Last updated: May 11, 2026

Privacy Policy

This Privacy Policy explains how Esports Hub collects, uses, and protects your information across both the Discord server and the web portal.

About This Policy

Esports Hub is operated from Australia. This Privacy Policy is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) set out in Schedule 1 to that Act. The data-handling commitments in this policy reflect APP requirements and apply to every user.

Where you are located outside Australia, additional rights and disclosures apply under the privacy laws of your jurisdiction. See the Region-Specific Rights section below for details on rights available to users in the European Union, the United Kingdom, California, and other regions.

Information We Collect

When you sign in to the web portal, we receive and store the following information from your linked account:

  • User ID: used to identify your account.
  • Username and avatar: used to personalise your experience.
  • Server membership: used to verify that you are a member of the Esports Hub Discord server.

We do not access your email address, friend list, direct messages, or any servers other than the Esports Hub server.

Server Verification

To access the Discord server, you must complete verification through our website. During this process, we collect the following information to maintain server safety:

  • Browser and device fingerprint: a unique hash generated from your browser and device characteristics.
  • IP address, country, and internet service provider: your network address, approximate geographic location, and ISP / ASN. We use a third-party VPN and proxy detection service to score the risk of the connection.
  • User-agent string: your browser and operating system details, used to identify suspicious verification attempts.
  • Discord account ID: used to link the verification to your Discord account.
  • Account age: the age of your Discord account at the time of verification.

This data is used to enforce bans, detect alternate accounts, and identify suspicious verification attempts. We do not sell verification data or share it with third parties for marketing or analytics. The only third-party touchpoint is the IP-only risk lookup with the VPN and proxy detection service noted above.

90-day PII redaction:Once a verification is more than 90 days old, your IP address, user-agent string, and internet service provider are automatically wiped from the record. The hashed device fingerprint and your Discord account ID stay so we can keep banned alt accounts blocked, but the raw identifiers that aren't needed for ongoing anti-abuse are removed on schedule.

Verification record retention: The redacted verification record (fingerprint hash, Discord ID, country, account age) is retained for as long as you continue to use the Esports Hub Discord server, so we can recognise your device on future verifications and detect alt accounts. It is removed when you request deletion via either of the methods below.

Banned-fingerprint records: If you are banned from the server, a separate banned-fingerprint record is created so the same device cannot rejoin under a new Discord account. When you ask us to delete your verification data, this row is pseudonymised rather than deleted: the link to your Discord ID is dropped, but the hashed fingerprint and IP stay on file so the ban still prevents evasion. This processing rests on our legitimate interest in preventing ban evasion (GDPR Article 6(1)(f) for users in the EU/UK; APP 11.2 read together with APP 6.2(a) for Australian users), with retention limited to what is proportional to that purpose.

Data deletion: You can delete your verification data at any time using either of the following options:

  • Run the /privacy command in the Esports Hub Discord server and confirm the prompt.
  • Open Settings on the web portal, go to the Privacy tab, and click Delete data under the verification card.

Either path promptly deletes the verification records associated with your Discord account, pseudonymises any banned-fingerprint rows tied to your account, and revokes your verified role. You will need to re-verify to regain access to the server.

How We Use Your Information

The table below sets out the purposes for which we process your personal data, the categories of data involved, and the legal basis we rely on under the Australian Privacy Principles and equivalent privacy laws (such as the GDPR for users in the European Union).

PurposeDataLegal Basis
Authenticate you and link your Esports Hub account to your Discord identityUser ID, username, avatar, server membershipContract (necessary to provide the service)
Verify you during sign-up and stop banned members from rejoining on alt accountsBrowser and device fingerprint, IP address, country, Discord ID, and Discord account ageLegitimate interests (community safety and abuse prevention)
Run AI chat features and persist conversations between sessionsChat messages, uploaded images, conversation history, model preferencesContract
Process payments, subscriptions, and gift transactionsPayment details (handled directly by external payment processors), gifter and recipient identifiers, transaction historyContract
Track rewards activity and tier progressionDiscord activity (messages, voice minutes, reactions), point balance, redemption historyContract
Create and manage Discord roles on your behalfRole configuration, uploaded logos and icons, Discord account IDContract
Detect and respond to errors, performance issues, and security eventsError reports, session replay on checkout errors only, anonymised usage telemetryLegitimate interests (operating a reliable service)

Gift Purchases

When you purchase a gift subscription for another member, the recipient will be notified that they received premium and will be shown your display name as the gifter. Similarly, when searching for a recipient, you may see other members' usernames, avatars, and Discord IDs. Gift transaction records (gifter, recipient, duration, and payment details) are stored in our database to manage the gift subscription lifecycle.

Data Storage & Retention

Your data is stored securely using industry-standard cloud infrastructure. Chat messages, conversation history, and role request data are stored in our database. Uploaded images are stored in our cloud storage. We retain each category of data only for as long as needed for the purpose it was collected, after which it is deleted or anonymised.

Data categoryRetention period
Account profile (User ID, username, avatar)For as long as your account is active. Deleted on account closure.
Verification record (raw IP, user-agent, ISP)90 days from the verification, then automatically wiped from the record. Removed sooner on request.
Verification record (fingerprint hash, Discord ID, country, account age)For as long as you continue to use the Esports Hub Discord server, so we can recognise your device on future verifications. Removed when you request deletion via /privacy or in Settings.
Banned-fingerprint recordsRetained for ongoing ban-evasion prevention. Pseudonymised (Discord ID dropped) on a deletion request, but the fingerprint hash and IP stay on file.
AI chat conversationsFor as long as your account is active, or until you delete the conversation.
Uploaded images and assetsFor as long as the linked role, post, or service is active. Deleted when removed by you or by us.
Payment and transaction records7 years to comply with tax and accounting record-keeping requirements.
Error reports and analytics events90 days, after which they are aggregated or deleted.
Cookies and browser local storageUntil you clear them or revoke consent through Cookie settings.

Third-Party Services

Esports Hub relies on third-party services to operate the platform. The categories below describe what each kind of provider does and what data it receives. Each provider operates under its own privacy policy and only receives the data needed to perform its role.

  • Authentication: Discord OAuth, used to sign you in and read your username, avatar, and Esports Hub server membership.
  • Payments: card-on-file and one-off charges for subscriptions, contracts, websites, and other paid services. Card details are handled directly by the payment processor and never reach our servers.
  • Hosting and infrastructure: serverless hosting, managed Postgres (encrypted at rest), object storage for uploaded images, and an ephemeral cache used for rate-limiting and deduplication.
  • Anti-abuse: bot detection on the verification flow and other forms; a third-party VPN and proxy risk service that receives only your IP address and returns a risk score, country, and ISP.
  • Transactional email: account verification, receipts, and similar service notifications.
  • Monitoring: error tracking and a checkout-only session replay that activates when a payment error occurs. Replays mask all text and block images; payment fields render in third-party iframes we cannot see into.
  • AI inference: chat messages and uploaded images sent to an AI provider to generate responses. We do not allow the provider to train on your data, and inputs are discarded after the response is returned.

Data Sharing

We do not sell, trade, or share your personal information with third parties for marketing purposes. Your data is only shared with third-party service providers as necessary to operate the platform.

AI Chat Data

Messages you send through the web portal's AI chat are processed by a third-party AI provider to generate responses. These messages may include text and images you upload. We do not use your chat data to train models. The AI provider's use of this data is governed by their own privacy policy and data processing terms.

Cookies & Local Storage

We use cookies and browser local storage in three categories. You can review and change your choices at any time by opening Cookie settings in the site footer.

Strictly necessary

Always active. These are required for the site to work and cannot be turned off. They cover authentication sessions, security checks (CSRF and bot-protection challenges), and saving your UI preferences such as theme and font choice in local storage.

Analytics

Helps us understand how the site is used so we can fix bugs and improve performance. This bucket includes error tracking and, on the checkout flow only, a short session replay that activates if an error happens during a payment. Replays mask all text and block images so personal details are not captured, and payment fields render in third-party iframes we cannot see into.

Marketing

Helps us measure the effectiveness of our marketing campaigns. We do not currently load any third-party advertising or retargeting pixels, but this category exists so we can ask before we ever do.

Where your choice is stored

Your cookie preferences are saved in your browser's local storage under the key esports-hub-cookie-prefs. The value is a small JSON object with your analytics and marketing choices and the timestamp of when you last saved them. Clearing your browser storage will reset the choice and reopen the consent question on your next visit.

What we do not do

We do not sell your data. We do not load third-party advertising trackers. We do not record session replays anywhere outside the checkout flow, and even there only when an error occurs and you have left analytics enabled.

Your Rights

Under the Australian Privacy Principles, you have the following rights in relation to the personal information we hold about you:

  • Access (APP 12): request a copy of the personal information we hold about you.
  • Correction (APP 13): request correction of personal information you believe is inaccurate, out of date, incomplete, irrelevant, or misleading.
  • Use limitation (APP 6): have your information used only for the primary purpose for which it was collected, unless you consent to a secondary use or one of the exceptions in the APPs applies.
  • Security (APP 11): have your information held securely and protected from misuse, interference, loss, and unauthorised access.
  • Complaint: make a complaint about how we handle your personal information.

To exercise any of these rights, email us at privacy@esportshub.io, contact us through our contact page, or the Esports Hub Discord server. We will respond within a reasonable period and provide reasons in writing for any refusal. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Region-Specific Rights

If you are located outside Australia, the following additional rights may apply under your local privacy law. These rights operate alongside the rights under the Australian Privacy Principles described above.

European Union and United Kingdom

Under the GDPR and UK GDPR, in addition to the APP rights above, you have the right to:

  • Erasure: request deletion of your account and associated data, subject to exceptions for ban-evasion records and legal retention obligations.
  • Restriction: request that we limit how we process your data while a complaint is being resolved.
  • Objection: object to processing that relies on our legitimate interests.
  • Portability: request a machine-readable export of the data you provided to us.
  • Withdraw consent: revoke any consent you previously gave, including the web portal's OAuth access through your Discord authorized-apps settings.
  • Lodge a complaint: file a complaint with your local data protection authority.

California

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete personal information, the right to correct inaccurate personal information, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioural advertising.

Other regions

If you are located in a region with its own privacy law (such as Brazil under the LGPD, Canada under PIPEDA, or other regimes), the rights granted by that law apply to you and are not limited by this policy.

Security

We take reasonable measures to protect your data, including encrypted connections (HTTPS), secure authentication tokens, and access controls on our infrastructure. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Data Breach Notification

Esports Hub complies with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth). If a data breach is likely to result in serious harm to affected individuals, we will notify the affected individuals and the Office of the Australian Information Commissioner as soon as practicable in accordance with the scheme. Where you are located outside Australia, we will additionally comply with the breach-notification obligations of your local privacy law (such as Article 33 GDPR for EU users, which sets a 72-hour notification window to the supervisory authority).

Where a breach involves data we received from Discord under the Discord Developer Terms of Service (your Discord ID, username, avatar, server membership, or any other API data), we will additionally notify Discord without undue delay in accordance with Section 5(c) of those terms. Our internal target is to acknowledge the incident within 24 hours of detection and to issue formal notifications within the timelines required by each applicable regime (72 hours for GDPR, "as soon as practicable" for the Australian NDB scheme, and Discord's "without undue delay").

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page and, where reasonable, by posting an in-app notice or sending a notification to your Discord direct messages. Continued use of the service after the effective date of an update constitutes acceptance of the revised policy.

Contact

For privacy questions, data-rights requests, or breach notifications, email privacy@esportshub.io. For anything else, our contact page and the Esports Hub Discord server are the fastest channels.