Skip to main content
Sandbox previewPayments run on Stripe test mode. Picks and results are real but this instance is for testing. A separate production site will launch later.

Privacy policy

StatLine collects the minimum personal information it needs to run your account, process your subscription, and measure how people find us. We don’t sell your data, and we only load advertising measurement tags after you agree via the cookie banner. We delete what we no longer need.

Last updated: 21 April 2026

1. Who this policy covers

This policy covers personal information handled by [Trading Entity Pty Ltd] (ACN [XXX XXX XXX]; ABN [XX XXX XXX XXX]), trading as StatLine, of [Registered Address], Australia. We handle personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). For EU / UK residents, the General Data Protection Regulation (GDPR) / UK GDPR annex at the end of this policy also applies.

2. Personal information we collect

  • Account & contact data: email address, country selected at signup, the fact and timestamp of your age confirmation and acceptance of our terms.
  • Telegram data: your Telegram user ID, username (if set), and chat ID — collected only after you link your Telegram account to your subscription.
  • Subscription & payment metadata: Stripe customer ID, subscription status, invoice / payment IDs, amounts, and billing events. We do not receive or store full card numbers — Stripe handles that.
  • Technical & security data: IP address, user-agent, session identifiers, and security event logs, used to run the Service, detect abuse, and troubleshoot problems.
  • Communications: emails and support messages you send us, plus our replies.
  • Marketing consent: if you tick the optional marketing box at signup, we record the consent (date, IP, and the wording you consented to).

You can browse most of the public site anonymously or under a pseudonym (APP 2). An account is required only where necessary — signup, subscription, and Telegram linkage.

3. How we collect it

  • Directly from you (signup, account actions, support emails).
  • From Stripe when you pay or update billing.
  • From Telegram when you link your account.
  • Automatically through server logs and strictly-necessary cookies.

4. Why we collect it and the legal basis

PurposeAustralian basisGDPR basis
Provide the account, subscription, and Telegram deliveryAPP 3.2 — necessary for our functionsArt 6(1)(b) — contract
Process payments and prevent fraudAPP 3.2Art 6(1)(b) / 6(1)(f) — legitimate interest
Security, debugging, abuse preventionAPP 3.2Art 6(1)(f)
Comply with law (e.g. tax, AML where applicable)APP 3.2Art 6(1)(c)
Send product updates and marketing (optional)Consent (APP 7 for direct marketing)Art 6(1)(a) — consent

5. Who we share it with

We share only what each recipient needs to do its job, under contract, and never for their own marketing:

  • Stripe, Inc. — payments, subscription management, customer portal. Personal information may be processed in the United States and Ireland.
  • Telegram FZ-LLC — delivery of free and VIP channels. International hosting (including UAE, European locations, and the US).
  • Railway Corp. — our application and database hosting. Primarily the United States.
  • Email provider ([Resend / SendGrid / AWS SES — TBD]) — transactional and, if you opt in, marketing email. Primarily the United States.
  • Professional advisers (legal, accounting, auditors) under confidentiality where reasonably required.
  • Authorities where we’re compelled by valid legal process, or where necessary to protect life, safety, or our legal rights.
  • A successor in the event of a merger, acquisition, or insolvency — bound to equivalent privacy protections.

We do not sell personal information. We do not share it for other people’s advertising or analytics.

6. Overseas disclosures (APP 8)

Because Stripe, Telegram, Railway, and our email provider process data outside Australia (principally in the United States, Ireland, and the UAE), by using the Service you acknowledge that your personal information may be disclosed overseas for the purposes in section 4. We take reasonable steps to ensure each recipient handles the data consistently with the APPs. For EU / UK data subjects we rely on Standard Contractual Clauses (SCCs) and the UK Addendum where the recipient is outside a jurisdiction with an adequacy decision.

7. Data security

We take reasonable technical and organisational steps to protect your information: TLS in transit, encryption at rest for primary databases, least-privilege access to operator tooling, HMAC-signed session cookies with per-token revocation, rate-limiting on authentication endpoints, and audit logging for operator actions. No online service is perfectly secure; we assess and improve continuously.

8. Data breach notification

If we suffer an eligible data breach under the Notifiable Data Breaches scheme, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable after we become aware of it, describing the breach, the information involved, and what you should do.

9. Retention

  • Account and billing records: kept for the life of your account plus 7 years after closure to meet tax and financial-record-keeping obligations.
  • Telegram linkage data: removed promptly when your subscription ends or on request.
  • Server logs: 90 days by default; longer only where needed for a live security incident.
  • Marketing consent and contact list: until you unsubscribe or request deletion; then removed from live systems within 30 days.
  • Support correspondence: 2 years, then archived or deleted.

10. Your rights

You can, at any time:

  • ask us what personal information we hold about you (right of access);
  • ask us to correct inaccurate information;
  • ask us to delete your data (we’ll do so unless we’re legally required to keep it, e.g. financial records);
  • withdraw marketing consent (this won’t affect transactional emails);
  • ask us to stop or restrict certain processing, or to provide a data export;
  • complain — first to us at privacy@statlineaus.com. We’ll acknowledge within 5 business days and respond within 30 days.

If you’re not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992. EU / UK residents can complain to their local supervisory authority.

11. Direct marketing (APP 7 / Spam Act 2003)

We only send marketing emails if you opted in at signup or later. Every marketing email identifies us, gives our contact details, and includes a working one-click unsubscribe. We keep your consent record (date, IP, wording) so we can prove your opt-in if ever asked. Transactional messages (receipts, service notices) are sent under APP 6.2 and not subject to this opt-out.

12. Analytics, advertising measurement, and cookies

We use strictly-necessary cookies for session authentication, age-gate state, and recording your cookie-banner choice. Everything else loads only after you grant consent in the banner.

Analytics (with consent). Google Analytics 4 so we can see which pages work. Data is aggregated; we do not build cross-site profiles.

Advertising measurement (with consent). To work out which ads bring subscribers, we load browser tags and forward successful events to the following ad platforms: Google Ads, Microsoft Advertising (Bing), X / Twitter Ads, and Reddit Ads. We capture UTM parameters and platform-specific click IDs (gclid, gbraid, wbraid, msclkid, twclid, rdt_cid) on your first visit and keep them in first-party cookies (sl_attr, sl_attr_last) so that if you subscribe later we can tell the platform which click led to the conversion. We hash your email (SHA-256) before sending it in any server-side event so the ad platforms never see the plaintext address.

What we don’t use. No Meta (Facebook / Instagram) Pixel or Conversions API, no TikTok Pixel or Events API, no Snapchat, Pinterest, or LinkedIn ad tags. Those platforms prohibit tipster / picks content so we don’t ship code for them.

Opt out at any time. Clear your cookies or revisit the cookie banner and uncheck Analytics / Marketing — we’ll stop loading the tags immediately. Full cookie list is in our Cookie Policy.

13. Children

The Service is for adults. We don’t knowingly collect data from anyone under 18. If you believe we’ve done so, email privacy@statlineaus.com and we’ll delete it.

14. Changes to this policy

We may update this policy. Material changes will be notified by email or in-product message at least 14 days before they take effect. The “Last updated” date at the top always reflects the current version.

15. How to contact us

Privacy requests and complaints: privacy@statlineaus.com.
General support: support@statlineaus.com.
Post: [Registered Address].

Annex A — GDPR / UK GDPR supplement

If you are in the European Economic Area or the UK:

  • Controller: [Trading Entity Pty Ltd], contact details above.
  • Legal bases for each purpose are in the table in section 4.
  • Transfers outside the EEA/UK are covered by Standard Contractual Clauses (and the UK Addendum where relevant) with each processor.
  • Your rights include access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and to lodge a complaint with your supervisory authority. To exercise: email privacy@statlineaus.com.
  • Retention periods are the periods in section 9 except where EU / UK law requires a different period.

If you are accessing this site from outside Australia, you are responsible for ensuring your use complies with local law.

Privacy policy · StatLine