Privacy Policy
Last updated: June 10, 2026 · Supersedes the version effective November 21, 2024
1. Information we collect
We collect the minimum needed to run the Service:
- Account information — your email, display name, and — if you sign up with a password — your password, stored hashed. If you sign in with Google, we receive your email and name from Google instead.
- Identity & age attributes— confirmed through our identity provider, Hopae Connect, when you verify. We receive a verification reference, your verified status, and your verified name (shown on your profile); for age-restricted events, a confirmation that you meet the age requirement (e.g. over 18 / over 21). You see and approve exactly what is shared, and we never receive or store copies of your ID documents.
- Orders and tickets— the events, ticket types, and amounts you purchase, and when your ticket's QR code is used for entry. Payments are processed by Stripe; we never store your card details.
- Competition entries — if you enter a competition that requires additional information, the items its organizer requires (for example name, date of birth, nationality, contact details, or team), disclosed to you before you enter.
- Support — your email, name, and the contents of your inquiry when you contact us.
- Usage data — standard logs and device information needed to keep the Service secure and reliable. We use only essential cookies.
2. How we use your information
Primarily to prevent scalping — binding each ticket to a verified person and enforcing fair per-person limits so bots and resellers can't hoard and flip inventory. We also use it to operate your account, issue and validate tickets, confirm age for age-restricted events, run competitions you enter, respond to support requests, keep the Service secure, and meet legal obligations. We do not sell your personal information, and we do not use it for cross-context behavioral advertising.
3. Identity and age verification
Verification is performed by Hopae Connect and confirms you are a real, unique person. When an event is age-restricted (for example 18+ or 21+), we confirm only that you meet the age requirement — not your full date of birth.
You see and approve exactly what is shared before it is shared. PlayID stores a verification reference, your verified status, and your verified name — not copies of your government ID documents. This confirms you are a real, unique person of the required age without retaining sensitive document images.
4. When we share information
We share personal information only:
- With service providers working on our behalf under contractual safeguards — Stripe (payment processing), Hopae Connect (identity verification), Supabase (database and authentication, on AWS infrastructure), Vercel (application hosting), and Retool (internal operations tooling).
- With event organizers— only for events or competitions you join, only the items the organizer requires (disclosed at registration, e.g. name, date of birth, or eligibility attributes), and only for running that event. Organizers' retention periods are stated at registration.
- When required by law, or to protect the rights, safety, and integrity of the Service and its users.
- In a business transfer, where this policy will continue to apply to your information.
We do not sell your personal information, or share it for cross-context behavioral advertising, with anyone — and we never have.
5. International transfers
PlayID is a global service. Your information is processed in the United States and may be processed in other countries where we or our service providers operate (including the Republic of Korea). Wherever it is processed, we apply the safeguards described in this policy and appropriate contractual protections with our providers.
6. Retention
We keep your information while your account is active. When you close your account, we delete or anonymize your personal information promptly, except where we must keep it longer — order and tax records retained as required by law, competition records retained for the period stated at registration, and records of accounts restricted for fraud or abuse, which we may retain as permitted by law to keep the Service fair.
7. Security
We protect personal information with administrative, technical, and physical measures — access controls and least-privilege permissions, encryption, security monitoring, and staff training. Hopae maintains ISO/IEC 27001 and ISO/IEC 27701 certifications and undergoes SOC 2 (Type II) examinations.
8. Your rights
Depending on where you live, you may have rights under laws such as the California Consumer Privacy Act and other U.S. state privacy laws, the EU/UK GDPR, or Korea's Personal Information Protection Act. Wherever you are, we honor requests to:
- access the personal information we hold about you, and receive a copy;
- correct inaccurate information;
- delete your information (subject to the retention exceptions above);
- restrict or object to certain processing.
Contact us at esports@hopae.com and we will respond promptly. An authorized agent, or the parent or legal guardian of a minor, may exercise these rights on your behalf. We will never discriminate against you for exercising them, and where the GDPR applies you may also lodge a complaint with your local supervisory authority. Declining to provide personal information is always your choice, though some features — such as purchasing tickets, which requires verification — may then be unavailable.
9. Children and minors
The Service is not directed to children under 13, and we do not knowingly collect their personal information; if we learn that we have, we will delete it. Users under 18 may use PlayID only with the consent and supervision of a parent or legal guardian, and competitions involving minors aged 13–17 require separate parent-or-guardian consent for the collection and sharing of the entrant's information as part of that competition's registration. Parents and guardians may review, correct, or delete their child's information at any time using the contact below.
10. Privacy contact
Privacy Officer: Kim Jun-min, Head of Trust — Hopae Inc.
esports@hopae.com
11. Changes to this policy
We may update this policy as laws and the Service evolve. Material changes are announced on the Service at least 7 days before they take effect.