Privacy Policy
Version 2.1 — Effective 20 May 2026
1. About this policy
This Privacy Policy explains how we collect, use, hold, disclose, and protect your personal information. It applies to the website at unitedsportinginstitute.com, all subdomains, and any service or feature provided through that site (together, "USI" or "the Service"). The Service is operated by OMS, an Australian partnership, ABN 76 838 394 349 ("we", "us", "our"). United Sporting Institute is a trading name and brand of OMS. Our service address for legal notices is PO Box 526, Caringbah NSW 2229, Australia. We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"), and to applying those standards as a matter of practice regardless of whether the Privacy Act technically applies to us at any given time. By using the Service, creating an account, or providing personal information to us, you agree to the practices described in this policy. If you do not agree, do not use the Service.
2. Definitions
In this policy, "personal information" has the meaning given in the Privacy Act and includes information or an opinion about an identified or reasonably identifiable individual. "Sensitive information" has the meaning given in the Privacy Act and includes health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, and similar categories. "Member" means a person who has created an account on the Service. "We", "us", and "our" refer to OMS trading as United Sporting Institute. "You" and "your" refer to the person reading this policy.
3. What personal information we collect
We collect only what we reasonably need to operate the Service and meet our legal obligations. When you create an account we collect your email address, first name, last name, and Australian state or territory. We store your password only as a one-way cryptographic hash; we never see or store your password in plain text. We generate and store a random handle (for example, "BraveFriendly145") which is used as your display name on any public-facing feature, and we may assign a randomly generated avatar image.
When you take out a paid subscription we hold your subscription tier (free or paid), billing interval, subscription status, and the end date of your current paid period. We also hold a reference identifier issued to us by Stripe that links your account to your billing record at Stripe. We do not see, collect, or store your full card number, card security code, or bank account details. Card data is handled entirely by Stripe, which is a PCI-DSS compliant payment processor.
When you use the Service we record which articles you save, which articles you mark as liked, the feedback you submit on an article (category, paragraph reference, and message text), the questions you submit through the Ask USI feature and any answer published in response, and the questions you submit to the USI AI assistant. Where any of your contributions are made public, they appear under your handle and (if assigned) avatar rather than under your real name.
When you access the Service we record the date and time of your last login. When you access the audio podcast feed using your personal podcast token, we record the access token, the article reference, the IP address of the request, the user-agent string sent by your podcast app, and the date and time. This podcast access log is used to detect and prevent abuse and unauthorised sharing of paid content. Standard server logs (which may include IP addresses, request paths, and response codes) are kept for a short period for diagnostic and security purposes.
We hold the content of any message you send through the contact form, the email address used to send any reply, and any other information you choose to provide in correspondence with us. We hold your marketing preferences, including whether you have opted in to receive marketing communications, your selected email frequency setting (if any), and an unsubscribe token used to action one-click opt-outs.
We do not seek to collect sensitive information. Please do not include sensitive information in any feedback, Ask USI submission, or AI assistant query. If you do, we will treat that information in accordance with the APPs and may delete it.
4. How we collect personal information
We collect personal information directly from you when you create an account, subscribe to a paid plan, submit feedback or a question, contact us, or use any account feature. We collect technical information automatically through standard web server logging and through the podcast access log described in section 3. We receive limited information about you from Stripe when you subscribe, including a confirmation of payment and the references needed to manage your subscription; we do not receive your card details. We do not buy email lists, scrape personal information from the public web, or collect personal information about you from any third party other than Stripe in the manner described above.
5. Why we collect, hold, and use personal information
We use personal information only for the primary purposes for which it was collected, for directly related secondary purposes that you would reasonably expect, and for any further purpose with your consent or where the Privacy Act permits. Specifically, we use personal information to create and operate your account; to process and manage paid subscriptions, including renewals, cancellations, and refunds; to provide access to the library, the AI assistant, the audio podcast, and other features; to send transactional emails such as receipts, password resets, security notices, and account notifications (which are not marketing communications and which you cannot opt out of while you have an active account); to send marketing emails to members who have opted in, including notifications of new articles, library updates, and information about full membership; to respond to your enquiries, feedback, and complaints; to review submitted content for editorial and moderation purposes; to detect, prevent, and respond to fraud, abuse, credential sharing, scraping, unauthorised redistribution of content, and other misuse of the Service; to maintain the security, integrity, and performance of the Service; and to comply with our legal obligations, including tax, accounting, consumer protection, and any lawful request from an Australian regulator, law enforcement authority, or court.
We do not sell personal information. We do not share personal information with third parties for their own marketing purposes. We do not engage in advertising-based monetisation, including behavioural advertising, retargeting, or look-alike audience generation.
6. Marketing communications
We distinguish between two types of email. Transactional emails (receipts, billing confirmations, password resets, security notices, verification emails, subscription change notifications, and similar account-related messages) are part of operating the Service. They are sent to all members and cannot be opted out of while you have an active account. Marketing emails (notifications about new articles, library updates, upgrade offers, and related promotional content) are sent only to members who have given express consent at signup by ticking an unticked consent checkbox, or who have later opted in from their account settings.
You can withdraw your consent to marketing emails at any time by clicking the unsubscribe link in any marketing email, or by adjusting your preferences in your account. We will action unsubscribe requests within 5 business days, as required by the Spam Act 2003 (Cth). Every marketing email we send identifies us as the sender, includes our trading name and ABN, includes a functional unsubscribe link, and is sent through our authorised email provider (currently Brevo). We never use deceptive subject lines or sender names. If we ever introduce a new category of marketing communication (for example, SMS, push notifications, or partner communications), we will obtain a separate, specific opt-in for that channel. We will not infer consent across channels.
7. Disclosure to third parties
We disclose personal information only to the service providers and circumstances described in this section. Stripe Payments Australia Pty Ltd (and its global infrastructure) processes card payments, manages subscriptions, and generates receipts; it receives the name, email, and billing details you enter directly at checkout and the subscription metadata necessary to operate your account. Stripe is incorporated in Australia and processes data globally, including in the United States and other countries. Brevo (Sendinblue SAS) delivers our transactional and marketing emails; it receives your email address, first name, and the content of the email being sent. Brevo is based in France (European Union). Anthropic, PBC operates the USI AI assistant and generates AI-narrated podcast audio; we send only the text of your question or the article text being narrated, and we do not disclose your name, email, or account identifier to Anthropic. Anthropic is based in the United States. Hostinger International Ltd provides web hosting, server infrastructure, and inbound email (IMAP); all data stored on the Service is held on our hosted server, and inbound emails sent to our published mailbox transit Hostinger infrastructure. Hostinger operates from Lithuania, the Netherlands, and other jurisdictions. Cloudflare, Inc. provides the Turnstile anti-bot service that protects our signup, contact, and forgot-password forms; when you submit one of those forms, Cloudflare receives your IP address and a short-lived challenge token to verify that you are not a bot. Cloudflare is based in the United States. Turnstile is designed to be privacy-respecting and does not track users across the web.
We have separately reviewed the privacy practices of each of these recipients. Each is bound by their own privacy obligations and, where applicable, by data protection laws in their jurisdiction. We take reasonable steps to ensure that personal information disclosed to overseas recipients is handled in a manner consistent with the APPs. We may also disclose personal information where required or authorised by law, in response to a lawful request from a regulator, law enforcement agency, or court, or where necessary to investigate fraud, abuse, or a serious threat to safety. We may disclose personal information in connection with the sale, transfer, restructure, or wind-up of the business, in which case the recipient will be required to use the information in a way consistent with this policy.
8. Overseas disclosure
As described in section 7, we disclose personal information to recipients located in the United States, the European Union (France), and other countries used by our service providers (including Lithuania and the Netherlands for Hostinger). By using the Service, you acknowledge that your personal information may be transferred to, stored in, and processed in these countries. We rely on contractual and reputational safeguards offered by each provider, and on the fact that the Privacy Act treats certain disclosures to recipients subject to a substantially similar law differently. Where these safeguards do not fully apply, you accept by using the Service that the disclosures described in section 7 will occur.
9. Cookies and similar technologies
The Service uses one cookie: a session cookie named "connect.sid". It is set when you log in, it keeps you logged in between page views, and it is removed when you log out or when the cookie expires. The cookie is marked HTTP-only and is not accessible to JavaScript on the page. On the signup, contact, and forgot-password pages, Cloudflare Turnstile may set a short-lived cookie on the Cloudflare domain to support the anti-bot challenge; this cookie is not used for tracking and does not identify you to us. The Service does not use Google Analytics, Facebook Pixel, advertising trackers, retargeting cookies, social media trackers, fingerprinting scripts, or any third-party analytics product. If we ever add analytics or any other tracking technology in the future, this policy will be updated before the change takes effect, and members will be notified by email. We will not silently add tracking.
10. Security of personal information
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. These steps include HTTPS encryption for all traffic between your browser and the Service, storage of passwords as one-way cryptographic hashes (bcrypt) with industry-standard work factor, access controls on the production database restricted to a small number of authorised administrators, routine application of security updates to operating system and platform software, session cookies marked HTTP-only and Secure where applicable, and retention of audit logs for sensitive actions such as login, subscription changes, and podcast token use. No method of transmission over the internet and no method of electronic storage is completely secure. While we take reasonable steps, we cannot guarantee absolute security.
11. Data breach notification
If a data breach occurs that is likely to result in serious harm to any individual whose personal information is involved, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act. This means we will, as soon as practicable, notify the affected individuals and the Office of the Australian Information Commissioner, and provide the information required by the scheme. We maintain an internal data breach response procedure. The fact that we are not always strictly required to notify under the Privacy Act does not change our practice of notifying affected individuals in the circumstances described in this section.
12. Retention
We keep your personal information for as long as your account is active and for as long as we have a lawful basis to retain it after your account closes. When you delete your account, or request that we delete your personal information, we will delete or de-identify your account record within 30 days. The following information may be retained beyond that period: billing, payment, and tax records, which we are required to retain for up to 7 years to comply with Australian tax and accounting law; information that we are required by law, court order, or regulator request to retain; information needed to defend or prosecute legal claims; and backups, which are overwritten on a rolling basis and from which targeted deletion is not always practicable. Published Ask USI answers and any content where you have contributed to publicly visible material remain part of the library after your account closes. Where reasonable, your handle and avatar will be detached from that content on request.
13. Your rights
Under the Privacy Act, you have rights in respect of personal information we hold about you. You can ask us what personal information we hold about you (APP 12); ask us to correct any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13); ask us to delete your personal information, subject to the exceptions in section 12; opt out of marketing communications at any time; and complain about how we have handled your personal information as described in section 17. To make any of these requests, contact us using the details in section 18. We will respond within 30 days. We may need to verify your identity before actioning a request. We do not charge a fee for making a request, for correcting personal information, or for associating a correction note with personal information. Where we cannot give you access or make a correction, we will give you a written reason and inform you of your right to complain.
14. Anonymity and pseudonymity
You can browse public pages of the Service without creating an account or providing personal information. When you create an account, you are required to provide your name, email, and state. Within the Service, your contributions are displayed under a randomly generated handle (for example, "BraveFriendly145") rather than your real name. In this sense, your participation in the Service is effectively pseudonymous to other members, even though we identify you internally for account and billing purposes. We do not require you to identify yourself in any feedback, Ask USI submission, or AI assistant query beyond the account identification that occurs automatically when you are logged in.
15. Children
The Service is intended for adults. The content of the Service is about children aged approximately 4 to 16, but the membership is for parents, guardians, coaches, administrators, and other adults responsible for those children. You must be 18 years of age or older to create an account on the Service. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a person under 18, we will delete that information as soon as reasonably practicable. If you believe that a person under 18 has created an account, please contact us using the details in section 18. Nothing in this policy is intended to circumvent any future Children's Online Privacy Code made under the Privacy Act. We will update this policy as required when that Code is finalised.
16. Automated decision-making
We do not use personal information to make automated decisions that have a legal or similarly significant effect on you. The USI AI assistant generates responses to questions about parenting and junior football; it does not make decisions about your account, billing, eligibility, or rights. If we ever change this practice, we will update this policy to comply with the disclosure obligations in APP 1.7, 1.8, and 1.9 (which take effect on 10 December 2026) and we will notify members by email.
17. Complaints
If you believe we have not handled your personal information in accordance with the Privacy Act or this policy, please contact us first using the details in section 18. We will acknowledge your complaint within 7 days and provide a substantive response within 30 days. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner ("OAIC") at oaic.gov.au, by phone on 1300 363 992, or by post to GPO Box 5288, Sydney NSW 2001.
18. Contact
For any privacy enquiry, request, or complaint, contact us through the web form at unitedsportinginstitute.com/contact. Where post is preferred, write to the Privacy Officer, OMS, PO Box 526, Caringbah NSW 2229, Australia. We will respond within 30 days.
19. Changes to this policy
We may update this policy from time to time. When we do, we will update the version number and effective date at the top of this page. If a change is material (for example, a new category of disclosure, a new third party with access to personal information, or the introduction of any analytics or tracking technology), we will notify members by email at least 14 days before the change takes effect. Continued use of the Service after the effective date of a change constitutes your acceptance of the updated policy. If you do not agree to a change, you can close your account before the change takes effect.