Privacy Policy

Last updated: June 15, 2026

This Privacy Policy outlines the data processing, collection, and security protocols enforced by PickleTour Pro Limited ("we," "us," or "our") when you access our SaaS platforms, APIs, and commercial services. We are absolutely committed to safeguarding your privacy and maintaining the integrity of enterprise sports data.

1. Data Controller vs. Data Processor

In the context of the EU GDPR and global privacy frameworks:

• As a Data Controller: We control the billing, administrative, and KYC/KYB data of our Enterprise Partners (the tournament organizers).
• As a Data Processor: For all athlete data, match scores, and participant PII uploaded to the platform, the Enterprise Partner acts as the Controller. We strictly process this data solely to provide the SaaS computing architecture on their behalf.

2. Information We Collect

A. Account & Billing Information: Corporate names, email addresses, tax identification numbers, physical addresses, and contact numbers provided during onboarding.

B. Technical & Usage Data: IP addresses, browser types, API call logs, error crashes, and geolocation data collected automatically to optimize server load balancing and prevent DDoS attacks.

C. PCI-DSS Payment Security: We DO NOT store, process, or transmit raw credit card numbers. All financial transactions are tokenized and handled directly by Level-1 PCI-DSS certified acquiring networks (e.g., Stripe, Paypal).

3. How We Process Your Data

We rely on legitimate commercial interests and contractual performance to process data for:

• Executing platform features, generating tournament brackets, and assigning Elo ratings.
• Fulfilling corporate billing, generating invoices, and enforcing Anti-Money Laundering (AML) checks.
• Issuing critical security alerts, service updates, and legal notices.

4. Data Sharing & Third-Party Sub-Processors

We do not sell your personal data to advertisers. Data is only shared with heavily vetted third-party sub-processors under strict Non-Disclosure Agreements (NDAs), including:

• Cloud Infrastructure Providers: Amazon Web Services (AWS) or Google Cloud Platform (GCP) for secure, encrypted hosting.
• Payment Service Providers: To clear fiat and cryptographic transactions safely.
• Law Enforcement: If compelled by a valid subpoena, court order, or HKSAR regulatory mandate.

5. International Data Transfers

Our primary server clusters are geographically distributed. By using PickleTour Pro, you consent to the cross-border transfer of data to jurisdictions that may have different data protection laws. We secure these transfers via Standard Contractual Clauses (SCCs) and high-grade TLS 1.3 cryptographic handshakes.

6. Data Security and Retention

We employ AES-256 encryption at rest and maintain robust firewall architectures. We retain your operational data for the duration of your active subscription. Upon account termination, financial ledgers are retained for 7 years to comply with HKSAR tax and accounting laws, while non-essential PII is securely purged within 30 days.

7. Data Breach Notification Protocols

In the highly unlikely event of a structural data breach that exposes unsecured Personal Identifiable Information (PII), we maintain strict protocols to notify affected Enterprise Partners and relevant HKSAR regulatory authorities within seventy-two (72) hours of threat validation, strictly complying with the breach notification standards set forth by the GDPR and international security mandates.

8. Your Privacy Rights

Under global frameworks like the GDPR, CCPA, and PDPO, you possess the right to: (1) Access your data; (2) Request corrections; (3) Demand erasure ("Right to be Forgotten"); (4) Restrict processing. To execute a Data Subject Access Request (DSAR), email help@pickletour.pro.

9. Contact Our Data Protection Officer