// Legal

Privacy Policy

AAA Interactive Ltd — Last updated: 10 February 2026

1. Who We Are

GenStars operates under AAA Interactive Ltd, an England and Wales registered entity serving as data controller. Contact: legal@aaai.co.uk

2. Age Requirements

Account creation requires minimum age 16; paid competition entry and prize collection require age 18.

3. What Data We Collect

3.1 Account Information

Email address
Username
Authentication provider IDs (Google/Apple)

3.2 Profile Information

Biography (up to 150 characters)
Avatar image

3.3 Payment and Financial Data

Stripe processes financial information; credit card numbers and bank details aren't stored directly by GenStars. Stripe's identity verification may require additional documentation.

3.4 Competition and Activity Data

Entries, roles, results
Votes and voting history
Video/audio/image uploads with metadata
Follower relationships
Notification preferences
Performance statistics

3.5 Device and Technical Data

IP address and user agent
Device name/platform (iOS/Android)
Push notification tokens

3.6 Location Data

IP addresses determine regional feature availability; location data isn't retained.

3.7 Support Data

Support messages and attachments
Ticket-related device information

3.8 Organisation Data

Membership and role
Billing details

4. How We Use Your Data

Purpose	Legal Basis
Service provision	Performance of contract
Competition processing	Performance of contract
Payment/payouts	Performance of contract
Push notifications	Consent
Competition emails	Consent
Fraud detection	Legitimate interest
Product analysis	Legitimate interest
Error monitoring	Legitimate interest
Legal compliance	Legal obligation

5. Who We Share Your Data With

Provider	Purpose	Data Shared
Stripe	Payment processing	Transaction data, account IDs
PlanetScale	Database hosting	Application data (TLS encrypted)
AWS	Infrastructure, email, events	Application data, emails
Bunny.net	Media storage/streaming	Uploaded media
WorkOS	Enterprise SSO	Email, auth IDs, membership
PostHog	Analytics	User ID, email, username, events
Sentry	Error monitoring	IP, device info, sessions (sampled)
Expo (EAS)	Push notifications	Tokens, platform

Personal data isn't sold to third parties.

Public Information visible to users:

Username and avatar
Biography
Competition participation and results
Performance videos
Follower/following counts

6. International Data Transfers

Data transfers outside the UK use Standard Contractual Clauses, adequacy decisions, or recognized frameworks.

7. Data Retention

Post-deletion retention:

Financial records: 7 years (UK tax requirements)
Uploaded competition content: retained as competition record
Anonymised statistics: indefinite
Other personal data: deleted/anonymised within reasonable period

8. Your Rights

UK GDPR rights include access, rectification, erasure, restriction, portability, objection, and consent withdrawal. Contact legal@aaai.co.uk for requests; responses within one month.

9. Additional Rights for Specific Regions

EEA

Same GDPR rights as Section 8.

California

CCPA provides rights to know, delete, opt-out of sales, and non-discrimination. GenStars doesn't sell personal information.

Other Jurisdictions

Local law protections apply; contact legal@aaai.co.uk for region-specific rights.

10. Cookies and Tracking

Essential cookies support authentication and session management. PostHog analytics may use cookies for product usage tracking; manage preferences via browser settings.

11. Security

Protective measures include TLS encryption, secure password hashing, access controls, and security monitoring. Report vulnerabilities to legal@aaai.co.uk.

12. Changes to This Policy

Updates occur periodically with notification via email or app. Continued use constitutes acceptance.

13. Contact Us

AAA Interactive Ltd

Email: legal@aaai.co.uk

Unsatisfied parties may lodge complaints with the Information Commissioner's Office: ico.org.uk