Privacy Policy

Last updated: April 19, 2026

1. Introduction

Taikai ("we," "us," or "our"), operated by the trustee for The Phillips Family Trust, is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and what choices you have. This policy applies to all users of the Taikai web application ("the Service").

2. Information We Collect

2.1 Information You Provide

When you use Taikai, you may provide us with:

  • Account information: Your name, email address, and password (stored as a one-way hash — we cannot read your password)
  • Profile information: Date of birth, gender, belt rank, and dojo affiliation
  • Child information: If you register children for tournaments, their name, date of birth, gender, and belt rank
  • Tournament data: Registrations, event entries, division selections, and waiver acknowledgements
  • Payment information: Transaction records for tournament entry fees (payment processing is handled by third-party providers; we do not store your card details)

2.2 Information We Do NOT Collect

Taikai is designed to minimise data collection. We do not collect:

  • Credit card or payment card numbers (these are handled entirely by Stripe or PayPal)
  • Social security or government identification numbers
  • Precise location data
  • Device fingerprints or advertising identifiers
  • Browsing history outside the Service

2.3 Automatically Collected Information

When you use the Service, our servers automatically log:

  • Your IP address (for security and rate limiting)
  • Browser type and version
  • Pages visited within the Service and timestamps

This data is used solely for security, debugging, and maintaining the Service. It is not used for advertising or shared with third parties.

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Manage tournament registrations, generate draws, display scoreboards, and publish results
  • Authenticate you: Verify your identity when you log in
  • Process payments: Facilitate tournament entry fee payments through third-party payment providers
  • Send essential emails: Password resets, registration confirmations, tournament updates, and important service announcements
  • Enable tournament administration: Allow tournament organisers to manage entries, divisions, and event logistics
  • Maintain security: Rate-limit login attempts, validate sessions, and protect against abuse

We do not use your information for advertising, profiling, or selling to third parties.

4. Data Sharing

We do not sell, rent, or share your personal information with third parties except in the following limited circumstances:

  • Tournament organisers: When you register for a tournament, the tournament organiser can see your registration details (name, dojo, division, events entered) to manage the competition
  • Public results: Tournament results (competitor name, dojo, placing) may be displayed publicly on scoreboards and results pages
  • Payment processors: We share necessary transaction details with Stripe and/or PayPal to process entry fee payments. These providers have their own privacy policies
  • Legal requirements: If required by law, regulation, or valid legal process
  • Safety: If necessary to protect the rights, safety, or property of Taikai, our users, or the public

We do not use third-party analytics services, advertising networks, or data brokers.

5. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Passwords are hashed using bcrypt (one-way, irreversible)
  • All connections use TLS encryption (HTTPS)
  • Sessions use HTTP-only, same-site cookies
  • Database queries use parameterised statements to prevent injection
  • CSRF tokens protect all form submissions
  • Sensitive configuration data is encrypted at rest

While no system is 100% secure, we take reasonable steps to protect your data from unauthorised access, alteration, or destruction.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • All personal data (name, email, password hash) is permanently deleted
  • All registration and profile data is permanently deleted
  • Historical tournament results may be retained in anonymised form
  • Server logs containing your IP address are retained for up to 90 days for security purposes, then deleted

7. Cookies

Taikai uses only essential cookies required for the Service to function:

  • Session cookie: Maintains your login session (expires when you close the browser or after inactivity)
  • Theme preference: Stored in your browser's localStorage (not a cookie), remembers your light/dark mode choice

We do not use tracking cookies, advertising cookies, or third-party cookies.

8. Your Rights

You have the right to:

  • Access your data — all your data is visible within the Service
  • Correct your data — you can edit your profile information at any time
  • Delete your data — you can request complete account deletion
  • Withdraw consent — you can stop using the Service at any time

To exercise any of these rights, contact us.

9. Children's Privacy

Children under 16 may participate in tournaments but must be registered by a parent or legal guardian. We do not allow children under 16 to create their own accounts. Parent or guardian accounts manage all data relating to their children, and parents may update or delete their child's information at any time.

10. International Users

The Service is hosted in the United States and operated from Australia. If you access the Service from another jurisdiction, your information may be transferred to and processed in the United States. We reserve the right to transfer hosting to another country or jurisdiction at any time without notice. By using the Service, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email and update the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or how your data is handled, please contact us through our support page.