Privacy Policy

Version 2.0 - Last updated March 2026

1. Introduction & Overview

Dead Certain Club ("we", "us", "our") operates the website deadcertainclub.com and associated services (collectively, the "Service"). We are an Australian-based entertainment platform that provides a subscription-based prediction game where members make predictions about celebrity deaths for prizes, with a portion of revenue directed to charity.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you visit our website, create an account, or use our Service. We are committed to handling your personal data responsibly and in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and, where applicable, the European Union General Data Protection Regulation (GDPR).

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Service.

2. Information We Collect

We collect the following categories of personal information:

2.1 Account Information

When you register for an account, we collect your full name, email address, date of birth, country of residence, and any display name or username you choose. This information is necessary to create and manage your account, verify your eligibility (including age and geographic restrictions), and communicate with you about your account.

2.2 Billing & Payment Data

When you subscribe to a paid membership, payment processing is handled by Stripe, Inc. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. We receive and store a Stripe customer identifier, your billing country, the last four digits of your card, card expiry date, and transaction history (amounts, dates, subscription status). This information is required to manage your subscription, process refunds, and distribute prizes.

2.3 Usage Data

We automatically collect information about how you interact with the Service. This includes predictions you make, pages you visit, features you use, timestamps of activity, referral URLs, and your interaction patterns. We also collect data about rounds you participate in, prediction history, and prize eligibility records.

2.4 Device & Technical Data

When you access the Service, we automatically collect your IP address, browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution, language preference, and time zone setting. Your IP address is used for geolocation purposes to enforce our geographic restrictions.

2.5 Cookies & Tracking Technologies

We use cookies, web beacons, and similar technologies to maintain your session, remember your preferences, analyse site traffic, and serve relevant advertisements. For full details, please see our Cookie Policy.

2.6 Communications Data

If you contact us via email, through our support channels, or via social media, we collect the content of your communications, your contact details, and any attachments you provide. We retain support correspondence to improve our Service and maintain records of issue resolution.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Service Delivery

To create and manage your account, process your predictions, calculate prize eligibility, distribute winnings, manage your subscription billing cycle, and provide customer support. This is the core processing necessary to deliver the Service you have signed up for.

3.2 Eligibility Verification & Compliance

To verify that you meet the minimum age requirement of 18 years, to confirm your country of residence, and to enforce geographic restrictions. We cross-reference your declared country of residence, your IP-based geolocation, and your billing country to ensure compliance with applicable laws.

3.3 Security & Fraud Prevention

To detect and prevent fraudulent activity, including multiple account creation, VPN-based circumvention of geographic restrictions, manipulation of predictions, and unauthorised access to accounts. We may use automated systems to flag suspicious activity for manual review.

3.4 Analytics & Service Improvement

To understand how users interact with the Service, identify popular features, diagnose technical issues, and improve the overall user experience. We use Google Analytics to collect aggregated, anonymised usage data for these purposes.

3.5 Communications

To send you transactional emails (account confirmations, subscription receipts, prize notifications, prediction confirmations), service announcements (changes to Terms or features), and, where you have opted in, promotional communications about new features or rounds. You can opt out of promotional communications at any time.

3.6 Legal Obligations

To comply with applicable laws, regulations, legal processes, or governmental requests. This includes maintaining records for tax purposes, responding to lawful data access requests, and cooperating with law enforcement where legally required.

4. Legal Basis for Processing

We process your personal information on the following legal grounds:

  • Performance of a contract: Processing necessary to provide the Service you have subscribed to, including account management, prediction processing, billing, and prize distribution.
  • Legitimate interests: Processing necessary for our legitimate business interests, including fraud prevention, security, service improvement, and analytics, provided these interests do not override your fundamental rights and freedoms.
  • Consent: Where you have given explicit consent, such as for receiving promotional emails or for the placement of non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legal obligation: Processing necessary to comply with laws applicable to us, including tax record-keeping, responding to lawful requests from authorities, and enforcing age and geographic restrictions.

5. Data Sharing & Third Parties

We share your personal information only with trusted third parties who assist us in operating the Service. We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

Our third-party service providers include:

  • Stripe, Inc. (San Francisco, USA) — Payment processing, subscription management, and fraud detection. Stripe receives your payment card details, billing address, and transaction information. Stripe's privacy policy: stripe.com/privacy
  • Supabase, Inc. (Singapore/USA) — Database hosting, authentication services, and file storage. Supabase stores your account data, prediction records, and application data. Supabase's privacy policy: supabase.com/privacy
  • Google LLC (USA) — Google Analytics for website usage analysis, and Google AdSense for advertising. Google may use cookies and tracking technologies as described in our Cookie Policy. Google's privacy policy: policies.google.com/privacy
  • Vercel, Inc. (USA) — Website hosting and content delivery. Vercel processes server request data including IP addresses. Vercel's privacy policy: vercel.com/legal/privacy-policy
  • Email service providers — For transactional and promotional email delivery, our email provider receives your email address, name, and email content.

We may also disclose your information to law enforcement, regulators, or other authorities if required by law, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. International Data Transfers

Dead Certain Club is based in Australia. However, some of our third-party service providers operate in other jurisdictions, including the United States and Singapore. When your personal data is transferred to countries outside Australia or the European Economic Area, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant data protection authorities
  • Data processing agreements with each third-party provider
  • Verification that the recipient country provides an adequate level of data protection, or that the provider has implemented appropriate technical and organisational security measures

By using the Service, you acknowledge that your data may be transferred to and processed in countries other than your country of residence, and that these countries may have different data protection laws.

7. Data Retention & Deletion

We retain your personal information for the following periods:

  • Active account data: Retained for the duration of your membership plus 12 months after account closure to allow for account recovery and to resolve any outstanding matters.
  • Billing and transaction records: Retained for 7 years after the transaction date to comply with Australian tax and financial record-keeping requirements.
  • Prediction and gameplay history: Retained for the duration of your membership. Anonymised or aggregated data may be retained indefinitely for statistical and analytical purposes.
  • Support communications: Retained for 3 years after resolution to maintain service quality records.
  • Server logs and IP data: Retained for up to 90 days for security and troubleshooting purposes.

When data is no longer required, it is securely deleted or irreversibly anonymised. You may request earlier deletion of your data, subject to our legal obligations to retain certain records.

8. Geo-Restriction & Compliance

Dead Certain Club is not available in all jurisdictions. We enforce geographic restrictions to comply with applicable laws and our own operational policies. To verify your eligibility, we collect and cross-reference:

  • Declared country of residence — provided during registration
  • IP-based geolocation — detected automatically at login and during active use
  • Billing country — determined from your payment method via Stripe

If discrepancies are detected between these data points, your account may be flagged for review, suspended, or terminated. The use of VPNs, proxies, or other tools to mask your true location and circumvent geographic restrictions is a violation of our Terms of Service and may result in immediate account closure and forfeiture of any prizes.

The Service is explicitly unavailable in the United States and certain other jurisdictions. A complete list of restricted territories is maintained on our website and in our Terms of Service.

9. Your Rights

Depending on your location and applicable data protection laws, you may have the following rights in relation to your personal information:

Under the Australian Privacy Act 1988

  • Access: You have the right to request access to the personal information we hold about you. We will respond to your request within 30 days.
  • Correction: You have the right to request that we correct any inaccurate, incomplete, out-of-date, or misleading personal information we hold about you.
  • Complaints: You have the right to complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the Australian Privacy Principles.

Under the GDPR (for users in the EEA/UK)

  • Right of access: You may request a copy of all personal data we process about you.
  • Right to rectification: You may request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): You may request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to data portability: You may request your personal data in a structured, commonly used, machine-readable format, and have it transmitted to another controller.
  • Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to restriction: You may request that we restrict processing of your data in certain circumstances.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@deadcertainclub.com. We will respond to all legitimate requests within 30 days (or such shorter period as required by law). We may ask you to verify your identity before processing your request.

10. Children's Privacy

The Service is strictly for individuals aged 18 years and over. We do not knowingly collect personal information from anyone under the age of 18. If we discover that we have inadvertently collected personal data from a minor, we will take immediate steps to delete that information from our systems and terminate the associated account.

If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately at privacy@deadcertainclub.com so that we can take appropriate action.

11. Cookie Policy

We use cookies and similar tracking technologies to enhance your experience, analyse traffic, and serve advertisements. Our use of cookies is governed by our separate Cookie Policy, which provides detailed information about the types of cookies we use, their purposes, duration, and how you can manage your cookie preferences.

12. Security Measures

We take the protection of your personal information seriously and implement a range of technical and organisational measures, including:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
  • Encryption at rest: Sensitive data stored in our databases is encrypted using industry-standard encryption algorithms.
  • Access controls: Access to personal data is restricted to authorised personnel on a need-to-know basis. Administrative access requires multi-factor authentication.
  • Secure authentication: We use NextAuth.js for secure session management with CSRF protection, secure cookie handling, and token rotation.
  • Regular security reviews: We conduct periodic reviews of our security practices and infrastructure to identify and address potential vulnerabilities.
  • Third-party security: We select service providers who demonstrate strong security practices and require them to maintain appropriate safeguards through contractual obligations.

Despite these measures, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. If you become aware of any security incident involving your account, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or operational needs. When we make material changes, we will notify you by posting the updated policy on this page with a revised "Last updated" date, and where appropriate, by sending you an email notification or displaying a prominent notice on the Service.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Officer:

We aim to respond to all privacy-related enquiries within 14 business days.

15. Complaints

If you are unsatisfied with our response to a privacy concern, you have the right to lodge a complaint with the relevant data protection authority:

  • Australia: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au — Phone: 1300 363 992
  • United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
  • European Union: Your local supervisory authority under the GDPR

We encourage you to contact us first so we have the opportunity to address your concern directly before involving a regulatory body.