Last updated: 29 June 2026. This Privacy Policy explains how EspoVersus collects, uses, shares, stores, and protects your personal data when you use our skill-based competitive eSports tournament Platform, and your rights under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and applicable rules. The Platform is for users aged 18 and above.
We act as the Data Fiduciary for the personal data we process about you. We are committed to handling your data lawfully, fairly, and transparently, and only for the purposes described in this Policy.
1. Information We Collect
We collect the following categories of personal data, limited to what is necessary to provide and secure the Platform:
- Account & profile data: username, name, email address, mobile number, date of birth or age confirmation, password (stored in hashed form), and avatar.
- KYC & verification data: government-issued identity details such as PAN (e.g. ABCDE1234F) and related documents used to confirm that you are 18 or older and to verify your identity.
- Financial & transaction data: Wallet balances, Deposit and Withdrawal history, Entry Fees, Winnings, and payout details such as bank or UPI identifiers (processed via payment partners; we do not store full card numbers).
- Gameplay data: Tournament and Match participation, in-game identifiers you provide, results, and fair-play and anti-cheat signals.
- Device & technical data: device model, operating-system version, app version, IP address, and device-integrity or fingerprint signals used to prevent fraud and multi-accounting.
- Usage data: app interactions, feature usage, and diagnostic logs that help us maintain and improve the Platform.
- Support & grievance data: messages, tickets, dispute evidence, and correspondence you submit to us.
We collect this data directly from you when you register, complete KYC, transact, play, or contact us, and automatically through your use of the Platform. We do not deliberately collect special or sensitive categories of data beyond what is required for identity verification and lawful operation.
2. How & Why We Use It
We use your personal data only for specified, lawful purposes (purpose limitation), including to:
- Create and manage your Account and provide the Platform and its features.
- Verify your age and identity (KYC) and prevent underage access.
- Process Deposits, Entry Fees, Winnings, and Withdrawals.
- Organise Tournaments and Matches, confirm results, and credit performance-based rewards.
- Detect, investigate, and prevent fraud, cheating, multi-accounting, and security threats.
- Provide customer support and resolve grievances and disputes.
- Comply with legal, regulatory, tax, and anti-money-laundering obligations.
- Improve and secure the Platform and communicate important service notices.
We follow the principles of data minimisation, accuracy, and storage limitation, and we do not use your data for purposes incompatible with those above without your consent where required.
3. Legal Basis & Consent
We process your personal data on the basis of your consent and, where applicable, for certain legitimate uses and legal obligations permitted under the DPDP Act. Before collecting personal data on the basis of consent, we provide a clear and plain-language notice describing what data we collect, the purpose of processing, how you can exercise your rights, and how you can lodge a complaint with us and with the Data Protection Board of India.
Your consent is free, specific, informed, unconditional, and unambiguous, and is limited to the purposes notified to you. You may withdraw consent at any time through the in-app settings or by contacting our Grievance Officer. Withdrawal of consent does not affect processing carried out before withdrawal, and certain features that rely on the relevant data (such as Withdrawals that require KYC) may no longer be available after withdrawal. Where the law permits processing for certain legitimate uses or to comply with legal obligations, we may continue such processing as allowed.
4. Sharing & Third Parties
We do not sell your personal data, and we do not share it for third-party advertising without your consent. We share data only as needed with:
- Payment gateways and financial partners to process Deposits, Withdrawals, and KYC, and to detect payment fraud.
- Cloud and infrastructure providers that host and secure the Platform on servers located in India.
- Analytics, security, and anti-fraud service providers engaged under appropriate data-protection obligations.
- Professional advisers such as auditors and legal counsel, where necessary and under confidentiality.
- Law-enforcement, courts, or regulators where required by law or to protect rights, safety, and integrity, including in connection with a lawful request, investigation, or proceeding.
- A successor entity in the event of a merger, reorganisation, or transfer of the business, subject to this Policy.
All processors are contractually required to handle your data securely, only for the purposes we specify, and only on our instructions, and to delete or return it when no longer needed.
5. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law. For example, financial, transaction, and KYC records may be retained to meet legal, tax, regulatory, and anti-money-laundering obligations even after your Account is closed. When data is no longer required for any lawful purpose, we delete or anonymise it.
Account Deletion & PII Masking
You may request deletion of your Account. We operate a two-stage approach designed to balance your privacy with legal and anti-fraud integrity:
- Cooling-off period: when you request deletion, your Account may first enter a grace period during which login is restricted but recovery is possible, so you can restore your Account if you change your mind.
- Masking on purge: after the grace period, we mask or anonymise your personally identifiable information, such as name, email, phone, and game identifiers, replacing them with anonymised values, while zeroing balances and wiping sensitive documents.
We preserve only anonymised, non-identifying records that are needed for legal compliance, financial reconciliation, and anti-fraud integrity (for example, to prevent the same blocked identity from re-registering). Irreversible, hashed values may be retained for these limited purposes and cannot be used to reconstruct your original details.
6. Security
We implement reasonable technical and organisational security safeguards designed to protect your personal data against unauthorised access, alteration, disclosure, or loss. These include encryption of data in transit, access controls and role-based permissions, hashed storage of passwords, network and application monitoring, and anti-fraud and device-integrity checks. We also limit access to personal data to personnel and processors who need it to perform their functions. No method of transmission or electronic storage is completely secure, but we review and strengthen our safeguards on an ongoing basis and require our processors to maintain appropriate security measures.
7. Your Rights under the DPDP Act
Subject to applicable law, you have the following rights in respect of your personal data:
- Right to access information: obtain a summary of the personal data we process about you and the processing activities undertaken.
- Right to correction and completion: have inaccurate or misleading data corrected, and incomplete data completed or updated.
- Right to erasure: request deletion of personal data that is no longer necessary for the purpose for which it was collected, subject to legal retention obligations.
- Right to grievance redressal: raise any concern about how we handle your data and receive a timely response.
- Right to nominate: nominate another individual to exercise your rights on your behalf in the event of your death or incapacity.
You can exercise these rights through the in-app settings or by contacting our Grievance Officer at grievance@espoversus.com. We may need to verify your identity before acting on a request to protect your data. We will respond to your request within the timelines required under applicable law. There is no fee for exercising your rights, though we may decline manifestly unfounded or excessive requests as permitted by law.
8. Children's Data
The Platform is strictly for users aged 18 and above. We do not knowingly collect personal data from anyone under 18. We use age-gating and KYC to prevent underage access. If we learn that a minor has created an Account, we will disable it and delete associated personal data, subject to legal requirements. Parents and guardians can use parental-control tools and contact us at support@espoversus.com with concerns.
9. Cookies & SDKs
Our website and app may use cookies and software development kits (SDKs) for essential functionality, security, fraud prevention, performance, and analytics. Essential cookies and SDKs are required for the Platform to work, for example to keep you logged in and to protect against fraud. Analytics and performance cookies help us understand how the Platform is used so we can improve it. You can manage cookies through your browser or device settings, and you can control optional SDKs and analytics where such controls are offered in the app. Disabling certain cookies or SDKs may affect Platform functionality, including login and security features.
10. Automated Processing & Profiling
We use automated checks for fraud prevention, anti-cheat, and security (for example, detecting multi-accounting or suspicious transaction patterns). These checks support human review and are used to protect Users and the integrity of the Platform. Where an automated decision significantly affects you, you may contact us to request a review.
11. Data Breach Notification
In the event of a personal-data breach, we will inform affected users and the Data Protection Board of India as required, in plain language describing the nature and likely consequences of the breach, the measures we have taken or propose to take to mitigate it, recommended steps you can take to protect yourself, and how you can seek assistance. We will provide notifications within the timelines prescribed under applicable law, including a detailed submission to the Board within the required period after becoming aware of the breach.
12. Data Localization (India)
We store and process personal data on computing resources located in India, consistent with applicable data-localization and online-gaming requirements. Where any limited processing necessarily involves a service provider, it is carried out under contractual safeguards and in accordance with Indian law, and we do not transfer personal data to any jurisdiction restricted under applicable law.
13. Grievance Officer Contact
For any privacy concern, request, or complaint, contact the Grievance Officer, EspoVersus at grievance@espoversus.com. We will acknowledge your request within 24 hours and respond within the timelines required by applicable data-protection and intermediary rules. If you are not satisfied with our response, you may escalate the matter to the Data Protection Board of India in accordance with the DPDP Act.
14. Updates
We may update this Privacy Policy to reflect changes in law, technology, or our practices. We will post the updated Policy on the Platform and revise the "Last updated" date. Where changes are material, we will notify you through the Platform where reasonably possible and, where required, seek fresh consent. Please review this Policy periodically to stay informed about how we protect your data.