00:00:00 UTC System Audited & Secured

Privacy & Data Policy

Absolute transparency regarding the collection, encryption, and protection of your data.

Last Updated: October 2025

1. Data Collection Protocols

At GoodLuck Tickets, we operate on a principle of data minimization—collecting only the information strictly necessary to provide secure syndicate allocations, execute mechanical payouts, and maintain full compliance with Australian regulatory requirements.

When you establish an account and participate in our platform, we collect two primary categories of data. First, Personally Identifiable Information (PII) required for mandatory Know Your Customer (KYC) verification, including your legal name, date of birth, residential address, and contact details. Second, transactional and telemetry data, which encompasses your syndicate selection history, escrow interactions, IP addresses for security auditing, and platform navigation metrics.

We do not collect sensitive behavioral data for the purpose of predictive marketing profiling. Our data collection is purely structural, designed to guarantee the security of your funds and the legitimacy of your age and identity as an Australian user.

2. Encryption & Storage Standards

The security of your personal and financial information is our highest operational priority. GoodLuck Tickets employs institutional-grade cryptographic standards to ensure your data remains impregnable.

All data transmitted between your device and our servers is secured using TLS 1.3 encryption. At rest, your sensitive PII and financial metadata are stored in highly secure database clusters utilizing AES-256 encryption. We utilize advanced tokenization for all payment processing; we never store your full credit card numbers or raw banking credentials on our primary operational servers.

Our database architecture is geographically distributed within secure, ISO-27001 certified data centers, ensuring both redundancy and protection against physical or localized digital intrusion.

3. Third-Party Sharing Limitations

GoodLuck Tickets explicitly refuses the monetization of user data. We do not, under any circumstances, sell, rent, or lease your personal information to third-party marketing firms, data brokers, or external advertising networks.

Your data is only shared with authorized third parties when structurally necessary to fulfill our core services. This includes securely transmitting necessary verification data to certified identity verification agencies (for KYC compliance) and passing tokenized financial payloads to our regulated payment gateway partners to facilitate escrow and disbursement.

We may also be compelled to disclose specific user data to Australian law enforcement agencies, tax authorities (ATO), or gaming regulators if legally required by a valid warrant, subpoena, or statutory obligation.

4. User Data Rights & Deletion Requests

We respect your autonomy over your personal information. Under the Australian Privacy Principles (APPs), you retain specific rights regarding the data we hold about you.

You have the right to request a comprehensive cryptographic ledger of all personal data held within your profile. You may also request corrections to any inaccurate data. Crucially, you possess the right to request account deletion and data erasure (the "right to be forgotten").

However, please note that due to strict Anti-Money Laundering (AML) regulations and financial auditing requirements, we are legally mandated to retain specific transactional histories and identity verification records for a minimum period of up to seven years, even after an account closure request is processed. Once this mandatory statutory retention period expires, your data will be permanently purged from our secure servers.

5. Mandatory Breach Notification Rules

Transparency is foundational to the GoodLuck Tickets architecture. In the highly unlikely event of a security breach that compromises your encrypted personal data, we adhere to strict, rapid-response notification protocols.

Under the Notifiable Data Breaches (NDB) scheme, if a breach occurs that is likely to result in serious harm, we are legally obligated—and internally committed—to notifying affected users directly and informing the Office of the Australian Information Commissioner (OAIC) without unreasonable delay, typically within 72 hours of verification.

Any breach notification will include clear, plain-text details regarding the nature of the breach, the specific data elements involved, the mechanical steps we have taken to mitigate the threat, and actionable advice on how you can further secure your digital identity.