Compliance

1. Corporate & jurisdiction

Spont is operated by Spont Pty Ltd, an Australian-incorporated proprietary company based in Melbourne, Victoria. The Service is governed by Australian Commonwealth law and the laws of Victoria. Disputes are subject to the exclusive jurisdiction of the courts of Victoria and the Commonwealth of Australia.

2. Payments & money handling

Spont is not an Australian Financial Services Licence (AFSL) holder and does not hold member funds in its own accounts. All money movement on the platform is performed by Stripe Payments Australia Pty Ltd (Stripe), a regulated payments provider, operating under Stripe's Services Agreement and Connected Account Agreement.

• Sponsors pay into a Stripe-managed escrow account (held by Stripe, not Spont).
• Spont's role is software orchestration: instructing Stripe when to release each milestone to the Club's connected Stripe account.
• Funds released to a Club are paid directly from Stripe to the Club's nominated Australian bank account.
• Spont collects its platform fee using Stripe's application_fee mechanism, so platform revenue, club payout and Stripe's own fees are split and accounted for inside a single, auditable transaction.
• Spont never has the ability to unilaterally move funds out of escrow or out of a Club account.

3. Fee & settlement structure

Spont charges a flat platform fee of 8% on the cleared value of every sponsorship milestone released through the Service. Stripe charges separate processing fees, currently 1.7% + A$0.30 for domestic card payments (rates subject to Stripe's own schedule). All fees are itemised on every tax invoice issued by the platform.

Example (A$5,000 milestone released):

• Sponsor charged: A$5,000.00
• Stripe processing (≈ 1.7% + A$0.30): − A$85.30
• Spont platform fee (8% application fee): − A$400.00
• Club receives via Stripe Connect: A$4,514.70

4. Tax & invoicing

Spont generates an ABN-compliant tax invoice for every released milestone, in accordance with the requirements of the A New Tax System (Goods and Services Tax) Act 1999 (Cth) (the GST Act) and the ATO's tax invoice rules. Each invoice itemises the Sponsor and Club ABNs (where supplied), the supply description, the GST-exclusive amount, the GST component (where applicable), Stripe processing fees and Spont's platform fee.

Where a Club is not registered for GST, no GST is charged on the supply and the invoice is clearly marked as such. Each party remains responsible for its own tax position, including income-tax treatment of sponsorship income or expense.

5. Anti-money-laundering & counter-terrorism financing (AML/CTF)

Identity verification, sanctions screening and beneficial-ownership checks are performed by Stripe as part of Connected Account onboarding, in accordance with Stripe's obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) and AUSTRAC guidance.

• Clubs cannot receive payouts until Stripe completes their KYC and charges/payouts are enabled.
• Sponsors funding escrow are subject to Stripe's standard payer screening.
• Spont monitors transaction patterns for material anomalies and may suspend accounts where required to comply with AML/CTF obligations or Stripe's risk policies.
• Spont may be required to share information about a transaction with Stripe, AUSTRAC, the AFP, the ATO or other regulators where lawfully compelled to do so.

6. Data protection & privacy

Spont handles personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). Key controls:

• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Authentication uses hashed and salted credentials; passwords are never stored in plain text.
• Database access is governed by Row-Level Security policies so users can only access their own records.
• Production database access is restricted to a small number of named administrators with audited access.
• Personal information is hosted on infrastructure with Australian-region availability and may also be processed by sub-processors in the United States and European Union; equivalent privacy protections are required by contract.
• Data subjects may request access, correction or deletion of their personal information by emailing contact@spont.club.

7. Consumer law & deliverables

Spont's services and the sponsorship deliverables traded on the platform are subject to the Australian Consumer Law (Schedule 2 to the Competition and Consumer Act 2010 (Cth)). Non-excludable consumer guarantees apply where relevant. The milestone-escrow mechanism is designed to provide Sponsors with a contractually robust pathway to withhold payment where deliverables are not provided as agreed, without prejudicing any non-excludable statutory rights.

8. Dispute resolution

Disputes between Clubs and Sponsors are handled through Spont's in-app dispute process. Either party may flag a milestone, in which case Spont may temporarily freeze the related escrow amount and request supporting evidence. Spont may make a good-faith recommendation but is not an arbitrator; either party retains its right to pursue independent legal remedies, including via the Australian Financial Complaints Authority (AFCA) where the dispute concerns a financial service provided by Stripe.

9. Operational security

• Continuous vulnerability scanning of platform dependencies.
• Cryptographically signed webhooks from Stripe with idempotency tracking to prevent replay or double-spend.
• Audit-logged admin actions on production data.
• Separation of duties between engineering and finance functions for any non-Stripe-mediated money movement (currently: none).

10. Record keeping

Financial records, tax invoices and AML/CTF-relevant transaction data are retained for a minimum of seven (7) years in accordance with Australian tax and financial-records law. Other personal information is retained only for as long as required to provide the Service and meet our legal obligations, as described in our Privacy Policy.

11. Sub-processors

• Stripe Payments Australia Pty Ltd — payments, KYC, payouts and tax-related reporting.
• Supabase Inc. — authentication and database hosting (Australian-region availability).
• Cloudflare Inc. — edge networking, DDoS protection and TLS termination.
• Sentry / equivalent — application error reporting (no payment data sent).

12. Reporting a security or compliance concern

If you discover a security vulnerability, a suspected breach, or a compliance concern, please email contact@spont.club. We aim to acknowledge reports within 2 business days. We do not take adverse action against good-faith security researchers acting within the scope of our responsible-disclosure expectations.

13. Contact

Spont Pty Ltd · Melbourne, Victoria, Australia · contact@spont.club