Lanistr

PRIVACY POLICY

Last updated: February 2026

1. INTRODUCTION

Lanistr ("we," "us," or "our"), operated by Media Evolution, is a combat sports management platform available at lanistr.com and through our iOS mobile application. We provide tools and services for fighters, coaches, gym operators, and event promoters in the combat sports industry.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our web platform, iOS application, and related services (collectively, the "Platform"). This policy applies to all users regardless of role, including fighters, coaches, and promoters.

We are based in Australia and comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also adhere to the principles of the European Union General Data Protection Regulation (GDPR) for users located in the European Economic Area.

By using the Platform, you consent to the collection and use of your information as described in this policy. If you do not agree with this policy, please do not use the Platform.

2. INFORMATION WE COLLECT

The information we collect depends on your role on the Platform and how you interact with our services. Our iOS app collects the same categories of data as the web platform.

2.1 INFORMATION PROVIDED BY ALL USERS

  • Account credentials (email address and password)
  • Full name and display name
  • Role selection (fighter, coach, or promoter)
  • Profile information and biography
  • Communication preferences and notification settings

2.2 FIGHTER-SPECIFIC INFORMATION

If you register as a fighter, we may additionally collect:

  • Physical attributes: weight, height, date of birth, weight class, and stance
  • Profile media: profile photos and fighter images
  • Fight records: win/loss/draw statistics, fight history, opponents, event names, results, and methods of victory or defeat
  • Health and medical data: blood work results, blood work test dates, medical clearance documents, medical clearance expiry dates, and medical clearance status
  • Availability status: whether you are available to fight, in training camp, or recovering from injury
  • Gym connections: affiliations with gyms and coaches on the Platform
  • Combat sports disciplines: the martial arts styles you train and compete in

2.3 COACH-SPECIFIC INFORMATION

If you register as a coach or gym operator, we may additionally collect:

  • Gym business details: gym name, location/address, phone number, email address, and gym description
  • Gym branding: gym logo and images
  • Fighter rosters: lists of fighters affiliated with your gym
  • Invitation data: records of fighter invitations sent through the Platform

2.4 PROMOTER-SPECIFIC INFORMATION

If you register as a promoter (web only), we may additionally collect:

  • Business details: promotion company name, contact information, and business description
  • Event data: event names, dates, venues, locations, and event details
  • Payment and billing information: subscription plan details, billing address, and payment method information (processed securely by Stripe; we do not store full credit card numbers)

2.5 AUTOMATICALLY COLLECTED INFORMATION

When you access the Platform, we automatically collect certain technical information:

  • Device information (device type, operating system, browser type)
  • IP address and approximate geographic location
  • Usage data (pages visited, features used, time spent on the Platform)
  • Referral source and navigation paths
  • App version (for iOS users)

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 PLATFORM OPERATIONS

  • Creating and managing your account and user profile
  • Authenticating your identity and maintaining account security
  • Displaying your profile to other users as appropriate to your role
  • Facilitating connections between fighters, coaches, gyms, and promoters
  • Managing gym rosters and fighter-gym affiliations
  • Processing and displaying fight records

3.2 AI-POWERED FIGHT MATCHING

We use fighter profile data -- including weight, experience level, fight record, and availability -- to power our AI fight matching system. This system uses OpenAI's GPT-4 technology along with a rule-based fallback algorithm to suggest suitable fight matchups for events. Fighter data sent to OpenAI for matching purposes is not used by OpenAI to train their models.

3.3 HEALTH DATA

Fighter health information (blood work results, medical clearance documents) is used solely to help fighters track their medical compliance for competition. This data is stored securely and is only accessible to the fighter and, where the fighter has granted access, their affiliated coaches or promoters reviewing event eligibility.

3.4 COMMUNICATIONS

  • Sending in-app notifications about events, matches, and platform activity
  • Delivering email notifications via our email service provider
  • Responding to your enquiries and support requests
  • Sending important service updates and policy changes

3.5 PAYMENTS

Subscription payments are processed through two channels depending on how you access the Platform. Web platform subscriptions for all roles (Fighter $9.90/month, Coach $19.90/month, Promoter $100/month) are processed securely through Stripe. iOS app subscriptions for fighters and coaches are processed through Apple's in-app purchase system (StoreKit) at $9.99/month or $99.99/year (Fighter) and $19.99/month or $199.99/year (Coach). We do not store complete payment card details on our servers. Apple's standard subscription terms apply to iOS purchases.

3.6 ANALYTICS AND IMPROVEMENT

  • Analysing usage patterns to improve the Platform
  • Monitoring and preventing fraud, abuse, or unauthorised access
  • Maintaining the security and integrity of our services
  • Complying with legal obligations

4. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We may share your information in the following circumstances:

4.1 WITH OTHER PLATFORM USERS

  • Fighter profiles: Your profile information (name, photo, weight class, fight record, availability) may be visible to coaches, promoters, and other fighters based on your privacy settings and gym affiliations.
  • Gym information: Gym details (name, location, contact information) are displayed in the gym directory and to affiliated fighters.
  • Event information: Event details created by promoters are displayed publicly to fighters and coaches.
  • Share tokens: When you generate a share link for your profile, the information included in that link is accessible to anyone with the link URL.

4.2 WITH THIRD-PARTY SERVICE PROVIDERS

We use the following third-party services to operate the Platform:

ProviderPurposeData Shared
SupabaseDatabase, authentication, file storageAll user data (stored in PostgreSQL with row-level security)
StripePayment processingBilling details, subscription and payment information
OpenAIAI fight matching (GPT-4)Fighter attributes (weight, record, experience) for matching only
ResendTransactional email deliveryEmail address and notification content
VercelWeb hosting and deploymentRequest logs, IP addresses, usage analytics

Each of these providers is contractually obligated to handle your data in accordance with their respective privacy policies and applicable data protection laws.

4.3 LEGAL REQUIREMENTS

We may disclose your information if required to do so by law, or if we believe in good faith that such disclosure is necessary to comply with a legal obligation, protect our rights or property, prevent fraud, or protect the safety of our users or the public.

4.4 BUSINESS TRANSFERS

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email or a prominent notice on the Platform before your information is transferred and becomes subject to a different privacy policy.

5. DATA RETENTION

We retain your personal information for as long as your account remains active or as needed to provide you with our services. Specific retention periods include:

  • Account data: Retained for the duration of your account and for up to 30 days after account deletion to allow for reactivation.
  • Fight records: Retained for the lifetime of the Platform to maintain historical accuracy of the combat sports record, unless you request deletion.
  • Health and medical data: Retained while your account is active. Medical clearance documents and blood work records are deleted within 30 days of account deletion or upon your explicit request.
  • Payment records: Retained for up to 7 years to comply with tax and financial reporting obligations under Australian law.
  • Usage logs: Retained for up to 12 months for analytics and security purposes.

6. DATA SECURITY

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it, including:

  • Encryption: All data is transmitted over HTTPS/TLS encryption. Passwords are hashed and never stored in plain text.
  • Row-level security: Our database uses Supabase's row-level security (RLS) policies to ensure users can only access data they are authorised to view.
  • Secure file storage: Medical documents and profile images are stored in Supabase Storage with access controls.
  • Authentication: We use Supabase Auth with secure session management, including token-based authentication for the iOS application.
  • Payment security: All payment processing is handled by Stripe, which is PCI DSS Level 1 certified.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but will notify you promptly in the event of a data breach in accordance with applicable laws.

7. COOKIES AND TRACKING TECHNOLOGIES

Our Platform uses the following types of cookies and similar technologies:

  • Essential cookies: Required for authentication, session management, and core Platform functionality. These cannot be disabled.
  • Analytics cookies: Used to understand how users interact with the Platform, helping us improve features and performance.

You can manage your cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Platform.

The iOS application uses local device storage for authentication tokens and user preferences. It does not use third-party tracking SDKs.

8. iOS APPLICATION

Our iOS application is available to fighters and coaches. It collects the same categories of personal data as the web platform, as described in Section 2 of this policy. Key details specific to the iOS app include:

  • The iOS app connects to the same Supabase backend as the web platform.
  • Promoter features are not available in the iOS app; promoters use the web platform exclusively.
  • Fighter and Coach subscriptions may be purchased directly through the iOS app via Apple's in-app purchase system. Promoter subscriptions are managed via the web platform through Stripe only.
  • The app may request permission to access your device camera and photo library for profile photos and document uploads. These permissions are optional and can be managed through your device settings.
  • Push notifications may be sent via Apple Push Notification service (APNs). You can manage notification preferences in your device settings and within the app.

9. CHILDREN'S PRIVACY

The Platform is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as soon as possible.

Users between the ages of 13 and 18 may use the Platform with the consent of a parent or legal guardian. Given the nature of combat sports, we recommend that minors using the Platform do so under the supervision of their coach or guardian.

10. YOUR RIGHTS

Depending on your location, you may have the following rights regarding your personal information:

10.1 ALL USERS

  • Right of access: You may request a copy of the personal information we hold about you.
  • Right to rectification: You may request that we correct any inaccurate or incomplete personal information.
  • Right to deletion: You may request the deletion of your account and associated personal information, subject to any legal retention requirements.
  • Right to data portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to withdraw consent: Where we process data based on your consent, you may withdraw that consent at any time.
  • Right to object: You may object to the processing of your personal information for certain purposes, including direct marketing.

10.2 AUSTRALIAN PRIVACY ACT RIGHTS

Under the Australian Privacy Act 1988, you have the right to access and correct the personal information we hold about you. If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

10.3 GDPR RIGHTS (EEA USERS)

If you are located in the European Economic Area, you have additional rights under the GDPR, including the right to restriction of processing and the right to lodge a complaint with your local data protection authority. Our lawful bases for processing include consent, contractual necessity, and legitimate interests in operating and improving the Platform.

10.4 EXERCISING YOUR RIGHTS

To exercise any of these rights, please contact us at privacy@lanistr.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

11. INTERNATIONAL DATA TRANSFERS

Lanistr is based in Australia. Our third-party service providers may store and process your data in locations outside of Australia, including the United States. When your data is transferred internationally, we ensure appropriate safeguards are in place through contractual arrangements with our service providers that comply with applicable data protection laws.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this policy and, where appropriate, by sending an email notification or displaying a prominent notice on the Platform.

We encourage you to review this policy periodically to stay informed about how we are protecting your information.

13. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Lanistr (operated by Media Evolution)

Email: privacy@lanistr.com

Website: lanistr.com