Privacy Policy

Last updated: {{LAST_UPDATED}}

{{COMPANY_NAME}} (ABN {{ABN}}) trading as {{TRADING_NAME}} ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we handle personal information in accordance with the *Privacy Act 1988* (Cth) and the Australian Privacy Principles ("APPs").

1. The information we collect

We collect personal information that you provide to us directly, including:

account details: email address and a password hash;
profile information: optional display name;
subscription information: your Stripe customer and subscription

identifiers, billing status and current period end date;

engagement data: predictions, offer redemptions, prize entries and

notifications;

partner submissions: business name, contact name, email, phone, location

and category submitted via the partner enquiry form;

technical information collected automatically: IP address, browser type

and basic usage analytics needed to operate and secure the Service.

We do not receive or store your card details — payments are processed by Stripe Payments Australia Pty Ltd in accordance with their privacy policy.

2. How we use it

We use your personal information to:

create and manage your account, process your subscription and provide

member benefits;

run predictions, redemption codes and prize draws;
detect and prevent fraud, abuse and unauthorised access;
communicate service-related notifications;
with your consent, send marketing about new features, prizes or

partners; you can opt out at any time using the link in the email;

comply with legal obligations.

3. Disclosure

We disclose personal information only:

to our service providers who help us operate the Service (cloud hosting,

database, payments processing, email delivery), under contract;

to a Partner where strictly necessary to validate a redemption — they

receive only the redemption code, not your contact details;

to a regulator, law enforcement agency or court where required by law;
to a successor in connection with a sale of our business.

We do not sell your personal information.

4. Cross-border disclosures

Some of our service providers process data outside Australia (for example, Stripe and our hosting provider's global edge network). Where this occurs we take reasonable steps to ensure recipients comply with the APPs or with materially similar protections.

5. Storage and security

Personal information is stored on Cloudflare D1 (SQLite) within Cloudflare's network. Access is restricted to authorised personnel. Passwords are hashed using PBKDF2-SHA256 before storage. Sessions use HttpOnly, Secure, SameSite=Lax cookies.

6. Direct marketing

If you no longer wish to receive marketing from us, you can unsubscribe using the link in the email or by emailing {{CONTACT_EMAIL}}.

7. Cookies

We use a small number of strictly necessary cookies (notably the session cookie) to operate the Service. We do not use third-party advertising trackers.

8. Access, correction and deletion

You may request access to, correction of, or deletion of the personal information we hold about you by emailing {{CONTACT_EMAIL}}. We will respond within a reasonable time and may need to verify your identity. Some information must be retained to comply with legal, tax or fraud-prevention obligations.

9. Complaints

If you believe we have breached the APPs or this Policy, please contact us at {{CONTACT_EMAIL}}. We will respond within 30 days. If you are not satisfied with our response you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Changes

We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent version. Material changes will be notified to you in-app or by email.