Oakridge Interactive LLC, doing business as
Eazy6 (“Eazy6,” “we,” “our,” or “us”), respects your privacy and is committed
to protecting it. This Privacy Policy (“Policy”) explains how we collect, use,
disclose, and safeguard your personal information when you use the Eazy6 mobile
application (the “App”) and visit our website at www.eazy6.com (the “Site,”
collectively the “Services”). By using our Services, you agree to this Policy.
Privacy Principles
· Transparency – clear disclosures about what we
collect, why, and with whom we share it.
· Fairness & Lawfulness – we process data for
legitimate purposes and in accordance with applicable laws.
· Security – administrative, technical, and
physical safeguards proportionate to risk.
· Data Minimization – we collect only what we
need for the stated purposes.
· Accountability – contracts and oversight of our
service providers/processors.
· Privacy by Design & Default – privacy
embedded throughout our product lifecycle.
1. Scope of This Policy
· Players and visitors who
register for an account, make selections and enter skill-based contests
(free-to-play; no entry fee required), or otherwise use the App or Site.
· Individuals who contact us
(e.g., customer support, feedback).
· Business partners, vendors, and
service providers to the extent we process their personnel’s data in operating
the Services.
This Policy does not govern our HR/employment
data except as noted in the GDPR/UK Appendix.
2. Notice at Collection (Summary for U.S. State Privacy
Laws)
The table below summarizes the categories of
personal information we collect, the purposes for which we use it, sources,
whether it may be considered “sensitive,” whether it is “sold” or “shared” (as
defined by certain state laws), typical recipients, and indicative retention
periods.
|
Category
|
Examples
|
Purposes
|
Sources
|
Sensitive?
|
Sold/Shared?
|
Recipients
|
Retention
|
|
Identifiers
|
Name,
username, mobile number, email, IP address, device IDs.
|
Account
creation; OTP login; communications; security; fraud/abuse prevention.
|
You; your devices; service providers.
|
No (but mobile number may be sensitive in
some states).
|
Not sold. May be “shared” for cross-context
behavioral advertising only if you opt in; otherwise limited to service
providers.
|
Service
providers (OTP/SMS, auth, fraud/abuse, security); analytics vendors.
|
Account
life + legal and operational needs.
|
|
Protected classifications / Age
|
Date of birth; age eligibility.
|
Age
gating/eligibility (which may vary by state) and compliance.
|
You.
|
Yes (sensitive personal data in some states).
|
Not sold or shared.
|
Service
providers supporting eligibility enforcement and security.
|
Account
life + legal obligations.
|
|
Geolocation Data
|
Precise device location (GPS/Wi‑Fi/IP) via
geolocation and/or anti-fraud provider(s).
|
Determine
eligibility to offer free-to-play contests based on where you are physically
located (state law restrictions); detect VPN usage/spoofing or other
circumvention; fraud/abuse prevention; compliance.
|
Your
device; geolocation and security/fraud service provider(s).
|
Yes (precise geolocation).
|
Not sold or shared for advertising; disclosed
to service providers only.
|
Geolocation
and security/fraud service provider(s) (e.g., VPN/spoofing detection) and
hosting providers, as needed to operate the Services.
|
As
necessary for eligibility enforcement, security, and fraud prevention; then
minimized and/or de-identified where feasible.
|
|
Internet/Network Activity
|
App events, session logs, crash reports,
performance metrics, referral URLs.
|
App functionality; security monitoring;
analytics; improvement.
|
Your device; analytics SDKs.
|
No.
|
May be “shared” for cross‑context ads only if
you opt in; otherwise service providers only.
|
Analytics providers; anti‑fraud tools.
|
Operational needs + analytics windows.
|
|
Communications
|
Support emails/chats/call recordings;
feedback and surveys.
|
Customer support; quality assurance;
training; dispute resolution.
|
You; communications vendors.
|
May include sensitive content incidentally.
|
Not sold or shared for advertising.
|
Support tooling providers; dispute resolution
services.
|
As needed for support, disputes, and legal
holds.
|
|
Public Profile/Leaderboards
|
Display
name, entries, rank/standing, selection data visible to other users in the
same contest.
|
Core product
functionality features; community transparency.
|
You; platform systems.
|
No.
|
Public to participants; not sold.
|
Other users in the same contest; moderation
tools.
|
While the contest/feature is available +
audit window.
|
For
additional disclosures required by California and other states (including
rights to access, delete, correct, opt out of “sale” or “sharing,” and limit
use of sensitive personal information), see Section 11.
3. Information We Collect and Process (Detailed)
A. Visitors, Registrants, Purchasers, and Users of Our
Services
|
Examples
of Data
|
Where
Do We Get It?
|
Why
We Process It
|
Legal
Bases*
|
Who
Receives It?
|
|
Identity & contact (name, username,
mobile, email, DOB); account security (OTP status, backup email/password);
profile image (optional).
|
You directly via App or Site; device OS
account frameworks.
|
Account
creation; secure OTP login; communications; account recovery.
|
Contract;
legitimate interests; legal obligations (age and location-based eligibility).
|
Auth/OTP providers; email service;
fraud/abuse tools.
|
|
Geolocation (precise device location);
IP-based location.
|
Your device; geolocation and/or anti-fraud
provider(s).
|
Eligibility/geofencing
for free-to-play contests (state law restrictions) when you log in or enter a
contest; fraud prevention including detection of VPN usage/spoofing or other
circumvention.
|
Legitimate interests; legal obligations.
|
Geolocation
and security/fraud service provider(s) (e.g., Castle.io) and hosting
providers.
|
|
Device & technical (IP; OS; device identifiers;
app usage; crash logs).
|
Your device; analytics/crash SDKs.
|
Security monitoring; debugging; analytics and
improvement.
|
Legitimate interests; consent where required
for ads.
|
Analytics providers; anti‑fraud vendors.
|
|
Public
content (display name, standings, selections visible in leaderboards).
|
You; platform systems.
|
Core product
functionality; transparency; community features.
|
Contract; legitimate interests.
|
Other users in the contest; moderation
tooling.
|
*
Legal bases language is provided for jurisdictions recognizing such concepts
(e.g., GDPR/UK law); for U.S. processing, we rely on contract, consent where
required, legal obligations, and legitimate interests.
B. Persons Who Communicate with Us
|
Examples
of Data
|
Where
Do We Get It?
|
Why
We Process It
|
Legal
Bases*
|
Who
Receives It?
|
|
Identity/contact; communications content;
metadata; call recordings (where permitted).
|
You; comms providers; in-app support.
|
Respond to inquiries; QA/training; legal
holds.
|
Legitimate interests; legal obligations
(record retention).
|
Support platforms; transcription tools (where
used).
|
|
Technical data (IP, device, time, headers).
|
Your device; comms tooling.
|
Security and abuse prevention; rate limiting.
|
Legitimate interests.
|
Security tooling providers.
|
*
Legal bases language is provided for jurisdictions recognizing such concepts
(e.g., GDPR/UK law); for U.S. processing, we rely on contract, consent where
required, legal obligations, and legitimate interests.
C. Employment and Apprenticeship Candidates (if
applicable)
|
Examples
of Data
|
Where
Do We Get It?
|
Why
We Process It
|
Legal
Bases*
|
Who
Receives It?
|
|
Identity/contact; CV/resume; education; work
history; certifications; references.
|
You; recruiters; references; background check
vendors (where permitted).
|
Evaluate candidacy; schedule interviews;
onboarding.
|
Contract; legitimate interests; legal
obligations.
|
HR platforms; background-screening vendors
(if used).
|
*
Legal bases language is provided for jurisdictions recognizing such concepts
(e.g., GDPR/UK law); for U.S. processing, we rely on contract, consent where
required, legal obligations, and legitimate interests.
D. Business Partners and Their Personnel
|
Examples
of Data
|
Where
Do We Get It?
|
Why
We Process It
|
Legal
Bases*
|
Who
Receives It?
|
|
Identity/contact; role/title; company;
correspondence.
|
You; your employer; conferences/intros.
|
Administer our relationship; compliance
screening; payments.
|
Contract; legitimate interests; legal
obligations.
|
Billing platforms; compliance screening
vendors.
|
*
Legal bases language is provided for jurisdictions recognizing such concepts
(e.g., GDPR/UK law); for U.S. processing, we rely on contract, consent where
required, legal obligations, and legitimate interests.
4.
Geolocation and Eligibility Controls
Geolocation
& Geofencing.
We collect and use precise device location signals to verify that users
are physically located within jurisdictions where Eazy6 free-to-play contests
are legally offered (which may vary by state). Location verification may occur
when you log in or enter a contest. This may include device-native
location services (such as GPS), network-based location indicators,
operating-system level device integrity and attestation checks, and
supplemental fraud-prevention or network-risk signals to detect VPN usage,
spoofing, or other attempts to circumvent geographic eligibility restrictions.
If you disable required location or integrity checks, certain features may not
be available. We do not use precise location information for unrelated advertising
purposes.
Age
Eligibility.
We ask for your date of birth to help determine whether you meet applicable age
requirements, which may vary by jurisdiction. In the free-to-play version of
the Services, we do not require government ID verification.
5. Online Tracking, SDKs, and Marketing
· We use SDKs and cookies on the Site/App for
essential functions, analytics, crash reporting, performance, and—where
permitted—advertising and measurement.
· We do not currently run in-app
advertising and do not currently prompt for Apple’s App Tracking Transparency
(ATT) authorization. If we implement advertising or ad attribution in the
future, we will update our practices and notices, and request any permissions
required by law or platform policies.
· We honor applicable opt‑out mechanisms (e.g.,
“Do Not Sell or Share,” GPC signals on web) where required by law.
· Service emails (e.g., OTP codes, security
alerts, transactional notices) are not marketing and will still be sent.
6. How We Share Personal Information
· Service providers/processors
(e.g., OTP/SMS, geolocation and eligibility enforcement, security and
fraud/abuse prevention such as VPN/spoofing detection, analytics, support,
hosting) under confidentiality and data protection agreements.
· Affiliates and professional advisors (legal,
auditors, insurers) for compliance and corporate governance.
· Legal/regulatory and integrity monitoring—where
required to comply with law, enforce terms, investigate fraud/cheating/abuse,
or respond to lawful requests.
· Business transfers—mergers, acquisitions,
restructurings; personal information may be transferred as an asset as
permitted by law.
· With your consent or at your direction.
7. Security
We implement reasonable administrative,
technical, and physical safeguards appropriate to the nature of the data and
risk, including TLS encryption, secure OTP login, access controls,
least‑privilege, monitoring, and regular testing. No method of transmission or
storage is completely secure; you are responsible for maintaining the
confidentiality of your account credentials.
8. Data Retention & Minimization
· We retain personal information
only for as long as needed for the purposes described in this Policy, including
core functionality, customer support, security/fraud prevention, and legal
obligations.
· When data is no longer needed, we will delete
or de‑identify it, subject to legal holds or dispute resolution.
9. Children’s Data
Eazy6 is intended for U.S. users aged 18+ (or
the legal age in their jurisdiction). We do not knowingly collect personal
information from children under 13 (or under 16 where applicable). If we learn
we have collected such information without appropriate consent, we will delete
it.
10. International Data Transfers
The
Services are intended for use by individuals located in the United States and
are not directed to individuals outside the U.S. However, our service providers
and infrastructure partners may process or store personal information in the
United States and, in some cases, other countries. Where required by applicable
law (including GDPR/UK law), we use appropriate safeguards for cross-border
transfers (e.g., Standard Contractual Clauses).
11. U.S. State Privacy Rights
Depending on your state of residence, you may
have rights to access, correct, delete, or obtain a portable copy of your
personal information; to opt out of sale, sharing for cross‑context behavioral
advertising, and certain profiling; to limit use/disclosure of sensitive
personal information; and to be free from discrimination. You may exercise
these rights by emailing privacy@eazy6.com. We will verify requests and respond
as required by law. We honor Global Privacy Control signals on the web where
applicable.
12. Do Not Track and Global Privacy Control
Some browsers include a Do Not Track (“DNT”)
setting. Our Site does not respond to DNT signals at this time. We do, however,
recognize and honor Global Privacy Control (“GPC”) signals where required by
applicable law.
13. Changes to This Policy
We may revise this Policy from time to time.
The “Last Updated” date indicates the effective date. Material changes may be
announced via the App or email. Your continued use of the Services after
changes means you accept the updated Policy.
14. Contact Us
Eazy6 Privacy Team
Oakridge Interactive LLC
101 Crawfords Corner Road, Ste. 4116
Holmdel, NJ 07733
Email: privacy@eazy6.com
15. Player Safety and Integrity Monitoring
We
use a combination of internal systems and third party tools to help maintain a
fair, balanced, and safe environment. This may include detecting
multiaccounting, collusion, botting, tampering, VPN/spoofing, or other
integrity and security risks; investigating suspected cheating or abuse; and
temporarily restricting accounts to review anomalies.
Automated risk signals are used to support
security, fraud prevention, eligibility enforcement, and player safety, and are
not used to make decisions producing legal or similarly significant effects
without human review where required by law.
16. Prohibited Users and Eligibility Controls
· Users located in jurisdictions
where our free-to-play contests are not legally offered (as determined via
geolocation) may be restricted from accessing certain contest features.
· Certain employees, contractors,
vendors, and others with access to confidential or contest‑integrity
information are prohibited from competing where required by policy or law.
17. Combination of Data and Profiling
We may combine information collected across the
App, the Site, and our service providers to improve accuracy, security, and
your experience. We may also use automated decision‑making or profiling (e.g.,
risk scoring signals for fraud prevention or geolocation eligibility). Where
required by law, we will provide meaningful information about the logic
involved and the significance and potential consequences for you, as well as
your rights related to such processing.
18. Authorized Agents, Appeals, and Verification Process
· You may designate an authorized agent to submit
a privacy request on your behalf. We require a signed authorization and
identity verification.
· We verify requests by matching information you
provide with our records. Certain requests may require stronger verification
(e.g., government ID).
· If we deny your request, you may appeal by
replying to our decision notice with “Appeal” in the subject line. We will
review and respond within the timeframe required by applicable law.
19. Sensitive Personal Information – Limitation
Where
state law provides a right to limit use and disclosure of sensitive personal
information (e.g., precise geolocation or government ID), we limit our use of
such data to the purposes reasonably necessary to provide the Services, ensure
security and integrity, prevent fraud, comply with laws, and other purposes
permitted by those laws.
20. Authentication and Account Security
· Primary sign-in via mobile
number + one-time passcode (OTP).
· Backup email strongly
recommended for account recovery; email must be verified if provided.
· Optional backup password available
(recommended).
· Security notifications (email/SMS) sent on
username, password, or mobile changes.
· Rate limits and cooldowns for OTP requests;
short OTP expiration windows; limited attempts.
· Recovery paths include mobile
OTP, verified backup email (if set), and support-assisted recovery.
21. Account Deletion
You
may permanently delete your account from within the App. After deletion is
completed, you will no longer be able to access the account.
To
delete your account:
- Go
to Profile.
- Select
Account Settings.
- Select
Delete Account.
Follow the on-screen
prompts to confirm account deletion.
Appendix A – GDPR/UK Data Protection Addendum
If
you are located in the EEA/UK, this Addendum applies in addition to the main
Policy. The Services are intended for U.S. users; however, if you access or use
the Services from the EEA/UK, the disclosures and rights below apply to the
extent required by GDPR/UK data protection law.
|
Category
|
Purpose
of Processing
|
Legal
Basis (GDPR Art. 6)
|
|
Account & Contact (name, username,
mobile, email, DOB)
|
Provide and manage account; OTP login;
communications
|
Art. 6(1)(b) Contract; Art. 6(1)(f)
Legitimate interests
|
|
Geolocation
|
Eligibility/geofencing
for free-to-play contests (state law restrictions); compliance; fraud
prevention
|
Art. 6(1)(f) Legitimate interests; Art.
6(1)(c) Legal obligation
|
|
Device/Usage/Analytics
|
Security; analytics; improvement
|
Art. 6(1)(f) Legitimate interests; Art.
6(1)(a) Consent (for ads where required)
|
|
Marketing/Communications
|
Send
product updates and communications (where permitted). We do not currently run
in-app advertising; if we introduce marketing communications requiring
consent, we will provide choices as required by law.
|
Art. 6(1)(a) Consent; Art. 6(1)(f) Legitimate
interests
|
For information about cross-border transfers
and safeguards, see Section 10 (International Data Transfers). To exercise
GDPR/UK rights, contact us at privacy@eazy6.com (see Section 14).
International transfers may occur to
countries without an adequacy decision; where required, we rely on appropriate
safeguards (e.g., Standard Contractual Clauses). You have rights under GDPR/UK
law (including access, rectification, erasure, restriction, portability, and
objection) and may contact us to exercise them. You may also lodge a complaint
with your supervisory authority.
Appendix B – State Privacy Rights Summary (California and
Other U.S. States)
· Right to Know/Access, Correct, Delete, and
Portability.
· Right to Opt Out of Sale or Sharing and
Targeted Advertising.
· Right to Limit Use/Disclosure of Sensitive
Personal Information (e.g., precise geolocation, government ID).
· Non‑discrimination
for exercising rights.
· Authorized agent procedures; verification steps
for requests.
Appendix C – Key Third‑Party Service Providers (Current)
|
Category
|
Provider(s)
(Subject to Change)
|
Purpose
/ Notes
|
|
Geolocation & Eligibility Controls
|
Device-native
location services and third-party security/fraud and eligibility tools
(subject to change)
|
Precise
location verification and geofencing for free-to-play contest eligibility
(state law restrictions); detection of VPN usage, spoofing, or circumvention
of jurisdictional restrictions (e.g., via Castle.io or similar providers);
eligibility enforcement.
|
|
OTP / Authentication Messaging
|
SMS, email, or push notification providers
|
Delivery of one-time passcodes, security
alerts, and key account notifications.
|
|
Analytics / Performance / Crash Reporting
|
Analytics and diagnostics providers
|
App performance monitoring; crash reporting;
usage analytics; service improvement.
|
|
Customer Support & Communications
|
Helpdesk, CRM, and communications platforms
|
Customer support, communications, quality
assurance, and dispute resolution.
|
|
Security, Fraud & Integrity Monitoring
|
Fraud-prevention and security service
providers
|
Detection of account takeover, botting,
collusion, abuse, and other integrity or security risks.
|
Appendix D – Definitions
· “Personal Information” or “Personal Data” means
information that identifies, relates to, describes, is reasonably capable of
being associated with, or could reasonably be linked, directly or indirectly,
with a particular consumer or household.
· “Sensitive Personal Information” includes
certain data such as precise geolocation, government IDs, and biometric
information as defined by applicable law.
· “Sale” or “Share” have the meanings given in
applicable state privacy laws (e.g., CPRA).
· “Processor/Service Provider”
means a vendor that processes data on our behalf under contract.
· “Contest” means a skill-based
challenge or competition offered through the Services in which participants
submit an entry before the contest locks and results are determined based on
official statistics from real-world sporting events.
· “Selection” means a
participant’s skill-based choice of a player or team (and, where applicable, a
rank order) for purposes of a contest entry. Selections are not contracts or
tradable positions, and users do not buy, sell, or trade them.
· “Entry” means a participant’s
submitted set of selections for a contest.
· “Projections” (if displayed)
are informational estimates intended to help users evaluate players or teams
when making selections. Projections are not a guarantee of actual performance
and do not determine contest outcomes. Contest scoring and settlement are based
solely on official statistics recorded during the real-world events.
Appendix E – California “Shine the Light” and Nevada
Rights
· California “Shine the Light” (Civ. Code §
1798.83): We do not disclose personal information to third parties for their
direct marketing purposes without giving you a right to opt out.
· Nevada residents: We do not “sell” covered
information as defined by Nevada law. You may still submit a verified request
directing us not to sell covered information by contacting privacy@eazy6.com.
Appendix F – Cookie and SDK Notice
We and our service providers use cookies and
SDKs to operate the Site and App. You can control cookies via your browser and
mobile OS settings. The categories below summarize typical technologies used.
|
Category
|
Examples
|
Purpose/Controls
|
|
Essential
|
Authentication, session management, security
tokens
|
Required to log in, route traffic, and keep
your session secure; cannot be disabled.
|
|
Functional
|
Preference cookies, in‑app settings
|
Remember choices (e.g., language,
notification preferences).
|
|
Analytics
|
SDKs such as Firebase/Google Analytics; crash
reporters
|
Measure performance and usage; de‑identified
or aggregated where possible; opt‑out via device settings where available.
|
|
Advertising/Attribution
(if implemented)
|
If
implemented: advertising and attribution SDKs
|
If we
implement advertising or ad attribution in the future, we may use device
identifiers for measurement. Where required, we will provide choices and
request any permissions required by law or platform policies (e.g., ATT). You
can also control certain settings via your mobile OS.
|
California Consumer Privacy Act (CPRA) Disclosures
This section supplements the Policy for
California residents and describes our practices required by the California
Consumer Privacy Act, as amended by the California Privacy Rights Act (“CPRA”).
|
CPRA
Category
|
Examples
|
Collected
|
Sold/Shared
|
Disclosed
for Business Purpose (Recipients)
|
Sensitive?
/ Right to Limit
|
|
Identifiers
|
Name, username, mobile, email, device IDs, IP
|
Yes
|
No sale; sharing only if you opt in;
otherwise service providers only
|
Auth/OTP,
analytics, security/fraud prevention
|
Some identifiers may be sensitive under state
law
|
|
Customer Records
|
Account
records; support and dispute history (if you contact us)
|
Yes
|
No
|
Service
providers supporting account operations; auditors/professional advisors as
needed
|
May
include sensitive information depending on content
|
|
Protected Classifications
|
Age (18+), date of birth
|
Yes
|
No
|
Service
providers supporting eligibility enforcement and security
|
Yes; right to limit applies to certain uses
|
|
Geolocation
|
Precise device location
|
Yes
|
No sale/share for ads
|
Geolocation provider; compliance
|
Yes; right to limit applies
|
|
Internet Activity
|
App events, usage, crash logs
|
Yes
|
Shared for cross‑context ads only if you opt
in
|
Analytics/crash providers
|
No
|
|
Inferences
|
Risk signals for fraud/abuse
|
Yes
|
No
|
Security/fraud tools
|
May be sensitive depending on context
|
California
Rights: access/know, delete, correct, portability, opt‑out of sale/share and
certain profiling, limit use/disclosure of sensitive personal information, and
non‑discrimination. To exercise rights, email privacy@eazy6.com. We verify
requests and honor Global Privacy Control signals on the Site where required.