provide personalised content, measure marketing effectiveness, and prevent fraud and abuse.

You can control cookies through your browser settings, but some Service features may not function properly if you disable certain cookies. For detailed information about our use of cookies, including how to manage your preferences, refer to our Cookie Policy.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes to our practices, new features, or legal requirements. When we make material changes, we will provide notice through our Service or by other means, update the “Last Updated” date at the top, obtain your consent if required by law, and for significant changes, provide 30 days’ advance notice where possible.

The updated Privacy Policy is effective when posted unless otherwise specified. We encourage you to review this Privacy Policy whenever you access the Service to stay informed about our information practices.

15. ELECTRONIC SIGNATURES AND COMMUNICATIONS

15.1 Electronic Signature Validity

You agree that electronic signatures, including clicking “I agree,” checking acceptance boxes, email confirmations, and digital consent mechanisms, have the same legal force and effect as handwritten signatures. This agreement complies with the Electronic Transactions Act 1999 (Cth), Electronic Transactions Act 2000 (Vic), and similar laws in other jurisdictions.

You consent to receive all communications from us electronically, including notices about this Privacy Policy, account information, legal disclosures, and other communications. Electronic communications satisfy any legal requirement for written communication and will be delivered via email, in-app notifications, or posting on the Platform.

16. INTERNATIONAL COMPLIANCE AND ENFORCEABILITY

16.1 Global Application

This Privacy Policy is designed for global enforceability while respecting local law requirements. Where local laws require modifications, those modifications apply only in the relevant jurisdiction.

16.2 Jurisdiction-Specific Provisions

European Union: GDPR compliance provisions apply to EU users. Additional data protection rights may be available. Unfair contract terms regulations may override certain provisions.

United States: State-specific consumer protection laws may apply. COPPA compliance for users under 13 (service not available to such users). Specific state privacy laws may grant additional rights.

Other Jurisdictions: Local consumer protection and privacy laws may grant additional rights. Specific provisions may be unenforceable where prohibited by local law. Alternative dispute resolution mechanisms may be required.

16.3 Severability

If any provision is found unenforceable in a particular jurisdiction, the provision will be modified to the minimum extent necessary for enforceability, the remainder of this Privacy Policy remains in full effect, and the unenforceable provision remains valid in other jurisdictions.

17. CONTACT INFORMATION

For questions, concerns, or requests regarding this Privacy Policy or to exercise your privacy rights:

General Support Email: support@harleymeets.com For: Technical issues, account questions Response Time: Within 48 hours (typically faster)

Account Deletion Requests Email: support@harleymeets.com Subject Line Required: “DELETE ACCOUNT” For: Account deletion requests only Response Time: Within 30 days

Legal Inquiries Email: legal@harleymeets.com For: Legal matters, partnerships, contracts Response Time: 5 business days

Privacy Matters Email: privacy@harleymeets.com For: Privacy inquiries, data requests, complaints Response Time: 5 business days

Postal Address Harley Studio Pty Ltd (ABN 24 688 789 184) 8B Theresa Street, Sunshine North, VIC 3020, Australia

Regulatory Authorities:

Australian Users Office of the Australian Information Commissioner (OAIC) Website: www.oaic.gov.au Phone: 1300 363 992

EU Users Contact your local Data Protection Authority Find authorities at: edpb.europa.eu/about-edpb/board/members_en

18. GENERAL PROVISIONS

18.1 Entire Agreement

This Privacy Policy, together with our Terms of Service, Community Standards, Payment and Cancellation Policy, and Cookie Policy, constitutes the entire agreement between you and Harley regarding the collection, use, and disclosure of your personal information and supersedes all prior agreements and understandings.

18.2 Waiver

No waiver of any term or condition shall be deemed a continuing waiver or waiver of any other term. Our failure to assert any right or provision does not constitute a waiver of that right or provision.

18.3 Assignment

You may not assign or transfer your rights under this Privacy Policy without our prior written consent. We may assign this Privacy Policy to any affiliate or successor entity without restriction. Any attempted assignment in violation of this section is void.

18.4 Relationship of Parties

This Privacy Policy does not create any partnership, joint venture, employment, or agency relationship between you and Harley. Neither party has authority to bind the other except as expressly provided in this Privacy Policy.

18.5 Language

This Privacy Policy is drafted in English. Any translations are provided for convenience only, and the English version controls in case of conflicts.

ACCEPTANCE

By using the Harley Platform, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service, our Privacy Policy, Cookie Policy, Community Standards, Payment Policy, Cancellation and Refund Policy, and where applicable, our Release Waiver.

This Privacy Policy is effective as of the Last Updated date shown above and applies to all users of the Harley Platform.