Privacy Policy

This policy describes how we handle personal data when you visit gea.ge, register an account, participate in competitions, post content, contact us or interact with our services. It applies to anyone who uses the platform — players, captains, staff applicants, organizers, sponsors and visitors.

For tournaments organized by partners on our infrastructure, additional notices may apply and will be linked from the registration page.

We collect data in three ways: data you give us directly (registration, profile, content, applications); data generated as you use the platform (logs, match results, in-app actions, interactions); and data we receive from third parties who help us operate the platform (auth providers, anti-cheat, payment processors, analytics).

Categories include: identity (name or display name, username, date of birth, country, avatar); contact (email, optional phone for staff applicants); account security (password hash, 2FA factors, login history, IP, device); profile content (bio, social links, team affiliation, scouting profile); competition data (rosters, match results, statistics, broadcast clips, prize-related identity verification); communication (contact-form messages, support tickets, direct messages between users); technical (IP address, browser, OS, language, locale, referring URL, cookie identifiers).

We do not intentionally collect "special category" data (health, religion, biometrics, etc.). Don't include such data in your profile, bio or messages.

We process personal data only when at least one of the following legal bases applies under Georgian and, where relevant, EU law:

— Contract performance: creating and managing your account, registering you for competitions, processing match results, paying out prizes.

— Legitimate interest: keeping the platform secure (anti-cheat, fraud prevention, abuse moderation), measuring how features are used, communicating about competition operations and important account events, defending legal claims.

— Consent: marketing emails and optional non-essential cookies. You can withdraw consent at any time without affecting processing that already happened.

— Legal obligation: complying with tax, accounting and law-enforcement requirements applicable to us in Georgia.

We use cookies and similar technologies to keep you signed in, remember language and theme preferences, secure forms against CSRF attacks, and measure how the platform is used in aggregate.

Strictly necessary cookies are set as soon as you visit. Analytics, performance and marketing cookies are set only after you accept them. You can change cookie preferences at any time from the "Cookie preferences" link in the footer.

We share personal data only when needed to run the platform, when required by law, or when you tell us to:

— Service providers acting as our processors: hosting, database, email delivery, file storage, payment processing, customer-support tooling, analytics, anti-cheat. Each is bound by a written agreement that limits how they may use the data.

— Other users: your public profile, posts, team membership and competition results are visible to other users by design. Direct messages are visible to recipients. You control the visibility of optional fields where the setting is offered.

— Game publishers / anti-cheat partners: where rules are broken, we may share account identifiers and evidence with the relevant publisher and cross-platform anti-cheat providers.

— Sponsors and partners: we share aggregated or anonymized statistics. We do not share identifiable contact data unless you consent (e.g. opting in to a sponsor newsletter).

— Authorities: where we are legally required to (court orders, valid law-enforcement requests). We push back on overbroad requests.

We do not sell personal data.

Some of our service providers are located outside Georgia, including in the European Economic Area, the United Kingdom and the United States. Where data is transferred internationally we rely on legally recognized safeguards: adequacy decisions where they exist, standard contractual clauses where they do not, or your explicit consent for the specific transfer.

We keep data only as long as we need it for the purpose for which we collected it, or as long as the law requires:

— Account profile data: while your account is active, plus up to 12 months after closure to handle disputes and law-enforcement requests, then deleted or anonymized.

— Competition records (results, standings, brackets): retained as a historical record of the competition, with your name shown as registered.

— Security and audit logs: up to 12 months, longer where an incident is being investigated.

— Marketing preferences: until you change them. Contact-form messages: up to 24 months.

— Payment / accounting records: as required by Georgian tax law (currently 6 years).

When the period ends, data is deleted or irreversibly anonymized.

Subject to applicable law, you have the right to:

— Access — get a copy of the personal data we hold about you and information about how we process it.

— Rectification — correct inaccurate or incomplete data.

— Erasure — request deletion of data (the "right to be forgotten"), subject to legal retention requirements and our legitimate interests.

— Restriction — pause processing in specific cases, for example while accuracy is being checked.

— Objection — object to processing based on legitimate interest, including profiling.

— Portability — receive your data in a structured, machine-readable format and transmit it to another controller.

— Withdraw consent — at any time, for any processing based on consent.

— Lodge a complaint — with the Personal Data Protection Service of Georgia (personaldata.ge), or with the supervisory authority of your habitual residence.

Most data is editable directly from your account settings. For requests we cannot fulfil from settings — including erasure, portability or formal access requests — write to privacy@gea.ge from the email on your account, or use the contact form with topic "Privacy".

We respond within 30 days. For complex or repeated requests we may extend by up to 60 more days and will tell you why. We may need to verify your identity before acting on a request. We do not charge for fulfilling requests unless they are clearly unfounded or excessive.

You must be at least 13 years old to register an account. Specific competitions may set higher age limits. We do not knowingly collect data of children under 13. If you are a parent or legal guardian and believe a child under 13 has registered, contact us and we will delete the account and associated data.

For users between 13 and the age of majority in their country, parental or legal-guardian consent may be required for specific processing — for example marketing communications or competing for monetary prizes.

We protect personal data with technical and organizational measures appropriate to the risk: HTTPS for all traffic, password hashing with industry-standard algorithms, two-factor authentication on accounts, principle of least privilege for staff access, audit logging of administrative actions, and regular review of third-party processors.

No system is perfectly secure. If you spot a security issue, write to security@gea.ge and we will respond promptly.

If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the Personal Data Protection Service of Georgia within 72 hours and notify affected users without undue delay where required, with a clear description of what happened, what data was involved, and the steps we are taking.

We do not use solely automated decisions that produce legal or similarly significant effects on you. We do use automated systems for spam detection, anti-cheat detection and security monitoring. Results from those systems are reviewed by a human before any account-level enforcement action.

By design, parts of GEA are public: your username, avatar, team affiliation, competition results, posted content (news submissions, scouting listings) and public comments are visible to anyone, including search engines that we permit to index public pages.

You can control which optional profile fields are public. Direct messages are visible only to participants.

Our pages link to third-party services (Discord, streaming platforms, sponsor sites). Following those links takes you outside GEA's control and outside this policy. Each third party has its own privacy policy.

We may update this policy as the platform, the law or our processors change. Material changes will be announced on the platform and, where reasonable, by email to active accounts at least 14 days before they take effect. Your continued use of the platform after the change takes effect means you accept the updated policy.

For privacy questions, requests to exercise your rights, or notices: write to privacy@gea.ge or use the contact form below with topic "Privacy". For complaints, you may also contact the Personal Data Protection Service of Georgia at personaldata.ge.