TetraGG四面体电竞

Privacy Policy · 隐私政策

Compliant with Australian Privacy Act 1988, EU GDPR, and China PIPL. Data hosted in AWS Sydney (ap-southeast-2).

Last updated · 2026-04-28

TetraGG 隐私政策 / Privacy Policy

⚠️ This template was drafted by an AI assistant and MUST be reviewed by a qualified Australian solicitor before commercial use. Do not deploy as-is.

⚠️ 本模板由 AI 助手起草,在商业使用前必须经过澳大利亚执业律师审核。请勿直接上线使用。

Effective date / 生效日期: [TBD — to be set by legal review before launch] Last updated / 最后更新: 2026-04-30

中文版本

1. 我们是谁

林风林(个体经营 / Sole Trader, ABN 70 767 210 027),登记商号 TETRAHEDR0N,对外使用市场推广名 TetraGG(以下简称"TetraGG"或"我们")

  • ABN: 70 767 210 027
  • 法律主体: Lin Feng Lin (Individual Sole Trader)
  • 登记商号 (ASIC Business Name): TETRAHEDR0N
  • 主要营业地点: VIC 3149, Australia
  • 数据保护联系人 / Data Protection Officer: privacy@tetragg.au

我们运营 tetragg.au 网站、Discord 服务器、以及微信小程序,提供 Valorant 代练、教学与陪玩服务。

本政策适用于全球用户,并同时遵守:

  • 澳大利亚《1988 年隐私法》(Privacy Act 1988 (Cth))及《澳大利亚隐私原则》(APPs);
  • 欧盟《通用数据保护条例》(GDPR),适用于欧盟/英国用户;
  • 中华人民共和国《个人信息保护法》(PIPL),适用于中国大陆用户。

2. 我们收集的数据

数据类别具体内容收集目的
账户数据Discord ID、邮箱、昵称、可选微信 ID注册、订单沟通
支付数据信用卡卡号(由 Stripe 处理,我们不存储 PAN)、WeChat Pay openid、Wise 收款方信息收款、退款
游戏账号临时凭据Riot 登录邮箱+密码、二次验证码执行代练;订单完成后 72 小时内自动销毁
沟通记录Discord 聊天日志、客服工单客户支持、争议处理;保留 90 天后匿名化
使用数据浏览记录、设备型号、IP 地址、Cookies网站分析、风控;匿名化处理
未成年人监护数据(仅限 16-17 岁用户)家长姓名、ID 号、关系证明、消费上限履行《家长同意书》义务

3. 法律依据(GDPR / PIPL 要求)

处理活动法律依据(GDPR Art.6 / PIPL 第13条)
注册账户、下单履行合同(contract performance)
邮件营销、推送通知用户同意(consent,可随时撤回)
风控、反欺诈合法利益(legitimate interest)
法律义务(如 AUSTRAC 反洗钱报告)法定义务(legal obligation)

4. 数据存储位置

  • 主数据库: AWS Sydney 区域(ap-southeast-2),加密存储;
  • 备份: DigitalOcean 新加坡(每日增量、每周全量);
  • 日志: Vercel 全球边缘节点(仅匿名化访问日志,保留 30 天)。

数据默认不传输至中国大陆服务器;微信小程序所需数据通过腾讯云香港节点中转,受 GDPR 标准合同条款(SCCs)保护。

5. 第三方处理者

处理者用途所在国合规依据
Stripe Payments Australia Pty Ltd信用卡支付AU/USPCI-DSS Level 1;GDPR SCCs
WeChat Pay (Tenpay HK)微信支付HKPIPL 跨境标准合同
Wise Payments Ltd国际转账给陪玩师UKGDPR 适用
Discord Inc.工单与客户沟通USGDPR-DPA 已签署
Anthropic / OpenAIAI 教练对局分析(仅匿名化录像 metadata)US不传递个人身份信息
Vercel Inc.网站托管USGDPR-DPA
Supabase Inc.数据库托管(自部署,数据驻留 AWS Sydney)US(控制平面)DPA 签署
AWS云基础设施AUISO 27001、SOC 2

6. 国际数据传输

由于业务跨澳大利亚、中国、欧盟、美国,可能发生以下传输:

  • AU → US(Stripe、Discord、Anthropic)
  • AU → HK(WeChat Pay)
  • EU/UK → AU(GDPR 用户数据回传至主库)
  • CN → HK → AU(PIPL 用户数据)

保障措施

  • 所有跨境传输均采用 **GDPR 标准合同条款(SCCs 2021/914)**或 PIPL 标准合同
  • 传输过程 TLS 1.3 加密
  • 静态数据 AES-256 加密
  • 中国大陆用户首次注册时,平台获取单独同意用于跨境传输(PIPL 第 39 条)。

7. Cookie 与追踪

我们使用三类 Cookie:

类型用途是否可拒绝
必要 Cookie登录、购物车、CSRF 防护
分析 CookiePlausible Analytics(自托管,匿名化)
营销 CookieMeta Pixel、TikTok Pixel

首次访问时,我们会展示 Cookie 横幅,您可一键拒绝非必要 Cookie。GDPR / PIPL 用户默认 opt-out,需主动 opt-in。

8. 您的权利

权利适用法域如何行使
访问权(查询我们持有的您的数据)AU/EU/CN邮件 privacy@tetragg.au,30 天内回复
更正权AU/EU/CN同上
删除权 / 被遗忘权EU(GDPR)、CN(PIPL)同上;30 天内删除(法定保留期限内的数据除外)
限制处理权EU(GDPR)同上
数据可携权(机器可读格式导出)EU(GDPR)、CN(PIPL)同上
反对权(反对营销/分析)AU/EUCookie 横幅或邮件取消订阅
撤回同意权CN(PIPL 第 15 条)、EU后台一键撤回,不影响撤回前的合法处理
投诉权EU/UK向所在国 DPA 投诉(如英国 ICO、爱尔兰 DPC)
AU向 OAIC(Office of the Australian Information Commissioner)投诉
CN向网信办、市场监管局投诉

9. 数据保留期限

数据类别保留期限之后处理方式
账号信息(活跃用户)至账户删除立即删除
账号信息(非活跃用户)24 个月无登录自动匿名化
Riot 账号凭据订单完成后 72 小时加密销毁
订单与发票7 年(澳大利亚《税法管理法》要求)归档至冷存储
客服工单90 天匿名化
营销同意记录撤回后 5 年(举证用)删除
反欺诈黑名单永久(合法利益)仅保留必要字段

10. 未成年人

  • 16 岁以下不允许注册或下单。如发现,立即删除账户与所有数据。
  • 16-17 岁必须提供《家长同意书》(含家长身份证明、关系证明、消费上限),方可下单。详见 parental-consent-form.md
  • 我们不会主动向未成年人投放营销内容。

11. 安全措施

  • 传输加密: TLS 1.3
  • 静态加密: AES-256(数据库、备份)
  • 访问控制: RBAC + 双因素认证(员工后台)
  • 凭据保险柜: 客户 Riot 凭据通过 HashiCorp Vault 隔离存储,TTL 72 小时
  • 渗透测试: 每年至少一次(第三方)
  • 数据泄露响应: 知悉后 72 小时内通知 OAIC(澳大利亚)/ DPA(欧盟)/ 网信办(中国)以及受影响用户

12. 政策更新

重大变更将提前 30 天通过:

  • 注册邮箱通知;
  • 网站首页横幅公示;
  • Discord 服务器公告。

继续使用即视为接受更新。

13. 联系我们

  • 数据请求 / Data requests: privacy@tetragg.au
  • DPO(欧盟代表): [TBD — 需在欧盟境内指定,依 GDPR Art.27]
  • PIPL 中国境内代表: [TBD — 在中国境内有用户达一定量级时需指定]
  • 业务地点 / Business address: VIC 3149, Australia (具体路名 / 邮编 视律师 review 时是否要求公开披露)

English Version

1. Who We Are

Lin Feng Lin (Sole Trader, ABN 70 767 210 027), registered business name TETRAHEDR0N, trading under the marketing name TetraGG (collectively "TetraGG", "we", "us").

  • ABN: 70 767 210 027
  • Legal entity: Lin Feng Lin (Individual Sole Trader)
  • Registered business name (ASIC): TETRAHEDR0N
  • Main business location: VIC 3149, Australia
  • Data Protection contact: privacy@tetragg.au

We operate tetragg.au, our Discord server, and a WeChat mini-program providing Valorant boosting, coaching and duo-queue services.

This policy applies globally and complies with:

  • Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs);
  • EU General Data Protection Regulation (GDPR) for EU/UK users;
  • China Personal Information Protection Law (PIPL) for Mainland China users.

2. Data We Collect

CategorySpecificsPurpose
Account dataDiscord ID, email, handle, optional WeChat IDRegistration, order communication
Payment dataCard details processed by Stripe (we do NOT store PAN), WeChat openid, Wise payee detailsReceivables, refunds
Game account temp credentialsRiot login email + password + 2FA codeBoosting execution; purged within 72h of order completion
CommunicationsDiscord chat logs, support ticketsCX, dispute handling; 90-day retention then anonymisation
Usage dataBrowsing, device, IP, cookiesAnalytics, anti-fraud; anonymised
Minor guardian data (16–17yo only)Parent name, ID, relationship proof, spend capPerforming the Parental Consent Form obligations

3. Legal Basis (GDPR / PIPL)

ActivityBasis (GDPR Art.6 / PIPL Art.13)
Registration, order fulfilmentContract performance
Marketing emails, push notificationsConsent (revocable any time)
Anti-fraud, risk controlLegitimate interest
AUSTRAC AML reportingLegal obligation

4. Storage Locations

  • Primary: AWS Sydney (ap-southeast-2), encrypted at rest;
  • Backup: DigitalOcean Singapore (daily incremental, weekly full);
  • Logs: Vercel global edge (anonymised access logs, 30-day retention).

Data is not stored on Mainland China servers by default; WeChat mini-program data transits Tencent Cloud Hong Kong under GDPR SCC protection.

5. Third-Party Processors

ProcessorUseCountrySafeguard
Stripe Payments Australia Pty LtdCard processingAU/USPCI-DSS L1; GDPR SCCs
WeChat Pay (Tenpay HK)WeChat paymentsHKPIPL Standard Contract
Wise Payments LtdBooster payoutsUKGDPR
Discord Inc.Tickets, commsUSGDPR DPA
Anthropic / OpenAIAI coaching analysis (anonymised replay metadata only)USNo PII transmitted
Vercel Inc.HostingUSGDPR DPA
Supabase Inc.DB (self-host, data residency AWS Sydney)US (control plane)DPA
AWSCloud infraAUISO 27001, SOC 2

6. International Transfers

Cross-border transfers occur:

  • AU → US (Stripe, Discord, Anthropic)
  • AU → HK (WeChat Pay)
  • EU/UK → AU (GDPR-user data to main DB)
  • CN → HK → AU (PIPL-user data)

Safeguards:

  • All transfers under GDPR Standard Contractual Clauses (SCCs 2021/914) or PIPL Standard Contract;
  • TLS 1.3 in transit;
  • AES-256 at rest;
  • Mainland China users provide separate consent at signup for cross-border transfer (PIPL Art.39).

7. Cookies & Tracking

TypeUseCan disable?
NecessaryLogin, cart, CSRFNo
AnalyticsPlausible (self-hosted, anonymised)Yes
MarketingMeta Pixel, TikTok PixelYes

A consent banner appears on first visit. GDPR/PIPL users are opt-in; AU users are opt-out in line with the APPs.

8. Your Rights

RightJurisdictionHow
AccessAU/EU/CNEmail privacy@tetragg.au; 30-day response
RectificationAU/EU/CNSame
Erasure / right to be forgottenEU, CNSame; 30-day fulfilment (subject to legal retention)
RestrictionEUSame
Portability (machine-readable export)EU, CNSame
Object (marketing/analytics)AU/EUCookie banner or email unsubscribe
Withdraw consentCN (PIPL Art.15), EUOne-click in dashboard; does not affect lawful processing prior to withdrawal
Lodge complaintEU/UKLocal DPA (e.g. UK ICO, Irish DPC)
AUOAIC (Office of the Australian Information Commissioner)
CNCAC, SAMR

9. Retention Periods

CategoryRetentionAfter
Account (active)Until deletionImmediate purge
Account (inactive)24 months no loginAuto-anonymise
Riot credentials72h post-completionCryptographic shred
Orders & invoices7 years (Tax Administration Act AU)Archive to cold storage
Support tickets90 daysAnonymise
Marketing consent records5 years post-withdrawal (evidentiary)Delete
Anti-fraud blacklistIndefinite (legitimate interest)Minimal fields only

10. Children

  • Under 16 — registration prohibited. Discovered accounts and data are deleted immediately.
  • 16–17Parental Consent Form (with guardian ID, relationship proof, spend cap) is mandatory. See parental-consent-form.md.
  • We do not target minors for marketing.

11. Security

  • In transit: TLS 1.3
  • At rest: AES-256 (DB, backups)
  • Access control: RBAC + 2FA on staff console
  • Credential vault: Client Riot creds isolated in HashiCorp Vault, 72h TTL
  • Pen-tests: at least annually by third party
  • Breach response: notification to OAIC / DPA / CAC and affected individuals within 72h of becoming aware.

12. Updates

Material changes notified 30 days in advance via:

  • Registered email;
  • Homepage banner;
  • Discord announcement.

Continued use constitutes acceptance.

13. Contact

  • Data requests: privacy@tetragg.au
  • EU GDPR Article 27 representative: [TBD — to be appointed in EU once user volume crosses thresholds]
  • PIPL China representative: [TBD — required once user volume crosses thresholds]
  • Business address: VIC 3149, Australia (street-level address withheld pending solicitor review of disclosure requirements)

⚠ This document was AI-drafted and must be reviewed by a qualified Australian solicitor before commercial use. Contact legal@tetragg.au with questions.