Privacy Policy

JockBroker Digital Trading Platform

Effective Date: March 1, 2026Previous Version: January 1, 2025Version: 4.0

1. Introduction

JockBroker Inc. (“JockBroker,” “we,” “us,” or “our”) operates a digital sports card trading platform. This Privacy Policy explains how we collect, use, share, and protect your information when you use our Platform.

This policy is provided in compliance with the General Data Protection Regulation (GDPR) Articles 13 and 14, the California Consumer Privacy Act (CCPA/CPRA), and applicable US state data protection laws.

2. Information We Collect

2.1 Account Information

  • Identity Data: Name, username, date of birth
  • Contact Data: Email address, phone number, mailing address
  • Verification Data: Government ID, SSN (last 4 digits), selfie for verification

2.2 Financial Information

  • Payment Data: Payment card details, bank account information
  • Transaction Data: Deposit/withdrawal history, trading history
  • Balance Data: Account balances, pack purchases, contest entries

2.3 Trading Activity

  • Cards owned, traded, and watched
  • Bids, asks, completed trades
  • Collection value, P&L tracking
  • Contest entries, lineups, results

2.4 Technical Information

  • IP address, browser type, operating system
  • Pages viewed, features used, session duration
  • General location based on IP address
  • Cookie data and preferences

2.5 Communication Data

  • Customer service interactions
  • Email preferences, campaign responses
  • Public profile information, trader ratings

3. How We Use Your Information

Platform Operations

  • Process pack purchases and trades
  • Facilitate peer-to-peer marketplace
  • Manage contests and prize distribution
  • Provide customer support

Security & Compliance

  • Verify identity (KYC)
  • Prevent fraud and money laundering
  • Comply with legal obligations
  • Investigate suspicious activity

4. Information Sharing

We share data with service providers under written contracts:

  • Payment Processors: Stripe, PayPal, banking partners
  • Identity Verification: KYC providers
  • Cloud Services: AWS
  • Analytics: Pseudonymized data only
  • Error Tracking: Sentry (PII stripped)

We may disclose information to comply with laws, respond to legal process, protect rights and safety, or investigate fraud.

5. Data Retention

Data CategoryRetentionBasis
Account dataDuration of accountContract
Financial records7 yearsIRS / AML
KYC documents5 years after closureAML / BSA
Security logs3 yearsLegitimate interest
Contest records7 yearsDFS regulatory
Responsible gamingPermanentRegulatory
Technical logs90 daysLegitimate interest
Consent recordsIndefiniteProof of lawful processing

6. Your Rights

6.5 California Residents (CCPA/CPRA)

Additional rights under the California Consumer Privacy Act and California Privacy Rights Act — see Section 19 for full details:

  • Right to Know categories and specific pieces of data collected
  • Right to Delete your personal information
  • Right to Correct inaccurate information
  • Right to Opt-Out of sale or sharing — opt-out page
  • Right to Limit Use of sensitive personal information
  • Right to Non-Discrimination for exercising your rights
  • We honor Global Privacy Control (GPC) browser signals

6.6 European Residents (GDPR)

If you are in the EEA or UK, you have additional rights under GDPR:

  • Right to Object (Art 21): Object to processing based on legitimate interest
  • Right to Restrict Processing (Art 18): Request we restrict processing of your data
  • Right to Data Portability (Art 20): Receive your data in machine-readable format
  • Right to Lodge Complaints: Contact your local supervisory authority
  • Right re: Automated Decisions (Art 22): Request explanation of automated decisions

Exercise these rights via Settings > Privacy, email privacy@jockbroker.com, or contact our EU Representative. Response within 30 days.

7. Data Security

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Multi-factor authentication
  • Regular security audits — SOC 2 Type II certified
  • PCI DSS compliance for payment data
  • 72-hour breach notification

8. Cookies & Tracking

We use cookies in four categories: Essential (always on), Functional, Analytics, and Marketing (require consent). You can manage your preferences in Settings > Privacy.

9. International Transfers

Your data is transferred to and processed in the United States (AWS us-east-1). EU/EEA transfers are protected by Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework, plus technical safeguards including encryption, access controls, and audit logging.

10. Data Processing Basis (GDPR Article 6)

Processing ActivityLawful Basis
Account creation & managementContract (Art 6(1)(b))
Financial transactionsContract + Legal Obligation
Identity verification (KYC)Legal Obligation (Art 6(1)(c))
Device fingerprinting / fraudLegitimate Interest (Art 6(1)(f))
Fraud risk scoringLegitimate Interest (Art 6(1)(f))
Product analyticsLegitimate Interest / Consent
Marketing communicationsConsent (Art 6(1)(a))

11. Automated Decision Making (GDPR Article 22)

We use automated processing for fraud risk scoring and card valuation. Fraud risk scores are advisory only — human review is required before any account restriction, fund hold, or service denial.

You have the right to request an explanation, contest any automated decision, and request human intervention. See Settings > Privacy > Automated Decisions.

12. Your California Privacy Rights (CCPA/CPRA)

This section applies to California residents under Cal. Civ. Code § 1798.140(i).

Categories of PI Collected (Last 12 Months)

CCPA CategoryElementsPurpose
A. IdentifiersName, email, phone, IP, device IDsAccount, verification, fraud
B. § 1798.80(e)Name, address, DOB, financialKYC, transactions
C. Protected class.DOB, ageAge verification
D. CommercialTransactions, trades, contestsOperations, reporting
F. Internet activityBrowser, pages, sessionsImprovement, fraud
G. GeolocationIP-based state locationDFS compliance
K. InferencesFraud scores, profilesSecurity
L. Sensitive PISSN (last 4), gov ID, financialKYC/AML, transactions

JockBroker does not sell your personal information. We do not “share” personal information for cross-context behavioral advertising.

Your California Rights

RightHow to ExerciseResponse
Right to KnowSettings > Privacy > Export45 days
Right to DeleteSettings > Privacy > Delete45 days
Right to CorrectSettings > Account45 days
Opt-Out Sale/SharingDo Not Sell page15 biz days
Limit Sensitive PISettings > Privacy > CA Rights15 biz days
Non-DiscriminationAutomatic

Global Privacy Control (GPC)

We honor the GPC browser signal. If your browser sends Sec-GPC: 1, we automatically treat it as a Do Not Sell opt-out per CCPA § 1798.135(e).

Do Not Track (DNT)

When your browser sends a DNT: 1 header, we suppress non-essential analytics for your session.

Authorized Agents

You may designate an authorized agent to submit CCPA requests on your behalf with signed written authorization. Email privacy@jockbroker.com.

Shine the Light (Cal. Civ. Code § 1798.83)

We do not disclose personal information to third parties for their direct marketing purposes.

13. Contact Information

Data Controller

JockBroker Inc.

1000 Market Street, Suite 500

San Francisco, CA 94102

Privacy Officer

Email: privacy@jockbroker.com

Phone: 1-888-JOCK-BRO

EU Representative

JockBroker EU Limited, Dublin, Ireland

Email: eu-privacy@jockbroker.com

Supervisory Authorities

EU/EEA: Data Protection Commission (DPC), Ireland — dataprotection.ie

UK: Information Commissioner’s Office (ICO) — ico.org.uk

← HomeDo Not Sell or SharePrivacy SettingsTerms of Service