All Squad Technologies Pty Ltd (ACN 677 516 022), trading as AllSquads ("AllSquads", "we", "us" or "our"), respects your privacy and is committed to handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Privacy Policy explains what personal information we collect, how we use and share it, how we keep it secure, how long we keep it, and your rights in relation to it. It applies to the AllSquads website at allsquads.com.au, our mobile and desktop apps, our embedded booking widgets on third-party club websites, our AI agents, and all related services (together, the "Platform").
By using the Platform you acknowledge that you have read this Privacy Policy. If you do not agree with it, please do not use the Platform.
1. Who we are
AllSquads operates an online marketplace and management platform for sports coaches, clubs, facilities and players in Australia. We are both:
- a "controller" of personal information we collect directly for our own purposes (for example, when you create an AllSquads account, interact with our website, or contact support); and
- an "intermediary" or "processor" for information provided to facilitate a booking with a sports coach or club (each an "Organiser"), which the Organiser also controls for their own purposes.
When you book a class, lesson or court with an Organiser, that Organiser is an independent controller of your personal information and is subject to their own privacy obligations under the Privacy Act 1988 (Cth) where applicable.
2. Information we collect
2.1 Information you give us
We collect information you provide to us directly, including:
- Identity and contact details — name, email address, phone number, suburb or postcode, date of birth (for age-based class eligibility)
- Account details — username, password (stored as a one-way hash), profile photo, sport preferences, skill level
- Child profile details you create as a parent or guardian — child's name, date of birth, sport preferences, emergency contact (name, phone, relationship), allergies or medical notes relevant to safe participation
- Business information for coaches and clubs — legal entity name, trading name, ABN, business address, Stripe Connect account details, bank account details for payouts, qualifications and Working With Children Check details
- Booking and payment information — class bookings, session pack purchases, subscription enrolments, court hire, merchandise orders; transaction references and receipts; credit balances
- Communications — messages you send through our in-platform messaging, reviews you submit, support requests, feedback
- Marketing preferences — your opt-in choices for newsletters, promotions and SMS campaigns
2.2 Information we collect automatically
When you use the Platform we automatically collect:
- Device and technical information — IP address, device type, operating system, browser type and version, screen size, language, time zone
- Usage information — pages and screens visited, features used, actions taken, referring URL, timestamps, search queries
- Location information — approximate location derived from your IP address (used for local class search); precise location only if you explicitly grant permission in your device settings
- Cookies and similar technologies — see Section 9 below
2.3 Information we receive from third parties
We receive information about you from third parties in limited circumstances:
- Payment processors — Stripe provides us with confirmation of payments, partial card details (last four digits, card type, expiry month/year) and fraud signals. Stripe does not share full card numbers or CVV with us.
- Identity providers — if you sign in with Google, we receive your name, email and profile photo from Google in accordance with the scopes you approve
- Organisers — a coach or club may add you as a contact in their CRM (for example, if you previously booked with them off-platform)
- Referrers — if another user invites you to AllSquads, we may receive your email address and the referrer's identity
2.4 Sensitive information
Some information we collect is "sensitive information" under the Privacy Act — specifically, health information about allergies or medical conditions you or your child may have, where you choose to record it on a child profile or booking. We collect this only with your express consent, and only to enable safe participation in an Activity. We do not use sensitive information for marketing or analytics.
2.5 Information about children
Our Platform is intended for use by adults. Individuals under the age of 18 may participate in Activities only when a booking is made on their behalf by a parent or legal guardian through a child profile attached to that adult's account. We collect information about children only as provided to us by their parent or guardian for this purpose, and we handle that information with extra care in accordance with Section 13.
3. How we use your information
We use personal information for the following purposes:
3.1 To provide the Platform
- Create and manage your account, authenticate you at login, and keep your sessions secure
- Facilitate class discovery, bookings, waitlists, court hire, session packs, Pro Shop purchases and subscriptions
- Process payments, refunds, credits and payouts through Stripe
- Operate scheduling, capacity, cancellation and recurring payment logic
- Deliver in-platform messaging, announcements channels, booking confirmations and reminders
3.2 To support you
- Respond to support requests, disputes and feedback
- Investigate and resolve payment disputes and Chargebacks
3.3 To improve and secure the Platform
- Monitor performance, diagnose errors and debug issues
- Understand usage patterns and improve features, including through aggregated and de-identified analytics
- Detect, investigate and prevent fraud, abuse, and security incidents
3.4 To communicate with you
- Send transactional messages you cannot opt out of while you have an active booking (booking confirmations, schedule changes, failed-payment notices, cancellation notices, payout reports for coaches)
- Send marketing communications you have opted in to receive, which you may opt out of at any time
- Notify you of material changes to this Privacy Policy or our Terms
3.5 To meet our legal obligations
- Comply with tax, financial reporting, consumer protection and child safety laws
- Respond to lawful requests from courts, regulators or law enforcement
- Enforce our Terms and protect the rights, safety and property of AllSquads, our users and the public
4. AI agents and your data
AllSquads offers AI assistants — the Customer Concierge (for players, on the marketplace and embedded widgets) and the Club Agent (for coaches and clubs, in their dashboard). This section explains how your data is handled when you interact with these AI agents.
4.1 What is sent to the AI provider
When you interact with an AI agent, the content of your conversation is sent to our AI provider (Anthropic PBC, the maker of Claude) to generate a response. The agent may also access your AllSquads data — such as your bookings, class availability, schedules or payouts — to answer your question, strictly within the scope of what you would be able to see in your dashboard.
4.2 What is not sent
We do not send to the AI provider: full payment card details (we never have these); passwords; other users' private data; or sensitive information other than what is strictly necessary to answer the query and that you would otherwise see in the Platform.
4.3 Retention
Conversations with AllSquads AI agents are retained by us for up to ninety (90) days for safety, quality and debugging purposes. After that period they are deleted or fully de-identified. Anthropic does not retain your conversation content for longer than is needed to return a response, and does not use the data to train foundation AI models, under the terms of our commercial agreement with them.
4.4 No use for model training
Your conversations with AllSquads AI agents are not used to train AllSquads' or any third-party foundation AI models. We may use aggregated, de-identified analytics — such as "how many users asked about pricing this week" — to improve the agent's usefulness.
4.5 Accuracy and human support
AI agents may produce incorrect or incomplete responses. Important decisions should not rely solely on AI agent output. You can contact human support at any time by emailing play@allsquads.com.au.
5. How we share your information
We do not sell your personal information. We share it only in the circumstances below.
5.1 With Organisers (coaches and clubs)
When you book with an Organiser, we share the personal information they need to deliver the Activity — including your name, contact details, booking history at that Organiser, emergency contact and allergy information (for child profiles), and membership or credit status. Organisers are independent controllers of this information and are bound by our Coach and Club Services Agreement to handle it in accordance with the Privacy Act and their own privacy policies.
5.2 With service providers
We share information with third-party service providers who help us operate the Platform. Each is bound by contract to use your information only as necessary to provide their service and to protect it in accordance with applicable laws.
| Provider | Purpose and data shared |
|---|---|
| Stripe Payments Australia | Payment processing for bookings, subscriptions, session packs, Pro Shop; payouts via Stripe Connect. Receives name, email, payment details, transaction metadata. |
| Anthropic PBC (Claude) | Powers our AI agents. Receives conversation content and relevant context at query time. See Section 4. |
| Postmark (ActiveCampaign) | Delivery of transactional emails (booking confirmations, payment receipts, reminders). |
| Twilio | Delivery of SMS notifications and marketing SMS (where opted in). |
| Google LLC | Google Sign-In (OAuth) authentication for users who choose to sign in with Google; Google Calendar integration (where connected); Google Maps for location/venue display. |
| Apple Inc. | Sign in with Apple (where supported); Apple Pay payment tokens (passed through to Stripe). |
| Railway Corp | Database and backend hosting (PostgreSQL, application server). Data stored in the United States. |
| Vercel Inc. | Frontend hosting and content delivery. Data in transit through US infrastructure. |
| Cloudflare Inc. | Content delivery, DDoS protection and DNS; sees request metadata but not application data content. |
| HubSpot Inc. | Sales and marketing CRM for prospective coach and club customers only (not players). Receives business contact details. |
5.3 With other users within the Platform
Some of your information is visible to other users as an inherent feature of the Platform — for example, your display name and profile photo appear on reviews you post and on bookings you make (visible to the Organiser and their coaches). Club announcements you send as a coach are visible to all contacts on that channel.
5.4 In connection with a business transfer
If AllSquads is involved in a merger, acquisition, financing, reorganisation, bankruptcy or sale of assets, your information may be transferred to the acquiring or succeeding entity as part of that transaction. We will notify you of any such transfer and of any material change in how your information is handled.
5.5 For legal reasons
We may disclose your information where we believe in good faith that disclosure is required by law, a court order, or a valid request from a public authority; where it is necessary to investigate or prevent fraud, abuse or threats to safety; or where it is necessary to establish, exercise or defend legal claims.
5.6 With your consent
We may share your information in other circumstances with your express consent.
6. International data transfers
AllSquads' servers and some of our service providers are located outside Australia, primarily in the United States. When we disclose your personal information to an overseas recipient, we comply with Australian Privacy Principle 8 by taking reasonable steps to ensure the recipient handles your personal information consistently with the APPs. Typically this is achieved by contractual data-protection terms with the recipient.
Countries where your information may be processed include the United States (Anthropic, Stripe infrastructure, Railway, Vercel, Cloudflare, HubSpot), and Australia. You consent to this international processing by using the Platform. In the event of a data breach overseas, we remain the Australian entity responsible for notifying you and the Office of the Australian Information Commissioner (OAIC) where required.
7. How we keep your information secure
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. These include:
- encryption of data in transit using TLS 1.2 or higher
- encryption of data at rest in our database
- hashed passwords — we never store passwords in plain text
- network and application firewalls, rate limiting and monitoring
- role-based access control for staff, contractors and team members, with least-privilege defaults
- audit logs for sensitive actions (including actions taken via AI agents)
- vendor due diligence for third-party processors
- periodic backups and documented recovery procedures
Despite these measures, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for any actions taken under your account. If you suspect unauthorised access to your account, please contact us immediately.
8. How long we keep your information
We keep your personal information only for as long as is necessary for the purposes set out in this Policy, unless a longer retention period is required or permitted by law.
| Category | Retention period |
|---|---|
| Account profile | For the life of your account, plus up to 90 days after account closure for fraud-prevention and re-activation windows. |
| Booking, payment and payout records | At least 7 years from the transaction date, to comply with tax, financial and child-safety record-keeping requirements under Australian law. |
| Communications (in-platform messages, support tickets) | Up to 7 years from the last activity; earlier deletion on request where no legal hold applies. |
| AI agent conversations | Up to 90 days, then deleted or fully de-identified. |
| Server logs and technical diagnostics | Up to 90 days for application logs; up to 12 months for security-relevant logs. |
| Marketing consent records | For the life of your account plus 3 years, to demonstrate consent if disputed. |
| De-identified and aggregated analytics | May be retained indefinitely; cannot be re-identified to you. |
When your information no longer needs to be retained, we will delete or de-identify it in the ordinary course.
9. Cookies and tracking technologies
9.1 What we use
The Platform uses cookies and similar technologies (pixels, local storage, session storage) to operate features, remember your preferences and understand how the Platform is used. These include:
| Category | Purpose |
|---|---|
| Strictly necessary | Authentication, session management, security, cart persistence, load balancing. These cannot be disabled without breaking the Platform. |
| Functional | Remember your language, time zone, last-used Organiser context, display preferences. |
| Analytics | Understand which features are used and where issues occur. We use aggregated analytics and do not track you across other websites. |
| Marketing | Used only where you have opted in and in accordance with applicable law. |
9.2 Your choices
Most browsers let you refuse cookies or alert you when a cookie is being set. Disabling strictly necessary cookies will prevent you from using the Platform. You can also opt out of marketing analytics in your account settings.
10. Marketing communications
10.1 Opt-in
We send marketing communications — including newsletters, class recommendations, promotions and product updates — only where you have opted in to receive them. Consent is recorded against your account at the time you give it.
10.2 Opt-out
You can opt out of marketing communications at any time by:
- using the "unsubscribe" link in any marketing email
- replying "STOP" to any marketing SMS
- changing your notification preferences in your account settings
- emailing play@allsquads.com.au
Opting out of marketing does not affect transactional communications (booking confirmations, payment receipts, schedule changes), which are sent as part of providing the Platform and cannot be disabled while you have an active booking.
10.3 Spam Act
AllSquads and participating Organisers comply with the Spam Act 2003 (Cth). Every commercial electronic message we send identifies AllSquads as sender and contains a functional unsubscribe mechanism. Where an Organiser sends marketing communications using Platform tools, the Organiser is the sender and is responsible for compliance with the Spam Act — we provide the tools and enforce unsubscribe handling.
11. Your privacy rights
Under the Privacy Act and the Australian Privacy Principles you have the right to:
- access the personal information we hold about you
- request correction of information that is inaccurate, out of date, incomplete, irrelevant or misleading
- request deletion of your personal information, subject to our legal retention obligations (see Section 8)
- withdraw a consent you previously gave us (for example, for marketing)
- request a copy of your information in a structured, commonly used format (data portability) — available from the export tools in your account, or by request
- object to or restrict particular uses of your information
- complain to us, and to the Office of the Australian Information Commissioner (OAIC), if you believe we have breached the Privacy Act
To exercise any of these rights, please contact us using the details in Section 16. We will respond within 30 days. We may need to verify your identity before acting on a request.
If you are not satisfied with our response, you may lodge a complaint with the OAIC at oaic.gov.au or by calling 1300 363 992.
12. Data breach notification
AllSquads complies with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act. If an eligible data breach occurs — that is, a breach of personal information that is likely to result in serious harm to affected individuals, and which we have been unable to prevent — we will notify affected individuals and the OAIC as soon as practicable.
Our standard notification will explain what happened, what information was involved, what we are doing in response, and what steps affected individuals can take to protect themselves.
13. Children's privacy
AllSquads accounts are intended for use by adults (18+). We do not knowingly create accounts for, or collect personal information directly from, individuals under 18.
Where a parent or legal guardian creates a child profile under their adult AllSquads account to book Activities on behalf of a child under 18, the parent or guardian is responsible for providing and updating that child's information. We collect child information only as provided by the parent or guardian, and we use it only to facilitate the child's participation in the booked Activity.
We handle child information with heightened care:
- child profile data is accessible only to the parent/guardian who owns the account and to the Organiser delivering the Activity
- we do not send marketing communications addressed to children
- we do not use child information for advertising, analytics profiles, or model training
- Organisers delivering Activities for minors must hold a current Working With Children Check (or state-equivalent clearance) under our Coach and Club Services Agreement
If you believe we have collected information from a child other than through a parent or guardian's child profile, please contact us and we will delete it promptly.
14. Third-party links
The Platform may contain links to third-party websites, apps or services, and may surface content from third parties. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing personal information.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by an in-platform notice before the change takes effect. The "Version" and "Effective date" at the top of this document will always reflect the current version. We encourage you to review this Privacy Policy periodically.
16. How to contact us
For any question, request or complaint about this Privacy Policy or our handling of your personal information, please contact us:
All Squad Technologies Pty Ltd (ACN 677 516 022)
Unit 2, 33 Palm Beach Avenue, Palm Beach QLD 4221, Australia
Email: play@allsquads.com.au
Website: https://allsquads.com.au
If you are not satisfied with how we have handled a privacy matter, you may contact the Office of the Australian Information Commissioner:
Website: oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5288, Sydney NSW 2001