Circulure Privacy Policy

Circulure respects your privacy and is committed to handling personal information fairly, transparently and securely.

This Privacy Policy explains how E-SportsLeague Pty Ltd, trading as Circulure ("Circulure", "we", "us" or "our"), collects, holds, uses, discloses, protects and otherwise handles personal information when you:

• visit circulure.com or another Circulure website;
• create or use a Circulure account;
• access Circulure’s applications, platform features or services;
• create or participate in adventures, gatherings, crews, guilds or groups;
• communicate with other users;
• contact us for support;
• submit a report, complaint or appeal;
• interact with our emails, notifications or social media accounts; or
• otherwise interact with Circulure.

Our websites, applications, platform features and related services are collectively referred to as the "Services".

By accessing or using the Services, you acknowledge that your personal information will be handled as described in this Privacy Policy.

Where consent is legally required, we will request it separately. Your general use of Circulure will not be treated as consent where express consent is required by law.

Circulure is operated by:

Legal entity

E-SportsLeague Pty Ltd

Trading name

Circulure

ACN

160 249 463

Registered address

2207/4 Sterling Circuit, Camperdown NSW, Australia

Website

circulure.com

Email

info@megerskill.com

For privacy enquiries, access requests, correction requests, account deletion requests or complaints, contact:

Email: info@megerskill.com

This Privacy Policy applies to personal information handled by Circulure in connection with the Services.

It does not govern:

• third-party websites, applications or platforms linked from Circulure;
• external venues, organisers or businesses promoted through Circulure;
• third-party payment services;
• third-party identity or age-assurance providers where they issue their own privacy notice;
• information independently collected by another user outside the Services; or
• employment records where an applicable legal exemption applies.

Third-party providers have their own privacy practices. You should review their privacy policies before providing them with personal information.

Personal information generally means information or an opinion about an identified individual or an individual who is reasonably identifiable.

Personal information may include information that is:

• accurate or inaccurate;
• recorded or unrecorded;
• provided directly by you;
• generated through your use of the Services; or
• received from another person or organisation.

Some categories of information may receive additional legal protection. These may include:

• health information;
• biometric information;
• racial or ethnic origin;
• political opinions;
• religious or philosophical beliefs;
• sexual orientation or sex-life information;
• trade union membership;
• criminal record information; and
• precise geolocation information.

We refer to these categories as sensitive information or special-category information where applicable.

The personal information we collect depends on how you use Circulure, the features you access and the choices you make.

You should not provide Circulure with:

• government identification information unless specifically requested through an authorised verification process;
• online banking passwords;
• financial-account passwords;
• authentication codes;
• another person’s sensitive information without permission or lawful authority;
• unnecessary medical information;
• your precise home address in a public profile;
• intimate or sexually explicit images;
• unlawfully obtained information;
• payment-card security codes; or
• content prohibited by our Terms or Community Standards.

You must not post another person’s personal information unless you have their permission or another lawful basis to do so.

Under Australian privacy law, Circulure seeks to collect only personal information reasonably necessary for its functions and activities.

Depending on the circumstances, we may handle information based on:

• providing a service you requested;
• performing our agreement with you;
• your consent;
• your reasonable expectations;
• our legitimate business functions;
• compliance with a legal obligation;
• prevention of unlawful activity;
• investigation of misconduct;
• protection against serious threats to health or safety;
• establishment or defence of legal claims; or
• another basis permitted by law.

Sensitive information will generally be collected only with consent unless an exception under applicable law permits otherwise.

Where we rely on consent, you may withdraw your consent at any time. Withdrawal will not affect processing that lawfully occurred before consent was withdrawn.

Where the European Union General Data Protection Regulation or United Kingdom General Data Protection Regulation applies, Circulure may rely on:

• performance of a contract;
• consent;
• explicit consent;
• compliance with a legal obligation;
• legitimate interests;
• protection of vital interests; or
• establishment, exercise or defence of legal claims.

Our legitimate interests may include:

• operating a functional social platform;
• improving the Services;
• protecting users;
• securing accounts;
• preventing fraud and abuse;
• understanding platform performance; and
• enforcing platform rules.

Where we rely on legitimate interests, we consider whether those interests are outweighed by your rights, interests or freedoms.

Circulure contains public, restricted and private areas.

Circulure may use automated systems to:

• recommend users;
• recommend adventures;
• recommend groups or guilds;
• rank content;
• rank search results;
• detect spam;
• detect suspicious activity;
• identify potentially harmful content;
• estimate user interests;
• identify duplicate or linked accounts;
• prioritise reports;
• support age-assurance checks;
• recommend safety actions; and
• assist moderators.

These systems may process:

• profile details;
• selected interests;
• selected city;
• activity preferences;
• connection information;
• interaction history;
• reports;
• account history;
• device information;
• security signals;
• content; and
• content metadata.

Recommendations do not guarantee that a person, event, group, organiser or activity will be safe, reliable, suitable or compatible.

Where an automated or assisted decision may significantly affect your account, rights or access to the Services, Circulure will provide human review where required or reasonably appropriate.

You may appeal significant moderation actions, including:

• account suspensions;
• account bans;
• age-related restrictions;
• removal from a feature;
• major visibility restrictions; and
• other significant enforcement decisions.

Circulure may use artificial intelligence or machine-learning tools to support:

• recommendations;
• search;
• content categorisation;
• moderation triage;
• fraud prevention;
• spam detection;
• customer support;
• translation;
• accessibility;
• image analysis;
• safety detection; and
• service improvement.

Circulure will not intentionally provide private user content to a third party for training a general-purpose artificial intelligence model unless:

• the practice is clearly disclosed;
• an appropriate legal basis exists;
• contractual safeguards are in place; and
• consent is obtained where required.

When an external AI provider processes information on our behalf, we will seek to:

• minimise the information disclosed;
• restrict the provider’s use of the information;
• prohibit unauthorised model training;
• apply security safeguards; and
• require deletion or return of information when appropriate.

Artificial intelligence output may be inaccurate.

Significant account-enforcement decisions should not be made solely on the basis of unreviewed AI output where doing so may unfairly or materially affect a user.

Circulure does not require most sensitive information to provide its core Services.

Users may nevertheless voluntarily reveal sensitive information through:

• profiles;
• biographies;
• messages;
• posts;
• guilds;
• groups;
• photographs;
• accessibility requests;
• reports;
• support communications; or
• adventure information.

We will collect or process sensitive information only where:

• it is reasonably necessary for a Circulure function or activity;
• you have consented;
• collection is required or authorised by law;
• collection is necessary to respond to a serious threat;
• collection is required to establish or defend a legal claim; or
• another legal exception applies.

Optional sensitive profile information should not be required for account registration and should be private or restricted by default where appropriate.

Circulure does not sell personal information for money.

Circulure also does not currently disclose personal information for cross-context behavioural advertising in a manner that would be treated as selling or sharing under applicable United States privacy laws.

If our practices materially change, we will:

• update this Privacy Policy;
• provide required notices;
• offer legally required opt-out controls; and
• recognise applicable browser-based privacy signals where required.

Circulure may display:

• Circulure promotions;
• sponsored adventures;
• paid placements;
• promoted groups;
• promoted businesses;
• contextual advertising; or
• promotions based on broad information such as city or selected interests.

Sponsored or paid content will be labelled where required.

Circulure will not use the following for personalised advertising:

• private messages;
• identity documents;
• age-assurance source data;
• sensitive information;
• private safety reports; or
• precise location.

Where tracking technologies are used for personalised advertising, Circulure will provide consent or opt-out controls as required by law.

Where permitted, Circulure may send marketing communications about:

• new features;
• membership options;
• adventures;
• events;
• promotions;
• surveys;
• community campaigns;
• partner offers; and
• other Circulure services.

You can unsubscribe by:

• selecting the unsubscribe link in an email;
• adjusting communication settings; or
• contacting info@megerskill.com.

Unsubscribing from marketing does not prevent Circulure from sending necessary operational communications, including:

• security alerts;
• account notices;
• password resets;
• legal notices;
• moderation notices;
• payment confirmations; and
• important service updates.

Circulure may use cookies, local storage, pixels, software development kits and similar technologies.

With your permission, Circulure may send push notifications relating to:

• messages;
• connection requests;
• crew activity;
• invitations;
• adventure updates;
• gathering updates;
• guild activity;
• account security;
• moderation outcomes;
• platform safety; and
• recommended content.

You may manage push notifications through:

• Circulure settings;
• your browser settings; or
• your device settings.

Notification previews may appear on your lock screen. You should configure your device’s preview settings where privacy is important.

Circulure may use service providers located in Australia and overseas.

Personal information may be stored in or accessed from countries where Circulure or its approved providers operate.

Potential locations may include:

• Australia;
• United States;
• European Union member states;
• United Kingdom;
• Singapore; and
• other jurisdictions used by approved providers.

The final published version of this Privacy Policy should identify the actual countries in which Circulure data is likely to be stored or accessed.

Before disclosing personal information overseas, Circulure will take reasonable steps required by applicable law to ensure the information receives appropriate protection.

For transfers from the European Economic Area, United Kingdom or other regulated jurisdictions, Circulure may use:

• adequacy decisions;
• standard contractual clauses;
• international data transfer agreements;
• contractual safeguards;
• valid consent; or
• another approved transfer mechanism.

Circulure takes reasonable technical and organisational measures to protect personal information from:

• misuse;
• interference;
• loss;
• unauthorised access;
• unauthorised modification;
• unauthorised disclosure; and
• unlawful destruction.

Security measures may include:

• encryption in transit;
• encryption at rest where appropriate;
• secure password hashing;
• access controls;
• role-based permissions;
• multi-factor authentication for privileged accounts;
• secure development practices;
• database security policies;
• logging;
• monitoring;
• rate limiting;
• backup systems;
• incident-response procedures;
• vulnerability management;
• provider due diligence;
• security testing;
• staff confidentiality requirements; and
• restriction of production-data access.

No internet-based service can guarantee complete security.

You are responsible for:

• protecting your password;
• using a unique password;
• securing your devices;
• signing out of shared devices;
• reviewing active sessions;
• protecting authentication codes; and
• reporting suspected unauthorised access.

Contact info@megerskill.com if you believe your Circulure account or personal information has been compromised.

Circulure maintains procedures for identifying, assessing and responding to suspected data breaches.

Where required by law, Circulure will notify:

• affected individuals;
• the Office of the Australian Information Commissioner;
• another relevant regulator; or
• other legally required recipients.

A breach notification may include:

• a description of the incident;
• the types of information involved;
• the likely risks;
• recommended protective actions;
• steps Circulure has taken;
• contact information; and
• other information required by law.

Circulure retains personal information only for as long as reasonably necessary for:

• providing the Services;
• account administration;
• safety;
• security;
• dispute resolution;
• legal compliance;
• fraud prevention;
• financial reporting; and
• defence of legal claims.

Indicative retention periods include:

Retention periods may be extended where:

• required by law;
• a complaint remains unresolved;
• legal proceedings are anticipated;
• fraud or abuse is being investigated;
• a legal hold applies;
• safety risks remain;
• a user has lodged an appeal; or
• information remains temporarily within protected backups.

Information that has been irreversibly aggregated or de-identified may be retained for a longer period.

You may request account deletion through:

• the account settings provided by Circulure; or
• email to info@megerskill.com.

When your account is deleted, Circulure will generally:

• disable account access;
• remove or anonymise your profile;
• remove your account from discovery;
• remove active connections;
• remove active crew membership;
• end active group or guild memberships; and
• begin deletion or de-identification of associated information.

Some information may remain where:

• another user retains a message;
• content forms part of a shared conversation;
• retention is required by law;
• retention is necessary for safety or fraud prevention;
• a complaint or dispute remains unresolved;
• information is needed to enforce our agreements;
• information is required to establish or defend legal claims;
• information remains temporarily in backups; or
• information has already been aggregated or de-identified.

Where removal would materially disrupt shared content or conversations, content may remain attributed to "Deleted User" or another anonymous label.

You may request access to personal information Circulure holds about you.

Some information may be available through:

• your profile;
• account settings;
• message history;
• connection lists;
• crew membership;
• guild membership;
• notification settings; and
• account export features.

To submit a formal access request, email:

info@megerskill.com

We may request information needed to verify your identity before providing access.

We may refuse or limit access where permitted by law, including where access would:

• unreasonably affect another person’s privacy;
• create a serious safety risk;
• reveal confidential information;
• prejudice an investigation;
• disclose legally privileged material;
• reveal information connected to legal proceedings; or
• otherwise be unlawful.

Where access is refused, we will generally explain the reason and available complaint options.

You may update much of your personal information through Circulure’s account and profile settings.

You may also ask Circulure to correct information that is:

• inaccurate;
• out of date;
• incomplete;
• irrelevant; or
• misleading.

Correction requests may be submitted to:

info@megerskill.com

We may request supporting information where reasonably necessary.

Where Circulure declines to make a requested correction, we will explain the decision where required by law and may allow you to associate a statement with the relevant record.

Depending on the available Circulure features, you may be able to control:

• profile visibility;
• visibility of individual profile fields;
• who may message you;
• who may send connection requests;
• who may invite you to adventures;
• who may view your crew activity;
• location permissions;
• push notifications;
• email notifications;
• marketing preferences;
• personalised recommendations;
• blocked users;
• muted users;
• cookie preferences;
• third-party connections;
• active sessions;
• data export; and
• account deletion.

Some processing is necessary to provide, secure and protect the Services and cannot be disabled while maintaining an active account.

You may block or report another Circulure user.

Blocking may:

• prevent direct messages;
• prevent connection requests;
• remove a connection;
• remove a crew relationship;
• restrict profile access; and
• reduce interactions between accounts.

Reporting may provide Circulure’s moderation team with:

• relevant content;
• account information;
• message context;
• screenshots;
• report details; and
• associated safety information.

To protect users and reduce retaliation, Circulure generally will not disclose the identity of a reporting user to the reported person.

Information may nevertheless be disclosed where required by law or reasonably necessary to provide procedural fairness.

Subject to applicable law and exemptions, users in the European Economic Area and United Kingdom may have rights to:

• access personal data;
• correct inaccurate personal data;
• request deletion;
• restrict processing;
• object to processing;
• receive portable personal data;
• withdraw consent;
• object to direct marketing;
• request safeguards relating to certain automated decisions; and
• complain to a supervisory authority.

Requests may be submitted to:

info@megerskill.com

You may also complain to the data-protection authority in the country where you live, work or believe an infringement occurred.

This section applies where the California Consumer Privacy Act applies to Circulure.

Subject to applicable law and exceptions, California residents may have rights to:

• know the categories of personal information collected;
• know the sources of that information;
• know the purposes for collection;
• know the categories of recipients;
• access specific personal information;
• request deletion;
• request correction;
• opt out of sale or sharing;
• limit certain uses of sensitive personal information;
• receive equal treatment without unlawful discrimination; and
• opt out of certain automated decision-making uses where applicable.

Depending on how Circulure operates, categories of information collected may include:

• identifiers;
• account information;
• commercial information;
• internet or network activity;
• approximate or precise geolocation;
• visual or electronic information;
• professional information;
• education information;
• inferences;
• account credentials;
• private communications; and
• voluntarily provided sensitive information.

Requests may be submitted to:

info@megerskill.com

Where legally required, Circulure will also provide appropriate:

• "Your Privacy Choices" controls;
• sale or sharing opt-out mechanisms;
• support for recognised browser privacy signals; and
• request-verification procedures.

Where practical, you may interact with publicly available Circulure content without identifying yourself.

Account-based features require some identifying or contact information so Circulure can:

• maintain your account;
• authenticate access;
• protect users;
• prevent abuse;
• send security notices; and
• provide requested functionality.

You may be able to use a username or display name rather than displaying your legal name.

Circulure may still require accurate information where necessary for:

• age assurance;
• payments;
• legal compliance;
• account recovery;
• safety investigations; or
• enforcement of platform rules.

Circulure may create aggregated or de-identified information that no longer reasonably identifies an individual.

We may use this information to:

• analyse trends;
• measure platform activity;
• produce community statistics;
• improve the Services;
• evaluate features;
• conduct research;
• identify safety patterns;
• prepare business reports; and
• communicate with partners or investors.

Circulure will not attempt to re-identify de-identified information except:

• to test the effectiveness of de-identification;
• for security purposes;
• for compliance purposes;
• where authorised by law; or
• under appropriate safeguards.

Circulure may link to or integrate with:

• mapping providers;
• venues;
• ticketing services;
• social networks;
• payment providers;
• event organisers;
• video platforms;
• business websites; and
• other third-party services.

Circulure does not control the privacy practices of independent third parties.

When you interact with an external service, your information may be handled under that service’s own privacy policy and terms.

If Circulure undergoes a:

• merger;
• acquisition;
• financing;
• restructuring;
• insolvency;
• sale;
• transfer of assets; or
• change in control,

personal information may be transferred to a successor or prospective successor.

We will take reasonable steps to ensure the recipient:

• handles information consistently with this Privacy Policy;
• complies with applicable privacy law;
• protects the information appropriately; and
• provides notice of material changes where required.

Circulure may update this Privacy Policy to reflect:

• new platform features;
• changes in law;
• changes to service providers;
• improved privacy or security practices;
• business changes; or
• changes in how information is handled.

The "Last updated" date at the beginning of this Privacy Policy will show when it was most recently revised.

For material changes, Circulure may provide notice through:

• email;
• an in-app notification;
• an account notice;
• a website banner; or
• another prominent notice.

Where required by law, Circulure will obtain consent before using previously collected personal information for a materially different purpose.

You may submit a privacy enquiry or complaint to:

Privacy Officer

E-SportsLeague Pty Ltd trading as Circulure

Email

info@megerskill.com

Address

2207/4 Sterling Circuit, Camperdown NSW, Australia

Your complaint should include, where possible:

• your name;
• Circulure username;
• email address;
• a description of the concern;
• relevant dates;
• relevant screenshots or evidence; and
• the outcome you are seeking.

Circulure will aim to:

1. acknowledge your complaint within 7 days;
2. investigate it fairly;
3. request further information where reasonably necessary;
4. provide a substantive response within 30 days where practical; and
5. explain available escalation options.

Complex matters may require additional time. If this occurs, we will provide an update where reasonably practical.

Australian complaints — We ask that you first allow Circulure a reasonable opportunity to address your complaint.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

For privacy questions, access requests, correction requests, deletion requests or complaints, contact:

Email

info@megerskill.com

Website

circulure.com

Postal address

2207/4 Sterling Circuit, Camperdown NSW, Australia

For urgent safety concerns, use Circulure’s in-platform reporting tools.

Where there is an immediate threat to someone’s safety, contact local emergency services.

Circulure intends to operate in accordance with applicable Australian privacy requirements, including the Australian Privacy Principles where they apply.

Even where a legal exemption may be available, Circulure aims to follow strong privacy practices appropriate for a platform that handles:

• user profiles;
• social connections;
• private communications;
• photographs;
• location information;
• user-generated content;
• moderation information;
• age-assurance information; and
• safety reports.

Circulure recognises that privacy is an essential part of building a safe and trusted community.