PRIVACY POLICY.
Last updated: 2026-04-28 · privacy@hundredclub.com.au
1. What we collect
Identity data (name, DOB, address) for permit-mandated winner verification. Account data (email, phone, password hash) for authentication. Payment data (handled by Stripe; we never store card numbers). Behavioural data (course completion, draw entries) for service personalisation.
2. Why we collect it
To run your membership, allocate credits, enter you into draws, deliver courses, process payments, verify winners under NSW lottery permits, and communicate service updates. We never sell personal data to third parties.
3. Who we share it with
Stripe (payments), Resend (email), Cloudflare (CDN/hosting), the NSW Office of Liquor, Gaming and Racing (when verifying winners as required by permit). Each subprocessor is bound by data-processing agreements.
4. How long we keep it
Active members: for the life of the membership plus 7 years (statutory record-keeping). Cancelled members: 7 years from cancellation. You may request deletion at any time; we will retain only the minimum required by law.
5. Your rights
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles you may access, correct, or delete your personal data, object to processing, and lodge a complaint with the OAIC. Contact privacy@hundredclub.com.au for any of the above.
6. Cookies
We use first-party cookies for session management and a single analytics cookie (anonymised) for aggregate site usage. No third-party advertising trackers.
7. Security
All data in transit is encrypted with TLS 1.3. Data at rest is encrypted with AES-256. Passwords are hashed with bcrypt. We perform annual third-party penetration testing.
8. Updates
Material changes to this policy are notified by email at least 30 days in advance.