EAZY6 PRIVACY POLICY

Last Updated: September 25, 2025

Oakridge Interactive LLC, doing business as Eazy6 (“Eazy6,” “we,” “our,” or “us”), respects your privacy and is committed to protecting it. This Privacy Policy (“Policy”) explains how we collect, use, disclose, and safeguard your personal information when you use the Eazy6 mobile application (the “App”) and visit our website at www.eazy6.com (the “Site,” collectively the “Services”). By using our Services, you agree to this Policy.

Privacy Principles

Transparency – clear disclosures about what we collect, why, and with whom we share it.
Fairness & Lawfulness – we process data for legitimate purposes and in accordance with applicable laws.
Security – administrative, technical, and physical safeguards proportionate to risk.
Data Minimization – we collect only what we need for the stated purposes.
Accountability – contracts and oversight of our service providers/processors.
Privacy by Design & Default – privacy embedded throughout our product lifecycle.

1. Scope of This Policy

Players and visitors who register, enter skill-based contests, make deposits/withdrawals, or otherwise use the App or Site.
Individuals who contact us (e.g., customer support, feedback).
Business partners, vendors, and service providers to the extent we process their personnel’s data in operating the Services.

This Policy does not govern our HR/employment data except as noted in the GDPR/UK Appendix.

2. Notice at Collection (Summary for U.S. State Privacy Laws)

The table below summarizes the categories of personal information we collect, the purposes for which we use it, sources, whether it may be considered “sensitive,” whether it is “sold” or “shared” (as defined by certain state laws), typical recipients, and indicative retention periods.

Category	Examples	Purposes	Sources	Sensitive?	Sold/Shared?	Recipients	Retention
Identifiers	Name, username, mobile number, email, IP address, device IDs (IDFA/AAID).	Account creation; OTP login; communications; security; fraud prevention; deposits/withdrawals.	You; your devices; service providers.	No (but mobile number may be sensitive in some states).	Not sold. May be “shared” for cross-context behavioral advertising only if you opt in; otherwise limited to service providers.	Service providers (OTP/SMS, auth, fraud, payments); analytics vendors.	Account life + legal/AML requirements.
Protected classifications / Age	Date of birth; age eligibility.	Age verification; eligibility; compliance.	You; KYC provider.	Yes (sensitive personal data in some states).	Not sold or shared.	KYC provider; compliance partners.	As required by law (e.g., AML).
Financial Information	Payment method tokens, transaction history (deposits, withdrawals, entry fees, winnings).	Process transactions; prevent fraud; comply with network rules and law.	You; payment processors; banking partners.	Yes (sensitive).	Not sold or shared for advertising.	Payment processors; banks; auditors; tax authorities as required.	Legal/accounting retention periods.
Geolocation Data	Precise device location (GPS/Wi‑Fi/IP) via geolocation provider (e.g., Radar Labs).	Determine contest eligibility; geofence prohibited jurisdictions; fraud/abuse prevention; legal compliance.	Your device; geolocation provider.	Yes (precise geolocation).	Not sold or shared for advertising; disclosed to service providers only.	Geolocation provider; compliance partners as needed.	As necessary for compliance/fraud; then minimized/anonymized.
Biometric / Verification Data	ID images, selfies; face-matching/liveness signals processed by KYC vendor (e.g., Sumsub).	KYC/AML; age/identity verification; sanctions screening; fraud prevention.	You; KYC provider.	Yes (biometric/sensitive).	Not sold or shared for advertising.	KYC provider; regulators/law enforcement if required.	Per law and vendor policy; we do not retain biometric templates ourselves.
Internet/Network Activity	App events, session logs, crash reports, performance metrics, referral URLs.	App functionality; security monitoring; analytics; improvement.	Your device; analytics SDKs.	No.	May be “shared” for cross‑context ads only if you opt in; otherwise service providers only.	Analytics providers; anti‑fraud tools.	Operational needs + analytics windows.
Communications	Support emails/chats/call recordings; feedback and surveys.	Customer support; quality assurance; training; dispute resolution.	You; communications vendors.	May include sensitive content incidentally.	Not sold or shared for advertising.	Support tooling providers; dispute resolution services.	As needed for support, disputes, and legal holds.
Public Profile/Leaderboards	Display name, entries, rank/standing, pick data visible to other users in the same contest.	Core gameplay features; community transparency.	You; game systems.	No.	Public to participants; not sold.	Other users in the same contest; moderation tools.	While the contest/feature is available + audit window.

For additional disclosures required by California and other states (including rights to access, delete, correct, opt out of “sale” or “sharing,” and limit use of sensitive personal information), see Section 11.

3. Information We Collect and Process (Detailed)

A. Visitors, Registrants, Purchasers, and Users of Our Services

Examples of Data	Where Do We Get It?	Why We Process It	Legal Bases*	Who Receives It?
Identity & contact (name, username, mobile, email, DOB); account security (OTP status, backup email/password); profile image (optional).	You directly via App or Site; device OS account frameworks.	Account creation; secure OTP login; communications; account recovery; withdrawal eligibility (backup email verification).	Contract; legitimate interests; legal obligations (eligibility, AML).	Auth/OTP providers; email service; fraud/abuse tools.
Financial/transaction (deposit/withdrawal details, history); PSP tokens.	You; payment processors/banks.	Process payments; tax/reporting; dispute resolution; AML.	Contract; legal obligations; legitimate interests (fraud prevention).	Payment processors; banks; auditors; tax authorities as required.
Geolocation (precise device location); IP-based location.	Your device; geolocation SDK (e.g., Radar Labs).	Eligibility/geofencing; regulatory compliance; fraud prevention.	Legitimate interests; legal obligations.	Geolocation provider; compliance partners.
KYC/Verification (ID images, selfies; liveness; sanctions screening results).	You; KYC/ID vendor (e.g., Sumsub).	Age/identity verification; AML/sanctions; anti‑fraud; account integrity.	Legal obligations; legitimate interests.	KYC vendor; regulators/law enforcement if required.
Device & technical (IDFA/AAID; IP; OS; app usage; crash logs).	Your device; analytics/crash SDKs.	Security monitoring; debugging; analytics and improvement.	Legitimate interests; consent where required for ads.	Analytics providers; anti‑fraud vendors.
Public content (display name, standings, picks visible in leaderboards).	You; game systems.	Core gameplay; transparency; community features.	Contract; legitimate interests.	Other users in the contest; moderation tooling.

* Legal bases language is provided for jurisdictions recognizing such concepts (e.g., GDPR/UK law); for U.S. processing, we rely on contract, consent where required, legal obligations, and legitimate interests.

B. Persons Who Communicate with Us

Examples of Data	Where Do We Get It?	Why We Process It	Legal Bases*	Who Receives It?
Identity/contact; communications content; metadata; call recordings (where permitted).	You; comms providers; in-app support.	Respond to inquiries; QA/training; legal holds.	Legitimate interests; legal obligations (record retention).	Support platforms; transcription tools (where used).
Technical data (IP, device, time, headers).	Your device; comms tooling.	Security and abuse prevention; rate limiting.	Legitimate interests.	Security tooling providers.

C. Employment and Apprenticeship Candidates (if applicable)

Examples of Data	Where Do We Get It?	Why We Process It	Legal Bases*	Who Receives It?
Identity/contact; CV/resume; education; work history; certifications; references.	You; recruiters; references; background check vendors (where permitted).	Evaluate candidacy; schedule interviews; onboarding.	Contract; legitimate interests; legal obligations.	HR platforms; background-screening vendors (if used).

D. Business Partners and Their Personnel

Examples of Data	Where Do We Get It?	Why We Process It	Legal Bases*	Who Receives It?
Identity/contact; role/title; company; correspondence.	You; your employer; conferences/intros.	Administer our relationship; compliance screening; payments.	Contract; legitimate interests; legal obligations.	Billing platforms; compliance screening vendors.

4. Geolocation, Eligibility, and KYC/AML Verification

**Geolocation & Geofencing.** We collect and use precise device location (e.g., GPS, Wi‑Fi, IP) to verify that you are physically located within a jurisdiction where Eazy6 contests are legally offered. We use one or more third‑party providers (currently including Radar Labs) to perform this verification and geofencing. Disabling location services will prevent gameplay in jurisdictions requiring location verification. We do not use precise location for unrelated advertising without your consent.

**Identity & Age Verification; AML & Sanctions Screening.** We may require you to complete Know‑Your‑Customer (KYC) checks and sanctions screening before allowing deposits, withdrawals, or continued access. We use one or more third‑party vendors (currently including Sumsub) to validate government‑issued IDs, perform selfie/liveness checks, and check against applicable watchlists. These vendors process your information on our behalf under contractual safeguards.

**Biometric Information.** If a vendor extracts biometric identifiers or information (e.g., facial geometry) to perform liveness or face‑matching, such data is processed by the vendor on our behalf solely for verification and fraud prevention. We do not sell or use biometric information for advertising, and we do not retain biometric templates ourselves. Vendors maintain retention and deletion schedules consistent with law; we instruct them to delete when verification is complete or after required legal retention periods.

5. Online Tracking, SDKs, and Marketing

We use SDKs and cookies on the Site/App for essential functions, analytics, crash reporting, performance, and—where permitted—advertising and measurement.
Mobile advertising identifiers (IDFA/AAID) may be used for attribution and measurement; you can reset/limit via OS settings.
We honor applicable opt‑out mechanisms (e.g., “Do Not Sell or Share,” GPC signals on web) where required by law.
Service emails (e.g., OTP codes, security alerts, transactional notices) are not marketing and will still be sent.

6. How We Share Personal Information

Service providers/processors (e.g., OTP/SMS, geolocation, KYC/AML, payments, analytics, support, hosting, security) under confidentiality and data‑protection agreements.
Affiliates and professional advisors (legal, auditors, insurers) for compliance and corporate governance.
Legal/regulatory and integrity monitoring—where required to comply with law, enforce terms, investigate fraud/cheating/abuse, or respond to lawful requests.
Business transfers—mergers, acquisitions, restructurings; personal information may be transferred as an asset as permitted by law.
With your consent or at your direction.

7. Security

We implement reasonable administrative, technical, and physical safeguards appropriate to the nature of the data and risk, including TLS encryption, secure OTP login, access controls, least‑privilege, monitoring, and regular testing. No method of transmission or storage is completely secure; you are responsible for maintaining the confidentiality of your account credentials.

8. Data Retention & Minimization

We retain personal information only for as long as needed for the purposes described in this Policy, including gameplay, customer support, security/fraud prevention, and legal/regulatory obligations (e.g., tax, AML).
When data is no longer needed, we will delete or de‑identify it, subject to legal holds or dispute resolution.
KYC/AML and transaction records may be retained for legally mandated periods.

9. Children’s Data

Eazy6 is intended for U.S. users aged 18+ (or the legal age in their jurisdiction). We do not knowingly collect personal information from children under 13 (or under 16 where applicable). If we learn we have collected such information without appropriate consent, we will delete it.

10. International Data Transfers

If you access the Services from outside the United States, your personal information may be transferred to, stored, and processed in the United States or other countries with different data‑protection laws. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for such transfers.

11. U.S. State Privacy Rights

Depending on your state of residence, you may have rights to access, correct, delete, or obtain a portable copy of your personal information; to opt out of sale, sharing for cross‑context behavioral advertising, and certain profiling; to limit use/disclosure of sensitive personal information; and to be free from discrimination. You may exercise these rights by emailing privacy@eazy6.com. We will verify requests and respond as required by law. We honor Global Privacy Control signals on the web where applicable.

12. Do Not Track and Global Privacy Control

Some browsers include a Do Not Track (“DNT”) setting. Our Site does not respond to DNT signals at this time. We do, however, recognize and honor Global Privacy Control (“GPC”) signals where required by applicable law.

13. Changes to This Policy

We may revise this Policy from time to time. The “Last Updated” date indicates the effective date. Material changes may be announced via the App or email. Your continued use of the Services after changes means you accept the updated Policy.

14. Contact Us

Eazy6 Privacy Team
Oakridge Interactive LLC
101 Crawfords Corner Road, Ste. 4116
Holmdel, NJ 07733
Email: privacy@eazy6.com

Appendix A – GDPR/UK Data Protection Addendum

If you are located in the EEA/UK, this Addendum applies in addition to the main Policy.

Category	Purpose of Processing	Legal Basis (GDPR Art. 6)
Account & Contact (name, username, mobile, email, DOB)	Provide and manage account; OTP login; communications	Art. 6(1)(b) Contract; Art. 6(1)(f) Legitimate interests
Payment & Transactions	Process deposits/withdrawals; compliance	Art. 6(1)(b) Contract; Art. 6(1)(c) Legal obligation
Geolocation	Eligibility/geofencing; compliance; fraud prevention	Art. 6(1)(f) Legitimate interests; Art. 6(1)(c) Legal obligation
KYC/Verification (including biometrics processed by vendor)	Identity/age verification; AML/sanctions; fraud prevention	Art. 6(1)(c) Legal obligation; Art. 6(1)(f) Legitimate interests; Art. 9(2)(g)/(f) where applicable
Device/Usage/Analytics	Security; analytics; improvement	Art. 6(1)(f) Legitimate interests; Art. 6(1)(a) Consent (for ads where required)
Marketing/Communications	Send offers and updates (where permitted)	Art. 6(1)(a) Consent; Art. 6(1)(f) Legitimate interests

International transfers may occur to countries without an adequacy decision; we rely on appropriate safeguards (e.g., Standard Contractual Clauses). You have rights under GDPR (access, rectification, erasure, restriction, portability, objection) and may contact us to exercise them. You may lodge a complaint with your supervisory authority.

Appendix B – State Privacy Rights Summary (California and Other U.S. States)

Right to Know/Access, Correct, Delete, and Portability.
Right to Opt Out of Sale or Sharing and Targeted Advertising.
Right to Limit Use/Disclosure of Sensitive Personal Information (e.g., precise geolocation, government ID).
Non‑discrimination for exercising rights.
Authorized agent procedures; verification steps for requests.

Appendix C – Key Third‑Party Service Providers (Current)

Category	Provider (Subject to Change)	Purpose/Notes
Geolocation	Radar Labs	Precise location verification; geofencing; eligibility.
Identity Verification / KYC	Sumsub	ID validation; selfie/liveness; sanctions and AML checks; fraud prevention.
OTP/SMS	Twilio or similar	Send one‑time passcodes and key account notices.
Payments	Payment processors/banking partners	Deposits, withdrawals, and settlement.
Analytics/Crash	Firebase / Google Analytics / similar	Performance, diagnostics, analytics.
Support	Helpdesk/CRM vendor	Customer support and communications.

Appendix D – Definitions

“Personal Information” or “Personal Data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
“Sensitive Personal Information” includes certain data such as precise geolocation, government IDs, and biometric information as defined by applicable law.
“Sale” or “Share” have the meanings given in applicable state privacy laws (e.g., CPRA).
“Processor/Service Provider” means a vendor that processes data on our behalf under contract.

15. Responsible Play and Integrity Monitoring

We use a combination of internal systems and third‑party tools to help maintain a fair, balanced, and responsible environment. This may include monitoring deposit and gameplay patterns for indicators of problematic play; detecting multi‑accounting, collusion, botting, tampering, or other integrity risks; and reaching out with resources for responsible play where appropriate. We may also temporarily restrict accounts to review anomalies or compliance signals.

16. Prohibited Users and Eligibility Controls

Users located in jurisdictions where our contests are not legally offered (as determined via geolocation) are prohibited from real‑money play.
Individuals subject to anti‑money laundering or other watchlist restrictions may be prohibited.
Certain employees, contractors, vendors, and others with access to confidential or game‑integrity information are prohibited from competing where required by policy or law.

17. Combination of Data and Profiling

We may combine information collected across the App, the Site, and our service providers to improve accuracy, security, and your experience. We may also use automated decision‑making or profiling (e.g., risk scoring signals for fraud prevention or geolocation eligibility). Where required by law, we will provide meaningful information about the logic involved and the significance and potential consequences for you, as well as your rights related to such processing.

18. Notice of Financial Incentives (if applicable)

From time to time, we may provide referral bonuses, promotional credits, or loyalty rewards. Participation is voluntary. The material terms (including how to opt out) will be disclosed at the time of the offer. The value of your data is reasonably related to the value of the offer or the expenses associated with providing it. You may withdraw at any time by contacting us. We do not condition the provision of services on participation in such programs except where the incentive is integral to the promotion.

We do not currently offer programs that are “financial incentives” under some state laws. If that changes, we will update this section and provide the required notices.

19. Authorized Agents, Appeals, and Verification Process

You may designate an authorized agent to submit a privacy request on your behalf. We require a signed authorization and identity verification.
We verify requests by matching information you provide with our records. Certain requests may require stronger verification (e.g., government ID).
If we deny your request, you may appeal by replying to our decision notice with “Appeal” in the subject line. We will review and respond within the timeframe required by applicable law.

20. Sensitive Personal Information – Limitation

Where state law provides a right to limit use and disclosure of sensitive personal information (e.g., precise geolocation, government ID, or biometric data), we limit our use of such data to the purposes reasonably necessary to provide the Services, ensure security and integrity, prevent fraud, comply with laws, and other purposes permitted by those laws.

Appendix E – California “Shine the Light” and Nevada Rights

California “Shine the Light” (Civ. Code § 1798.83): We do not disclose personal information to third parties for their direct marketing purposes without giving you a right to opt out.
Nevada residents: We do not “sell” covered information as defined by Nevada law. You may still submit a verified request directing us not to sell covered information by contacting privacy@eazy6.com.

Appendix F – Cookie and SDK Notice

We and our service providers use cookies and SDKs to operate the Site and App. You can control cookies via your browser and mobile OS settings. The categories below summarize typical technologies used.

Category	Examples	Purpose/Controls
Essential	Authentication, session management, security tokens	Required to log in, route traffic, and keep your session secure; cannot be disabled.
Functional	Preference cookies, in‑app settings	Remember choices (e.g., language, notification preferences).
Analytics	SDKs such as Firebase/Google Analytics; crash reporters	Measure performance and usage; de‑identified or aggregated where possible; opt‑out via device settings where available.
Advertising/Attribution	Mobile attribution SDKs; IDFA/AAID	Attribution and, where permitted, advertising measurement; control via OS settings and in‑app choices; opt‑out of “sale/share” where applicable.

Appendix G – Biometric Information Policy (Vendor‑Processed)

Purpose: identity verification, age checks, liveness detection, and fraud prevention.
Collection: biometric identifiers/information (e.g., facial geometry) may be extracted from images you submit and processed by our verification vendor on our behalf.
Use & Disclosure: limited to verification and fraud/AML purposes; not used for advertising; not sold.
Retention & Deletion: we instruct vendors to retain only as long as necessary to complete verification or comply with legal obligations, then delete. We do not maintain biometric templates ourselves.
Security: vendors are required to apply industry‑standard safeguards and to comply with applicable biometric privacy laws.

21. Authentication and Account Security

Primary sign‑in via mobile number + one‑time passcode (OTP).
Backup email strongly recommended and required before first withdrawal; email must be verified.
Optional backup password available (recommended).
Security notifications (email/SMS) sent on username, password, or mobile changes.
Rate limits and cooldowns for OTP requests; short OTP expiration windows; limited attempts.
Recovery paths include mobile OTP, verified backup email, and support‑assisted KYC re‑verification where necessary.

Appendix H – California Privacy Addendum (CPRA)

This section supplements the Policy for California residents and describes our practices required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CPRA”).

CPRA Category	Examples	Collected	Sold/Shared	Disclosed for Business Purpose (Recipients)	Sensitive? / Right to Limit
Identifiers	Name, username, mobile, email, device IDs, IP	Yes	No sale; sharing only if you opt in; otherwise service providers only	Auth/OTP, analytics, security, payments	Some identifiers may be sensitive under state law
Customer Records	Account records, transaction history	Yes	No	Payment processors/banks; auditors	Yes (financial)
Protected Classifications	Age (18+), date of birth	Yes	No	KYC vendor	Yes; right to limit applies to certain uses
Geolocation	Precise device location	Yes	No sale/share for ads	Geolocation provider; compliance	Yes; right to limit applies
Biometric Info	Facial geometry processed by KYC vendor	Yes (vendor‑processed)	No	KYC vendor; regulators if required	Yes; right to limit applies
Internet Activity	App events, usage, crash logs	Yes	Shared for cross‑context ads only if you opt in	Analytics/crash providers	No
Inferences	Risk signals for fraud/abuse	Yes	No	Security/fraud tools	May be sensitive depending on context

California Rights: access/know, delete, correct, portability, opt‑out of sale/share and certain profiling, limit use/disclosure of sensitive personal information, and non‑discrimination. To exercise rights, email privacy@eazy6.com. We verify requests and honor Global Privacy Control signals on the Site where required.

Appendix I – Gaming Consumer Privacy Rights (State-Specific)

Certain U.S. states may prescribe additional consumer privacy disclosures and rights specific to regulated gaming or fantasy sports products. To the extent such state-specific gaming privacy rights apply to Eazy6 players, we will honor those rights and provide any required notices and mechanisms for exercising them. This may include additional disclosures about categories of personal information processed for gaming eligibility, integrity monitoring, self-exclusion, or responsible play features, and contact methods for state gaming authorities.

Think you have sports smarts?

Daily Contests

Smart Selections

Get Rewarded

Mobile-first Experience

Ready to get started?

Where you can test your skills Eazy6 contests are available in states that recognize skill-based games. If you’re 18+ and in an eligible state, you’re good to go.

Think you've got the sports knowledge? Prove it. Compete in skill-based sports prediction contests. Win prizes. Claim the glory.

Stay Connected!