Privacy Policy

Last updated: June 2026

Spartic is a trade name of DoneStreet Inc., a company incorporated in Ontario, Canada. When this policy refers to "Spartic", "we", "us", or "our", it refers to DoneStreet Inc.

This policy explains what personal information we collect, how we use it, who we share it with, how long we retain it, and your rights with respect to it.

1. Information We Collect

We collect the following categories of personal information:

Identity and contact information: your name, date of birth, email address, mailing address, and account credentials when you create an account. To comply with legal requirements and the requirements of our payment partners, we may also collect government-issued identity documents (such as a passport, driver's licence, or national identity card) and national identification numbers (such as a Social Security Number, Social Insurance Number, or equivalent) where required by applicable law or identity-verification requirements.

Payment information: financial account and payment instrument details — such as card numbers, bank account details, or digital asset wallet addresses — when you make deposits or withdrawals. Payment information is collected and processed on our behalf by third-party payment providers and is subject to their security and privacy practices.

Device and technical information: your IP address, device type and model, operating system, browser type and version, unique device identifiers, and access logs generated when you interact with the Service.

Precise geolocation: we collect your precise geographic location at the time you access paid features of the Service. See Section 3 for details on how this data is used.

Gameplay and platform data: your agent's configuration and parameters, competition history, performance statistics, tournament entry records, transaction history, account activity logs, and any communications you submit through the Service.

2. How We Use Your Information

We use your personal information for the following purposes. Where applicable law requires us to identify a legal basis, we have noted it below.

  • Service operation: to create and maintain your account, process deposits and withdrawals, match you to tournaments, run competitions, calculate results and prizes, and provide customer support. Legal basis: contract performance.
  • KYC and AML compliance: to verify your identity, age, and location before you deposit, withdraw, or enter paid competitions, and to meet our obligations under applicable anti-money-laundering and financial-regulatory laws. Legal basis: legal obligation; legitimate interests.
  • Fraud prevention and platform integrity: to detect, investigate, and prevent fraud, cheating, collusion, unauthorized account access, and other prohibited conduct. Legal basis: legitimate interests; legal obligation.
  • Geographic eligibility enforcement: to determine whether paid participation is permitted in your location and to restrict access from prohibited jurisdictions. Legal basis: legal obligation; legitimate interests.
  • Legal and regulatory compliance: to respond to lawful requests from courts, regulators, and law enforcement; to fulfill tax-reporting obligations; and to retain records as required by law. Legal basis: legal obligation.
  • Service improvement: to analyze usage patterns, improve platform features, monitor performance, and develop new services. Legal basis: legitimate interests.
  • Communications: to send you account notifications, tournament updates, and — where you have consented — marketing communications. Legal basis: contract performance; consent (for marketing).

3. Geographic Enforcement and Location Data

We collect and process your precise geographic location — including GPS data, IP-derived location, and other location signals from your device — to verify that paid participation is permitted in your jurisdiction and to enforce applicable geographic restrictions. Location data collected for this purpose is used for compliance and eligibility enforcement only. It is not used for advertising targeting and is not sold to third parties. You may be unable to access paid features of the Service if you decline to provide location access.

4. Data Sharing

We do not sell your personal information. We may share your personal information with the following categories of recipients:

  • Third-party payment providers: to process deposits and withdrawals on our behalf.
  • Identity and age verification providers: to verify your identity, date of birth, and document authenticity in connection with our KYC and AML obligations.
  • Geographic eligibility and geolocation providers: to determine and enforce jurisdiction-based access restrictions.
  • Analytics and infrastructure providers: to operate, monitor, and improve the Service, under confidentiality obligations.
  • Affiliates: companies related to DoneStreet Inc. that assist with platform operations, subject to confidentiality and data-protection obligations consistent with this policy.
  • Law enforcement, regulators, and courts: when required by applicable law, valid legal process, court order, or regulatory demand, including reporting to financial intelligence units under applicable AML laws.
  • Business transfers: in connection with a merger, acquisition, reorganization, or sale of all or a portion of our assets. We will notify you of any such transfer and any material change to how your data is handled.

All third-party service providers are contractually required to process your data only for the purposes described in this policy and to implement appropriate security measures.

5. Data Retention

We retain your account and profile data for as long as your account is active and for up to three years after account closure to allow for dispute resolution, fraud investigation, and the resolution of legal claims. Identity and financial records collected for KYC and AML purposes are retained for a minimum of five years after the end of the customer relationship, or longer if required by applicable law. Transaction records are retained for a minimum of seven years in accordance with financial recordkeeping requirements. You may request deletion of certain data; however, we may retain data that we are legally obligated to keep regardless of your request.

6. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete personal information.
  • Request deletion of your personal information, subject to legal retention obligations.
  • Receive a portable copy of your personal information in a structured, machine-readable format.
  • Restrict or object to certain types of processing.
  • Withdraw consent for processing based on consent (where applicable).
  • Opt out of the sale or sharing of your personal information (see Section 7 for California residents).

To exercise any of these rights, contact us at [email protected] with your name, registered email address, and the specific right you wish to exercise. We will respond within the timeframe required by applicable law (typically 30 to 45 days). We may need to verify your identity before processing your request.

7. California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • The right to know what categories and specific pieces of personal information we collect, use, disclose, and sell or share.
  • The right to delete personal information we have collected, subject to legal exceptions.
  • The right to correct inaccurate personal information.
  • The right to opt out of the sale or sharing of your personal information. Spartic does not sell personal information and does not share personal information for cross-context behavioral advertising.
  • The right to limit the use and disclosure of sensitive personal information — including government-issued identification numbers and precise geolocation — to the purposes specified in this policy.
  • The right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.

To submit a CCPA/CPRA request, email [email protected].

8. Canadian Residents (PIPEDA)

If you are located in Canada, your personal information is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. Spartic collects, uses, and discloses your personal information only with your knowledge and consent — express or implied — except where otherwise permitted or required by law. You have the right to access the personal information we hold about you and to request correction of inaccurate records. To make a privacy request or to withdraw consent (subject to legal and contractual restrictions that may affect your ability to use the Service), contact [email protected].

9. European and UK Residents (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, the following applies in addition to the general rights described in Section 6:

Lawful bases: We process your personal data on the following bases: (a) contract performance — processing necessary to provide the Service you have signed up for; (b) legal obligation — processing required to comply with AML, KYC, tax, and other regulatory requirements; (c) legitimate interests — fraud prevention, platform integrity, and service improvement, where those interests are not overridden by your rights and freedoms; and (d) consent — for marketing communications and any other processing for which we specifically request your consent.

Right to complain: You have the right to lodge a complaint with your national data protection supervisory authority if you believe we have handled your personal data in a manner inconsistent with applicable law.

Data controller: DoneStreet Inc., Ontario, Canada, is the data controller for purposes of the GDPR and UK GDPR.

10. International Data Transfers

Spartic is operated by DoneStreet Inc., a company incorporated in Ontario, Canada. Your personal information may be transferred to, stored in, and processed in countries other than the country in which you reside, including Canada, the United States, and other countries where our service providers operate. When we transfer personal data originating from the EEA or the UK to countries not recognized as providing an adequate level of data protection, we rely on appropriate transfer mechanisms — such as standard contractual clauses approved by the European Commission or equivalent instruments recognized under UK law.

11. Children

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently received personal information from a person under 18, we will promptly take steps to delete it from our records. If you believe we may have collected information from a minor, please contact us at [email protected].

12. Cookies and Tracking

We use cookies and similar tracking technologies on the Spartic marketing site and within the platform. Cookies fall into the following categories:

  • Strictly necessary: required for the site and platform to function — such as session tokens and security identifiers. These cannot be disabled without affecting core functionality.
  • Functional: remember your preferences and settings to improve your experience across sessions.
  • Analytics: collect aggregate data about how users interact with the site — such as pages visited and session duration — to help us understand and improve the Service. Analytics cookies may involve third-party tools operating under their own privacy policies.

You can manage functional and analytics cookies through your browser settings or, where we have implemented a cookie-preference tool, through that tool. Disabling certain cookies may affect platform functionality. Third-party scripts or pixels embedded in the Service may set their own cookies; their use is governed by those providers' own privacy policies.

13. Security

We implement technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls that limit data access to authorized personnel, and periodic security reviews. No method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. In the event of a data breach that may affect your rights, we will notify you and applicable regulators as required by law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you by email to your registered address or through an in-app notification before they take effect. Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

15. Contact

Questions about this policy or requests to exercise your privacy rights? Email us at [email protected].