The Rugby Factory Pty Ltd

Privacy Policy

Last Updated: 27 February 2026

The Rugby Factory Pty Ltd (“TRF”, “we”, “our”, or “us”) is committed to protecting your privacy.

This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use The Rugby Factory mobile application and associated services.

1. Who We Are

TRF is an Australian company operating a global rugby talent platform.

Data Controller:
The Rugby Factory Pty Ltd
Nixon Street
Sydney, NSW, Australia
[email protected]

2. Information We Collect

2.1 Information You Provide

We may collect:

  • Name, email address, and date of birth

  • Password (securely hashed)

  • Phone number (mandatory for guardians; optional otherwise unless required for verification)

  • Player profile details

  • Performance statistics and verification videos

  • Posts, comments, messages, and other user-generated content

Payments processed via Stripe. We do not store full card numbers.

2.2 Automatically Collected

We may collect:

  • IP address

  • Device and browser information

  • Usage activity and interaction data

  • Approximate location based on IP

  • GPS location only where explicit consent is provided

You may revoke location permissions at any time in your device settings.

2.3 Verification Data

To protect platform integrity, we may process:

  • Date of birth reconfirmation

  • $0 credit card authorisation

  • Identity verification results via third-party providers

We receive only confirmation of verification status.

2.4 Fraud Prevention & Integrity

We collect limited device fingerprinting and IP reputation data solely for fraud detection and prevention.

3. Legal Basis (Where Applicable)

Where required by applicable law (including GDPR), we process personal data under:

  • Contract performance

  • Legitimate interests (security, fraud prevention, platform integrity)

  • Consent (marketing, GPS location)

  • Legal obligation

  • Parental consent for minors

Where we rely on legitimate interests, we balance those interests against your rights and freedoms.

4. How We Use Information

We use data to:

  • Operate and manage accounts

  • Enable rankings, discovery, and comparisons

  • Process payments

  • Moderate content and enforce Terms

  • Detect fraud and protect minors

  • Improve platform performance

5. How We Share Information

We do not sell, rent, or trade personal information.

We may share information with:

  • Service providers (hosting, payment, identity verification, analytics)

  • Sponsors (aggregated or anonymised data only)

  • Event organisers where you participate

  • Legal authorities where required

  • In connection with a merger, acquisition, or sale of assets

All service providers are contractually required to protect data.

6. Marketing

Marketing communications are strictly opt-in.

You may unsubscribe at any time.

Service-related communications (e.g., security alerts) may still be sent.

7. Security

We implement:

  • TLS encryption in transit

  • Encryption at rest

  • Role-based access controls

  • Monitoring and logging

  • Encrypted backups

No system is completely secure, but we maintain reasonable safeguards.

8. Children’s Privacy

  • Users 16+ may register independently

  • Users 13–15 must use a Guardian-Managed Profile

  • Children under 13 are not permitted

We do NOT:

  • Allow direct messaging to minors

  • Collect gym-based strength statistics under 16

  • Use children’s data for advertising

  • Share children’s data for marketing

All communications to Guardian-Managed Profiles are routed through the Guardian.

Guardians may request access, correction, deletion, or withdrawal of consent at any time.

9. Age Verification & Integrity

We may request additional verification to protect users and maintain platform integrity.

10. Reporting & Investigations

We investigate reports under legitimate interest to protect user safety.

Reporter identities remain confidential.

11. Your Rights

Depending on your jurisdiction (including under GDPR, the Australian Privacy Act, and applicable US state laws), you may have rights to:

  • Access

  • Correction

  • Deletion

  • Restriction

  • Portability

  • Object to processing

  • Withdraw consent

To exercise rights, contact: [email protected]

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au) or your local data protection authority.

12. Data Retention

We retain data only as necessary for operational, legal, and security purposes.

  • Active accounts: duration of account + 90 days

  • Payment records: 7 years

  • Investigation records: 24 months

  • Logs: 90 days

After the retention period, data is securely deleted or anonymised.

13. International Transfers

Our infrastructure may be located in the EU, Australia, and the United States.

Where personal data is transferred internationally, we rely on:

  • Standard Contractual Clauses

  • Adequacy decisions

  • Contractual safeguards

14. Cookies

We use cookies for:

  • Essential session management

  • Security

  • Analytics and performance

We do not use third-party advertising cookies.

15. Data Breach Notification

We notify affected users and regulators where required by applicable law.

16. Automated Decision-Making

Automated systems may assist in:

  • Content moderation

  • Bot detection

  • Ranking calculations

You may request human review of significant automated decisions.

17. Updates

We may update this policy. Material changes will be communicated via email or in-app notification.

18. Contact

[email protected]
[email protected]
[email protected]

Australian regulator: https://oaic.gov.au