Division ONE Privacy Policy
Last updated: August 1, 2025

1. Introduction & Scope

Welcome to Division ONE. We respect your privacy and are committed to safeguarding the personal information you entrust to us. This Privacy Policy (“Policy”) describes how we collect, use, disclose, and protect your information when you access our website (“Site”) and related services (collectively, “Services”). It also explains your rights and choices regarding your information and how to exercise them. This Policy applies globally to all visitors and registered users. By using the Site or Services, you agree to this Policy.

2. Definitions and Roles

In this Policy, “Personal Information” refers to any information that identifies or could reasonably identify you as an individual. We, Division ONE, act as the sole controller of all Personal Information collected through the Site; that is, we determine the purposes and means of its processing. We engage processors—such as Strapi for content management and DigitalOcean for hosting—who act only on our instructions under strict data processing agreements.

3. Data Collected

When you register for an account, we collect your email address, chosen username, and a secure, hashed password. Optionally, you may link Discord or Riot accounts, in which case we receive your public profile ID to uniquely identify you. We also gather profile details—such as avatars and user preferences—and any content you contribute (e.g., forum posts, chat messages).

To power future merchandise sales via Shopify, Shopify’s systems may capture payment methods, billing addresses, and shipping details; however, Shopify retains and secures all raw card and banking data under its PCI-compliant environment. We never store unredacted payment credentials on our own servers.

4. Automatic Data Collection

As you navigate the Site, we automatically collect usage and technical data through Google Analytics. This includes anonymized IP addresses, browser and device metadata, pages visited, time spent, and error logs. We use this data strictly to monitor performance, detect abuse or bugs, and improve the user experience; no effort is made to re-identify individual visitors.

5. Purpose and Legal Basis for Processing

We process your Personal Information to deliver and improve our Services, manage your account, fulfill transactions, and communicate with you. Our legal bases include:

1. Contractual necessity: to provide Services you request, such as account creation, tournament participation, or merchandise orders.
2. Consent: for optional features like marketing communications or analytics cookies beyond strictly necessary ones. You may withdraw consent at any time.
3. Legitimate interests: to maintain security, prevent fraud, run analytics, and enhance functionality—provided these interests do not override your fundamental privacy rights.
4. Legal obligations: to comply with applicable laws, respond to lawful requests, and defend our rights.

6. Cookies and Similar Technologies

We use essential cookies to preserve your login session and preferences. Google Analytics cookies help us understand Site usage patterns; these are anonymized and non-personal. You can manage or disable cookies through your browser settings, but some Site features may become unavailable if cookies are blocked.

7. Children’s Privacy

Our Services are not intended for children under 13. We do not knowingly collect information from anyone that age. Should we learn that a parent or guardian provided us Personal Information for a child under 13 without valid consent, we will promptly delete that data.

8. Data Retention and Deletion

We retain your Personal Information only as long as necessary for legitimate business purposes, account maintenance, transaction records, and legal compliance. At the time your account is deactivated—either by your request or due to prolonged inactivity—all personal data associated with your account is permanently erased from our primary systems. Anonymized analytics data may be kept indefinitely for trend analysis.

9. Data Security and Incident Response

We implement a combination of administrative controls (staff training, access reviews), technical safeguards (TLS encryption in transit, encryption at rest, role-based access, hashed passwords), and physical measures (secure data center facilities) to protect your data. In the unlikely event of a security breach, we will promptly investigate, contain the incident, notify affected individuals via email within 72 hours, and report to authorities as required by law.

10. International Transfers

Your data is primarily stored and processed in the United States. For residents of the European Union and the United Kingdom, we transfer data under Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of protection.

11. Your Rights

You have the right to access, correct, or delete your Personal Information. You may object to or restrict processing, request portability of your data, and withdraw consent for non-essential uses. California and other U.S. residents may additionally request details about any disclosures of their data to third parties and opt-out of any data sales (though we do not sell data). EU/UK residents may lodge complaints with supervisory authorities. To exercise these rights, please use the “Contact Us” form on our Site; we may require identity verification for security.

12. Third-Party Disclosures

We share your information only with trusted service providers—such as Strapi, DigitalOcean, Google Analytics, and Shopify—under contractual obligations to protect your data. We do not sell or lease your Personal Information to unaffiliated parties. We may disclose data to comply with legal processes, protect our rights, or facilitate mergers and acquisitions, but only when strictly necessary.

13. Behavioral Advertising

We do not engage in behavioral or interest-based advertising, retargeting, or ad network partnerships.

14. Social Media Features and Links

Social login options (Discord, Riot) provide only basic profile information. Embedded social media features are governed by the respective platforms’ policies. We may link to other websites, but we are not responsible for their privacy practices.

15. Email and Push Communications

We send transactional emails (e.g., account confirmations, order receipts) mandatory for Services. Marketing emails and push notifications are only sent with your explicit consent and comply with CAN-SPAM and mobile messaging regulations. You may unsubscribe or opt-out at any time via links in communications or your account settings.

16. Policy Updates

We may update this Policy as our practices or legal requirements evolve. We will revise the “Last updated” date at the top. Continued use of our Site following any changes indicates acceptance of the updated Policy.

17. Governing Law and Venue

This Policy is governed by the laws of the State of Alabama, U.S.A. Any disputes related to this Policy or our data practices will be resolved exclusively in the state or federal courts located in Alabama.

18. Contact Information

For privacy questions, data-subject requests, or complaints, please use the “Contact Us” form on our Site.