Privacy Policy (Global)

Effective date: 2026-04-01

This Privacy Policy (“Policy”) describes how we collect, use, store, and share personal data when you use the URX Service available at urx.world.

By using the Service, you acknowledge that you have read this Policy. If you do not agree, you must not use the Service.

1. Scope and roles

This Policy applies to the processing of personal data within the URX Service available at urx.world.
In this Policy, “Company”, “we”, “us”, and “our” means URX WORLD LLC; “Service” means URX and related features/sections described in the Terms of Service.
Under this Policy, the Company acts as the controller of personal data to the extent required by applicable law.

2. Information we collect (by source)

2.1 Information you provide

Account and profile data: first name, last name, date of birth, email, username (handle), city, country, messenger contacts (if you provide them), language, and settings.
Authentication and security data: credentials and technical security-related tokens.
Communications: support requests, survey responses, and service/marketing preferences.
Content and interactions: publication captions, comments, likes/reactions, and other User Content.

2.2 Information generated from Service use

Activity and results data: screenshots, activity summaries, timestamps, visible app/device identifiers, results, rankings, and participation history.
Run geolocation: may be published at your choice when you publish content and/or activity markers.
Technical and usage data: IP address, device type, operating system, approximate IP-based location, access/security/anti-fraud logs, and diagnostics.
Cookies and similar technologies data as described in the Cookie Policy.

2.3 Information from payment providers and partners

Payment transactions are processed by payment providers; we generally receive limited metadata (status, amount, payment method type, last digits where applicable), not full card details.

2.4 What we do not require

We do not require government-issued ID documents or biometric identifiers (including face recognition) to use the Service.
User Content may include personal data of you and third parties; by publishing such content, you confirm you have the necessary rights and you are responsible for lawful publication.
Run screenshots may contain health-related information (for example, heart rate/training load). We do not extract or systematize such information as a separate data category; it remains stored only as part of uploaded User Content.

3. How we use information

We process personal data to:

Provide and improve the Service (accounts, Races, results, and user support).
Verify activity and results, prevent fraud, and maintain leaderboard integrity.
Process payments and fulfil orders, including delivery of physical goods.
Send service messages and marketing communications (marketing is governed by the Marketing & Communications Policy).
Comply with law, respond to lawful requests, and protect rights, safety, and property.
Enforce the Terms of Service, Rulebook, Community Guidelines, and applicable policies.

4. Legal bases (where applicable)

Depending on applicable law, we may rely on one or more legal bases: performance of a contract, legitimate interests, consent (where required), and legal obligation.

In particular, this typically includes:

Performance of a contract: account creation and management, Race participation, result processing, and core Service delivery.
Legitimate interests: fraud prevention, abuse detection, Service security, and proportionate product/service improvement.
Consent: non-essential cookies/trackers and certain marketing communications where consent is required.
Legal obligation: compliance, lawful requests, accounting/tax, and other mandatory legal requirements.

Where we rely on legitimate interests, we perform a balancing assessment and apply safeguards to ensure those interests are not overridden by your rights and freedoms.

For Global, applicable legal frameworks include: the laws of the Republic of Kazakhstan, subject to mandatory laws of your jurisdiction where applicable.

Where processing is based on consent and consent is withdrawn, we will stop that processing unless another legal basis applies.

5. How we share information

We do not sell your personal data. We may share personal data with:

Where required by applicable law, data processing for marketing, advertising, and analytics is carried out with user rights to choice and opt-out/consent withdrawal, in accordance with the Cookie Policy and Marketing & Communications Policy.
Service providers (hosting, email, analytics, support, payments, anti-fraud tools, AI/ML infrastructure, shipping) under contractual safeguards.
Authorities where required by law or necessary to protect rights and safety.
Professional advisers (for example, lawyers and auditors) under confidentiality.

6. Public visibility and privacy controls

Service data may generally be visible to other users within Service functionality, except for email, date of birth, and last name (if you hide it in privacy settings).
You may hide run marker geolocation in privacy settings where that control is available.
Age/sex group is used for rankings and race placements and is visible in the Service; it cannot be hidden.
If a specific feature does not include a separate privacy control, that feature may be inherently public.
If available in the interface, you may also use in-product reporting controls (for example, “Report content”) in addition to the process described in our Community Guidelines.

7. Location and route data

For Race participation, you may publish screenshots and other User Content that can display maps, routes, and location data.
If you publish such content publicly, it may reveal approximate or precise geolocation (for example, the area of a run or a route shown in a screenshot).
Run screenshots are public and available to other users because this supports fair participation and result verification in accordance with our Community Guidelines.
Do not publish personal data you do not want to disclose publicly (for example, home address, third-party data, or precise coordinates).

8. Cookies and similar technologies

Use of cookies and similar technologies is governed by our Cookie Policy. Where required by law, non-essential categories are based on consent and consent withdrawal.

9. Retention and account deletion

Account data is retained for the life of the account and then for a post-closure period needed for backup, disputes, and legal claims.
Activity, results, and participation evidence are retained for as long as needed for Race operations, leaderboard/historical integrity, and dispute handling (including chargebacks; see our Refund Policy).
Technical logs and minimized records are retained in shorter operational windows, typically in the range of 30-180 days, unless a longer period is required for security incidents, fraud investigations, or legal compliance.
After account deletion, data is deleted or anonymized as described in the Terms of Service; limited identifiers and aggregated data may remain where needed for historical integrity and legal obligations.

Retention periods may vary by data category, product context, and jurisdiction. Where required by law, we apply shorter or longer periods accordingly.

10. Your rights and choices

Subject to applicable law, you may have rights to access, rectification, deletion, restriction, portability, objection, and consent withdrawal (where processing is consent-based).

You may use available Service settings to manage visibility and preferences. Requests can be sent to privacy@urx.world; we may request identity verification to protect your account and prevent unauthorized access. You may also lodge a complaint with a competent supervisory authority.

11. International data transfers

Due to the global nature of the Service, personal data may be processed and transferred to countries other than your country of residence.

For such transfers, where required by applicable law, we use legally recognized transfer mechanisms and safeguards (for example, Standard Contractual Clauses and comparable cross-border tools).

We assess such transfers under applicable requirements and apply reasonable organizational and contractual measures to protect personal data with recipients.

You may contact privacy@urx.world to request additional information about applicable transfer mechanisms, to the extent permitted by law.

12. AI and automated processing

We may use automated means (including AI) to process personal data for Race result verification, abuse detection, fraud prevention, and Service security.

Such processing may include personal data from User Content (including screenshots), activity and result data, and technical/log data described in Section 2 of this Policy.

Automated processing is carried out within the purposes and legal bases described in Sections 3 and 4 of this Policy.

If a decision made using automated processing may significantly affect your rights and legitimate interests, you may request additional review and reconsideration via privacy@urx.world in accordance with Section 10 of this Policy. Where appropriate, such review may involve human assessment.

13. Age restrictions (18+)

The Service is intended for users aged 18+.

At registration, a profile should not be created if the declared age is under 18.

A violation of this requirement is the provision of inaccurate age information (including where a user declares 18+ while being under 18 in fact), whether intentional or unintentional.

If we identify that a profile actually belongs to a person under 18, we may restrict or delete that profile and take measures regarding related data in a manner consistent with the Terms of Service and applicable law.

14. Region-specific notices (optional annex format)

For certain countries and regions, additional notices, disclosures, and data subject rights required by local law may apply to this Policy.

Such provisions may be published as separate regional sections and/or annexes to this Policy and apply to users in the relevant jurisdiction.

If there is a conflict between the general version of this Policy and a regional annex, the regional annex prevails to the extent required by applicable law.

15. Changes

We may update this Policy when Service functionality changes, when the scope of processed data changes, when legal requirements change, or when data processing practices are updated.

The current version is always published in the Service with an updated effective date shown at the top of this Policy. If changes are material and where required by applicable law, we will provide additional notice through the Service interface and/or account-linked contact channels.

If you continue using the Service after changes take effect, you accept the updated version of this Policy.

16. Contact

Data protection / privacy inquiries: privacy@urx.world

Privacy responsible function: Data Protection / Privacy Team (reachable via privacy@urx.world).