Privacy Policy for D1 Arena

Last Updated: December 2025

SKILL-BASED ESPORTS PLATFORM - PRIVACY COMMITMENT

D1 Arena is a skill-based esports competition platform operating under Texas Penal Code §47.01. We are committed to protecting your privacy while providing legitimate skill-based tournament services.

Introduction

This Privacy Policy explains how we collect, use, and protect your data in compliance with:

Information We Collect

Account Information

  • Personal Info: Name, email, date of birth, contact details
  • Account Credentials: Username and password (password stored using industry-standard hashing)
  • Profile Data: Avatar, bio, social links, gaming preferences

Two-Factor Authentication (2FA) Data

  • Authentication App: TOTP secret key (encrypted, used to generate verification codes)
  • Recovery Codes: One-time backup codes (hashed and stored securely)
  • 2FA Status: Whether 2FA is enabled on your account
  • Authentication Logs: Timestamps of successful/failed 2FA attempts for security monitoring

Identity Verification Data

For users accessing wallet/payout features, identity verification is handled securely through Stripe Connect Express:

  • Stripe Identity Verification: Government-issued ID (passport, driver's license, or state ID) is verified directly through Stripe's secure hosted flow - D1 Arena never stores your ID documents
  • Selfie Verification: Photo matching is performed by Stripe during onboarding - deleted after verification
  • Address Verification: Verified through Stripe's KYC process
  • Verification Status: Synced from Stripe - pending, verified, or requires additional information

Important: All identity documents are submitted directly to Stripe through their secure, PCI-compliant hosted onboarding flow. D1 Arena does not receive, process, or store copies of your identity documents.

Tax Compliance Data (IRS Requirements)

For users receiving payouts, tax information is collected and managed securely through Stripe Connect Express:

  • Social Security Number (SSN): Collected directly by Stripe during onboarding - D1 Arena never receives or stores your full SSN
  • Tax Identification Number (TIN/EIN): For business entities, collected by Stripe
  • W-9/W-8BEN Forms: Stripe collects and validates all required tax forms electronically
  • 1099-K Tax Reporting: Stripe automatically generates and files 1099-K forms with the IRS for qualifying payouts

SSN/TIN Security: Your Social Security Number is collected and stored exclusively by Stripe in their PCI-DSS Level 1 compliant infrastructure. D1 Arena does not receive, store, or have access to your full SSN. Stripe handles all IRS tax reporting on your behalf, including Form 1099-K generation and filing.

Wallet & Financial Data

  • Wallet PIN: 4-digit security PIN (hashed, never stored in plain text)
  • Payment Info: PayPal email or Stripe Connect account ID
  • Transaction History: Deposits, withdrawals, tournament winnings, subscription payments
  • Payout Methods: Bank account details for ACH transfers (encrypted)

Platform Usage Data

  • Membership Info: Subscription tier (Starter, PRO, or Ultimate) and billing history
  • Usage Data: Game stats, preferences, tournament history
  • Device Info: IP address, browser, operating system
  • Streaming Data: VOD recordings, clips, stream analytics

Age Requirements & Parental Consent

  • Under 13: NOT permitted. We do NOT knowingly collect data from children under 13 (COPPA compliance)
  • Ages 13-17: Parental/guardian consent required. Age-appropriate content only. Cannot access wallet features or receive payouts.
  • Ages 18+: Full access to all tournaments, wallet features, and payouts (with identity verification)

How We Use Your Data

  • Account Security: 2FA verification, login protection, fraud prevention
  • Identity Verification: Confirming user identity for wallet access and payouts
  • Tax Compliance: IRS Form 1099-K reporting for payment processors
  • Tournament Management: Registration, matchmaking, results
  • Prize Distribution: Secure payment processing to verified accounts
  • Membership Services: Managing your Starter, PRO, or Ultimate subscription
  • Communication: Updates, support, security alerts, notifications
  • Legal Compliance: Texas law and skill-based competition verification
  • Platform Improvement: Analytics and feature development

Data Protection - We Do NOT

  • Sell your personal information, including identity documents or SSN
  • Rent your data to third parties
  • Share data for marketing without consent
  • Collect data from children under 13
  • Store passwords, PINs, or 2FA recovery codes in plain text
  • Display full SSN/TIN in any user interface (only last 4 digits shown)

Data Sharing (Limited)

  • Stripe Connect Express: Primary payment processor - handles identity verification, SSN collection, tax form generation (1099-K), and payouts. Stripe is PCI-DSS Level 1 certified and SOC 2 compliant. View Stripe Privacy Policy
  • PayPal: Alternative payout method for users who prefer PayPal
  • Tax Authorities: Stripe reports to the IRS on your behalf via Form 1099-K for qualifying payouts
  • Legal Requirements: Court orders, law enforcement requests, subpoenas
  • Platform Protection: Fraud prevention, terms enforcement

Security Measures

Encryption & Data Protection

  • SSL/TLS Encryption: All data encrypted in transit using TLS 1.3
  • AES-256 Encryption: SSN, bank account numbers, and sensitive financial data encrypted at rest
  • Password Hashing: Bcrypt with cost factor 12 for password storage
  • PIN Security: Wallet PINs hashed using secure one-way algorithms
  • 2FA Secrets: TOTP secrets encrypted, recovery codes hashed

Access Controls

  • Role-Based Access: Limited personnel access to personal and financial data
  • PII Access Logging: All access to sensitive data (SSN, ID documents) is logged and audited
  • Admin 2FA Required: All administrative accounts require two-factor authentication
  • Regular Audits: Security assessments and vulnerability testing

Payment Security

  • PCI-DSS Compliance: Payment processing through compliant providers
  • Secure Payments: We never store full credit card numbers

Data Retention

  • Account Data: Retained while account is active, deleted upon request (subject to legal holds)
  • Tax Records (SSN, W-9/W-8BEN): Stored and retained by Stripe per IRS requirements (7 years) - D1 Arena does not store this data
  • Identity Documents: Processed by Stripe during verification - not stored by D1 Arena
  • Stripe Connect Account: Your Stripe account persists independently; you can manage it via Stripe's dashboard
  • Transaction History: Retained for 7 years for audit purposes; also available in your Stripe dashboard
  • 2FA Data: Deleted immediately when 2FA is disabled or account is deleted
  • Security Logs: Retained for 2 years for fraud prevention

Your Rights

  • Access: View your personal data anytime via account settings
  • Update: Correct inaccurate information (identity re-verification may be required)
  • Delete: Request account and data deletion (subject to tax record retention requirements)
  • Withdraw Consent: Opt out of optional data processing
  • Portability: Request copy of your data in machine-readable format
  • 2FA Management: Enable, disable, or reset 2FA at any time
  • Security Alerts: Receive notifications of suspicious account activity

Cookies & Tracking

We use essential cookies for Platform functionality including session management and 2FA verification. For detailed information, see our Cookie Policy. You can manage cookie preferences in your browser settings.

Third-Party Links

External links are not covered by this policy. Review third-party privacy policies separately.

Policy Updates

We may update this policy. Significant changes will be communicated via Platform notification or email. Material changes to how we handle SSN, identity documents, or 2FA data will require explicit re-consent.

Contact

Questions about privacy, identity verification, or data security? Contact us.

For data deletion requests or TDPSA rights: privacy@d1arena.com

By using D1 Arena, you consent to this Privacy Policy and acknowledge our commitment to protecting your personal information, including identity documents and tax information, while operating a legitimate skill-based esports competition platform in compliance with Texas law.