Privacy and data protection
Privacy Policy
How Horse Syndicate handles account, owner, billing, email and platform data for Australian racing syndicate teams.
Last updated: 5 June 2026
1. Who we are
Horse Syndicate is an Australian software-as-a-service platform operated by Artrick. It helps racing syndicates, managers and owners manage monthly owner billing, workbook calculations, prize money splits, statements, payment reminders and related administration.
This Privacy Policy explains how we collect, use, store and disclose personal information when you visit our website, create an account, use the Horse Syndicate application, receive emails from the platform or contact us.
We aim to handle personal information consistently with the Privacy Act 1988 (Cth) and the Australian Privacy Principles to the extent those laws apply to our business.
2. Personal information we collect
Depending on how you use the platform, we may collect:
- Account details: name, email address, password hash, role, organisation membership, multi-factor authentication settings and security preferences.
- Organisation and syndicate data: organisation name, syndicate names, horse names, owner records, owner email addresses, owner share percentages, billing month data, workbook entries, statement data, notes and reminders.
- Payment and subscription data: Stripe customer ID, subscription ID, subscription status, payment events, invoice links, payment failure status and billing metadata. We do not store full card numbers.
- Email and communication data: support requests, password reset emails, statement email delivery data, reminder email status and Resend message identifiers.
- Technical and usage data: IP address, browser, device, operating system, login events, audit logs, error logs, security logs, pages or features used and timestamps.
- Cookies and session data: authentication cookies, session tokens, CSRF/security data and organisation selection preferences.
3. How we collect information
- Directly from you when you register, log in, edit your profile or contact us.
- From organisation administrators and managers when they create owner, horse, shareholding, workbook or reminder records.
- Automatically when you use the website or application, including through secure cookies, logs and monitoring tools.
- From service providers such as Stripe, Resend, Vercel, Neon/Postgres and Sentry where they provide payment, hosting, email, database or error monitoring services to us.
4. Why we use personal information
We use personal information to:
- provide, operate, maintain and improve Horse Syndicate;
- create and manage user accounts, roles, organisations and access permissions;
- calculate workbook totals, owner payable amounts and statement summaries;
- send owner statements, payment reminders, password reset codes and service emails;
- process subscriptions, invoices, failed payments and billing portal access through Stripe;
- protect the security, integrity and availability of the platform;
- investigate errors, support issues, misuse, fraud or unauthorised access;
- meet legal, accounting, tax, security and dispute resolution obligations; and
- communicate important product, billing, security and policy updates.
5. Organisation and owner data responsibilities
Horse Syndicate is designed for organisation administrators and managers to enter and manage owner information. If you add owner details to the platform, you are responsible for ensuring you have authority to do so and that affected owners are aware their information may be used to send statements, payment reminders and related syndicate administration emails.
Owners and organisation users should contact their organisation manager first if they believe owner details, share percentages, billing amounts or statement information are incorrect.
6. Disclosure to service providers
We do not sell personal information. We may disclose personal information to trusted service providers only where reasonably necessary to operate the platform, including:
- Vercel for application hosting and runtime infrastructure;
- Neon/Postgres for database hosting;
- Stripe for subscription billing, checkout, invoices and payment processing;
- Resend for transactional email delivery;
- Sentry for error monitoring and diagnostics, if enabled;
- Google for authentication or related account services, if enabled;
- professional advisers, insurers or authorities where reasonably necessary or required by law.
7. Stripe payments and billing data
Payments and subscriptions are processed by Stripe. When you start a paid plan or access the billing portal, Stripe may collect and process billing details, card details, invoice details, tax details and related payment information under Stripe's own terms and privacy policy.
We receive limited billing metadata from Stripe, such as customer IDs, subscription IDs, subscription status, invoice URLs and payment success or failure events. We do not store your full card number.
8. Overseas disclosure and cloud providers
Some of our technology providers may process or store information outside Australia, including in the United States, Asia-Pacific or other regions where they operate infrastructure. By using the platform, you acknowledge that your information may be processed by these providers in accordance with their security, privacy and data processing terms.
We take reasonable steps to use reputable providers and apply contractual, technical and organisational safeguards appropriate to the nature of the information and the service.
9. Security
We use reasonable technical and organisational measures to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure. These measures may include HTTPS/TLS, password hashing, role-based access controls, audit logs, MFA support, backups, monitoring and restricted production access.
No internet service is completely secure. You are responsible for using a strong password, enabling MFA where available and keeping account access details confidential.
10. Data retention
We retain personal information for as long as reasonably required to provide the platform, maintain billing and audit records, comply with legal obligations, resolve disputes, detect misuse and support backup/recovery requirements.
If an organisation cancels or requests deletion, we may retain limited records where required for tax, accounting, security, legal or legitimate business purposes. Backup copies may persist for a limited period before being overwritten or deleted.
11. Access, correction and complaints
You may request access to or correction of personal information we hold about you. We may need to verify your identity and, for organisation data, confirm your authority before responding.
If you have a privacy complaint, contact us first so we can try to resolve it. We will respond within a reasonable time. If you are not satisfied, you may contact the Office of the Australian Information Commissioner.
12. Cookies
We use essential cookies and similar technologies for login sessions, authentication, security, CSRF protection and organisation preferences. We do not currently use third-party advertising cookies.
13. Marketing and service emails
We may send service emails that are necessary for the platform, including statements, reminders, security alerts, password reset codes, billing notices and important product or policy updates. Where we send marketing emails, you can opt out using the unsubscribe mechanism or by contacting us.
14. Children
Horse Syndicate is intended for business and syndicate administration use. It is not directed to children under 18 and we do not knowingly collect personal information from children.
15. Changes to this policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page. If changes are material, we may notify active customers by email or in-app notice.
16. Contact
For privacy requests, questions or complaints, contact Artrick at arthur@artrick.com.au.