Privacy Policy

Last updated: 15 April 2026

1. Introduction — Who We Are

KLASHR ("we", "us", "our") operates the KLASHR mobile application (the "App"), a free-to-play live sports prediction platform available on iOS. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the App. KLASHR is operated from Australia (ABN pending). By using the App, you acknowledge that you have read and understood this Privacy Policy.

If you have any questions about this policy or our data practices, you can contact us at privacy@klashr.com.

2. What Data We Collect

We collect the following categories of personal and non-personal information:

• Account data — phone number (for OTP verification via Firebase), Apple ID or Google account identity tokens (if you sign in via Apple or Google), username, and avatar selection (emoji-based, IDs 1–6).
• Usage data — predictions and votes you cast, questions you answer, event participation history, scores, streaks, leaderboard positions, season statistics, and Prediction DNA profile data.
• Device data — device model, operating system and version, push notification token (FCM), preferred locale, and timezone.
• Purchase data — records of in-app purchases including Balls (virtual currency) purchases and KLASHR+ subscription status. Payment processing is handled entirely by Apple or Google; we receive transaction confirmations and receipt data but never your payment card details.
• Analytics data — in-app events such as screen views, feature interactions, session duration, session count, and last active timestamp.
• Chat and social data — messages sent in event chats (public per-match), crew chats (private group), and direct messages; friend connections and referral codes; crew and tribe memberships; reports and blocks you submit.
• Location data — country-level location derived from your IP address. We do not access GPS, Bluetooth, or precise location data.
• Discovery source — if you tell us how you found KLASHR, we store that response.

3. How We Collect Data

We collect information in three ways:

• Directly from you — when you create an account, set a username, select an avatar, cast votes, send chat messages, create or join a crew, add friends, submit feedback or bug reports, make purchases, or tell us your discovery source.
• Automatically — when you use the App, we automatically collect device information, analytics events, session data, and country-level location from your IP address. We use local storage (MMKV) on your device to store preferences and session state.
• From third parties — we receive authentication tokens from Apple Sign In and Google Sign In when you use those services. We receive purchase confirmation data from Apple App Store and Google Play Store via RevenueCat. Firebase provides aggregated analytics and authentication services.

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

• Contract performance — processing necessary to provide you with the KLASHR service, including account creation, score calculation, leaderboard placement, and purchase fulfilment.
• Legitimate interests — processing necessary for our legitimate business interests, including improving the App, preventing fraud and cheating, ensuring platform safety, analysing usage patterns, and sending relevant push notifications. We balance these interests against your rights and only proceed where our interests are not overridden by your data protection rights.
• Consent — where you have given specific consent, such as opting in to push notifications or agreeing to receive promotional communications. You may withdraw consent at any time.
• Legal obligation — processing necessary to comply with applicable laws, regulations, or legal processes.

5. How We Use Your Data

We use the data we collect for the following purposes:

• Providing the service — authenticating your identity, maintaining your account, processing your predictions and votes, calculating scores and streaks, populating leaderboards, managing friend connections, enabling chat functionality, and delivering real-time event updates.
• Improving the App — analysing usage patterns and feature engagement to identify areas for improvement, debugging issues, and developing new features.
• Communication — sending push notifications about live events, results, streak reminders, social interactions, and service updates. You can manage notification preferences per category in the App's settings.
• Purchases and subscriptions — processing in-app purchases of Balls, managing KLASHR+ subscription status, and verifying purchase receipts.
• Safety and security — detecting and preventing fraud, cheating, multi-accounting, vote manipulation, and other abuse through device fingerprinting, vote pattern analysis, and rate limiting.
• Legal compliance — meeting our legal and regulatory obligations, responding to lawful requests from authorities, and enforcing our Terms of Service and Community Guidelines.
• Personalisation — generating your Prediction DNA profile based on your voting history, tailoring content recommendations, and providing relevant event suggestions.

6. Leaderboards and Public Profiles

KLASHR features global, seasonal, and country-based leaderboards. When you use the App, the following information is publicly visible to other users:

• Your username and avatar.
• Your rank tier, score, and leaderboard position.
• Your streak count and season statistics.
• Your crew and tribe memberships.

Your phone number, email address, Apple ID, and Google account details are never displayed publicly. If you wish to limit your public visibility, you may change your username at any time. Please choose a username that does not reveal personal information you wish to keep private.

7. Chat and Social Features

The App includes several social features:

• Event chat — public chat rooms associated with live sporting events. Messages are visible to all users viewing that event.
• Crew chat — private group chat within your crew. Messages are visible to all crew members.
• Direct messages — private messages between you and another user.
• Friend connections — you can add friends via referral codes or in-app search.

Chat messages are stored on our servers to provide message history and enable content moderation. We use automated systems and human review to monitor chat content for violations of our Community Guidelines. Users can report inappropriate messages or block other users directly in the App. We may retain reported content and moderation records for safety and legal purposes even after you delete your account.

8. Push Notifications

We use Firebase Cloud Messaging (FCM) to send push notifications. Notifications are organised into five categories: events, streaks, challenges, social, and achievements. Each category has daily frequency caps to prevent excessive notifications. You can:

• Opt out of push notifications entirely via your device settings.
• Manage notification preferences per category within the App's settings.

We store your FCM push token on our servers to deliver notifications. If you disable notifications, we retain your token but will not send you messages until you re-enable them.

9. Virtual Currency and Purchases

When you purchase Balls (virtual currency) or subscribe to KLASHR+, the transaction is processed entirely by the Apple App Store or Google Play Store. We receive a purchase receipt and confirmation of the transaction but never have access to your payment card number, bank account details, or billing address. We use RevenueCat to manage subscription status and purchase verification. Purchase history is retained for as long as your account is active to enable purchase restoration and customer support.

10. AI and Automated Decision-Making

KLASHR uses artificial intelligence and automated systems in the following ways:

• Question generation — we use Anthropic's Claude AI to generate prediction questions for sporting events. Your personal data is not sent to Anthropic as part of this process; only sporting event data is used.
• Prediction DNA — we analyse your voting history to generate a personalised Prediction DNA profile, including your risk profile (maverick, contrarian, balanced, or crowd follower), accuracy statistics, and category-level performance. This is generated using our own algorithms on our servers. Your Prediction DNA becomes available after you have cast at least 10 votes.
• Anti-cheat systems — we use automated systems to detect vote manipulation, multi-accounting, and other forms of cheating. These systems analyse device fingerprints, voting patterns, and account behaviour. If our systems flag suspicious activity, it may result in account restrictions. You can appeal any automated enforcement action by contacting support@klashr.com.
• Contrarian Genius — we automatically identify users who correctly predict against the crowd, using voting and outcome data.

You have the right to request human review of any decision made solely by automated processing that significantly affects you.

11. Data Sharing with Third Parties

We do not sell your personal data to anyone. We share data with the following third-party service providers, solely to operate and improve the App:

• Amazon Web Services (AWS) — cloud hosting, database storage (PostgreSQL on AWS), file storage (S3), message queuing (SQS), and data streaming (Kinesis). AWS processes all data stored on our servers. Data is hosted primarily in the AWS Asia-Pacific (Sydney) region.
• Firebase (Google) — phone number authentication via OTP, push notification delivery via FCM, and analytics event collection. Firebase receives your phone number, device token, and analytics events.
• Ably — real-time WebSocket infrastructure for live score updates, live vote counts, chat message delivery, and momentum bar updates. Ably processes message payloads and connection metadata.
• Sentry — crash reporting and error monitoring. Sentry receives device information, OS version, and error stack traces. It may incidentally receive limited user context (such as user ID) for debugging purposes.
• RevenueCat — in-app purchase and subscription management. RevenueCat receives your anonymous user identifier and purchase receipt data to verify and manage subscription status.
• Anthropic — AI question generation via the Claude API. Only sporting event data (match details, scores, team names) is sent to Anthropic. No personal user data is transmitted.
• RapidAPI / AllSportsAPI — live sports data feeds for tennis and other sports. No personal user data is sent to these providers; we only retrieve publicly available match and tournament data.
• Cloudflare — DNS management and email routing (for support@klashr.com and privacy@klashr.com). Cloudflare may process metadata related to email delivery.
• Apple / Google — authentication (Sign In with Apple, Google Sign In) and payment processing (App Store, Play Store). These platforms process data in accordance with their own privacy policies.

We may also disclose your information to law enforcement or government authorities when required by law, court order, or to protect the rights, safety, or property of KLASHR, our users, or the public.

12. Data Transfers

KLASHR is operated from Australia. However, some of our third-party service providers are based in or process data in the United States and other countries. When your data is transferred outside of Australia, the European Economic Area (EEA), or your home jurisdiction, we ensure appropriate safeguards are in place, including:

• Selecting service providers who maintain industry-standard security certifications (such as SOC 2 and ISO 27001).
• Entering into data processing agreements that include standard contractual clauses where required.
• Ensuring compliance with the Australian Privacy Principles (APPs) for cross-border data disclosure under APP 8.

For EU/EEA users, transfers to countries outside the EEA are conducted in accordance with Chapter V of the GDPR, using approved transfer mechanisms such as Standard Contractual Clauses (SCCs).

13. Data Retention

We retain your personal data for as long as your account is active and as needed to provide you with the App's services. Specific retention periods are as follows:

• Account data — retained while your account is active. Deleted within 30 days of account deletion.
• Voting and prediction history — retained while your account is active to maintain leaderboards, streaks, Prediction DNA, and season statistics.
• Chat messages — retained while your account is active. Deleted within 30 days of account deletion, except where messages have been reported or are subject to an ongoing investigation.
• Purchase records — retained for the duration required by applicable tax and financial regulations (typically seven years).
• Analytics data — aggregated analytics data (which cannot identify individual users) may be retained indefinitely.
• Moderation records — reports, blocks, and enforcement actions may be retained for up to two years after account deletion to prevent abuse.

When you delete your account, we initiate deletion of your personal data within 30 days. Some data may be retained longer where required by law, to resolve disputes, or to enforce our agreements.

14. Data Security

We implement industry-standard technical and organisational measures to protect your personal data, including:

• TLS encryption for all data in transit between the App and our servers.
• Encryption at rest for databases and stored files.
• Access controls and role-based permissions for internal systems.
• Rate limiting and abuse prevention mechanisms.
• Regular security reviews and monitoring.

While we take reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security and encourage you to protect your device with a strong passcode and keep your operating system up to date.

15. Your Rights — General

Regardless of your location, you have the following rights in relation to your personal data:

• Access — you may request a copy of the personal data we hold about you.
• Correction — you may request correction of inaccurate or incomplete data. You can update your username and avatar directly in the App.
• Deletion — you may request deletion of your account and associated personal data.
• Data portability — you may request an export of your data in a commonly used, machine-readable format.
• Objection — you may object to certain types of processing, such as processing based on legitimate interests.
• Withdrawal of consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at privacy@klashr.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

16. Your Rights — Australian Privacy Act

If you are an Australian resident, the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) apply to our handling of your personal information. Under the APPs, you have the right to:

• Request access to the personal information we hold about you (APP 12).
• Request correction of inaccurate, out-of-date, incomplete, or misleading personal information (APP 13).
• Make a complaint about our handling of your personal information.

If you are not satisfied with our response to a complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Statutory tort for serious invasions of privacy. Following the 2025 amendments to the Australian Privacy Act, individuals may have the right to bring a direct cause of action (statutory tort) for serious invasions of privacy. If you believe your privacy has been seriously invaded, you may contact us at privacy@klashr.com or lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

17. Your Rights — GDPR (EU/EEA Users)

If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) provides you with additional rights:

• Right of access (Article 15) — obtain confirmation of whether we process your data and request a copy.
• Right to rectification (Article 16) — have inaccurate personal data corrected.
• Right to erasure (Article 17) — request deletion of your personal data in certain circumstances ("right to be forgotten").
• Right to restriction of processing (Article 18) — request that we restrict processing of your data in certain circumstances.
• Right to data portability (Article 20) — receive your data in a structured, commonly used, machine-readable format.
• Right to object (Article 21) — object to processing based on legitimate interests, including profiling.
• Right not to be subject to automated decision-making (Article 22) — request human review of decisions made solely by automated processing that produce legal or similarly significant effects.

To exercise these rights, contact us at privacy@klashr.com. We will respond within 30 days. If you believe your rights have been infringed, you have the right to lodge a complaint with your local supervisory authority.

18. Your Rights — CCPA (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights:

• Right to know — you may request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share data.
• Right to delete — you may request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to opt out of sale — we do not sell your personal information. We have not sold personal information in the preceding 12 months.
• Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.
• Right to correct — you may request correction of inaccurate personal information.
• Right to limit use of sensitive personal information — you may direct us to limit the use of sensitive personal information to purposes necessary to provide the service.

To exercise these rights, contact us at privacy@klashr.com or submit a request through the App's support feature. We will verify your identity and respond within 45 days. You may designate an authorised agent to submit a request on your behalf.

19. Children's Privacy

KLASHR is rated 12+ on the App Store and is not directed to children under 12. We do not knowingly collect personal information from children under the age of 12. If you are a parent or guardian and believe that your child under 12 has provided us with personal information, please contact us at privacy@klashr.com and we will promptly delete the information.

Users aged 12 to 17 may use the App. We recommend that parents and guardians supervise their children's use of the App. We apply the same data protection standards to all users regardless of age. We do not engage in behavioural advertising targeting minors. We comply with the Children's Online Privacy Protection Act (COPPA) for users under 13 and apply heightened protections consistent with applicable child safety regulations.

20. Cookies and Local Storage

KLASHR is a native mobile application and does not use web browser cookies. However, we use the following local storage technologies on your device:

• MMKV — a high-performance key-value storage framework used to store your preferences, session state, notification settings, and onboarding progress locally on your device. This data does not leave your device unless you explicitly trigger a sync (e.g., by logging in on a new device).
• Secure storage — authentication tokens are stored securely on your device using platform-specific secure storage mechanisms.

You can clear local storage by deleting and reinstalling the App, though this will sign you out and reset local preferences.

21. Analytics and Tracking

We use Firebase Analytics (provided by Google) to collect anonymised and pseudonymised usage data, including screen views, feature interactions, and session statistics. This data helps us understand how users interact with the App, identify areas for improvement, and measure the impact of new features.

We also track custom analytics events specific to KLASHR, such as voting activity, leaderboard engagement, subscription conversions, and onboarding completion. These events are associated with your user ID for internal analysis but are not shared with third-party advertisers.

We do not serve third-party advertisements in the App. We do not share your data with advertising networks or data brokers.

22. Do Not Track Signals

KLASHR is a native mobile application and does not respond to web browser Do Not Track (DNT) signals, as these are not applicable to native apps. If you wish to limit data collection, you can adjust your device privacy settings, disable analytics in your device settings, or contact us to request data deletion.

23. Third-Party Links

The App may contain links to third-party websites or services, such as our support email, social media profiles, or external sports news sources. We are not responsible for the privacy practices or content of these third-party services. We encourage you to review the privacy policies of any third-party services you visit. Following a link to a third-party site is at your own risk.

24. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme within 30 days of becoming aware of the breach.
• Notify affected users as soon as practicable, providing details of the breach, the types of information involved, and recommended steps you can take.
• For EU/EEA users, notify the relevant supervisory authority within 72 hours as required by Article 33 of the GDPR.
• Take immediate steps to contain and remediate the breach.

25. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the App's features. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy.
• Notify you through the App via an in-app notification or push notification.
• Where required by law, seek your renewed consent before applying changes that affect the legal basis for processing.

We encourage you to review this policy periodically. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

26. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy enquiries: privacy@klashr.com
• General support: support@klashr.com

We aim to respond to all privacy-related enquiries within 30 days. If you are not satisfied with our response, you may contact the relevant data protection authority in your jurisdiction.