Keeperoo Privacy Policy (Australia)

Effective date: 16 September 2025

This Privacy Policy explains how Keeperoo (sole trader, Australia) collects, uses, discloses and protects personal information for:

  • Business customers (e.g. cafés, retailers) and their staff using Keeperoo,
  • End customers of those businesses who use Keeperoo-powered loyalty cards.

We've written this in plain English. If anything is unclear, please contact us.

Contact

hello@keeperoo.au+61 422 979 293
Parcel Collect 1016022872
Shop 12 31 Eyre Street
NORTH WARD QLD 4810

Note: This policy is designed for Australian customers and is intended to align with the Australian Privacy Principles (APPs) where they apply. It is not legal advice.

---

1. The personal information we collect

1.1 Business customers and their staff

  • Name and contact details
  • Email address and phone number
  • Australian Business Number (ABN)
  • Business name, brand assets and logo
  • Staff details needed to operate the account (e.g. staff names/roles)
  • Authentication events using one-time passwords (OTP). We do not store passwords.

1.2 End customers (loyalty users)

  • Name
  • Email address and phone number
  • Loyalty activity: stamp/visit history
  • Purchase history (provided by the merchant's POS or entered by staff)

Note: We never collect or store payment card numbers.

1.3 Information we do not collect

  • Full date of birth, we may collect month and day.
  • Payment card numbers or CVV
  • Persistent advertising identifiers for cross-site tracking
  • Customer physical location

1.4 Cookies and analytics

  • We use Google Analytics with IP anonymisation enabled. Reports are aggregated and we do not build individual advertising profiles or track people across websites.
  • Essential cookies may be used to keep you signed in and operate the service. You can control non-essential cookies in your browser.

2. How we collect information

  • Directly from you when you sign up, contact us, or use our apps.
  • From merchants when they create or update a loyalty profile for their customers, or when the POS sends purchase events.
  • Automatically through our apps and website (e.g. device/browser information, limited logs for security and support).

3. Why we collect and use information

We use personal information to:

  • Provide and operate Keeperoo (loyalty tracking, OTP authentication, account management).
  • Show stamps/visits and reward history to the relevant customer and merchant.
  • Send service messages (e.g. OTP codes, receipts, system notices).
  • Enable merchants to send consented marketing messages (e.g. weekly specials by email) with clear unsubscribe options.
  • Run privacy-conscious analytics (aggregated, anonymised) to improve performance and reliability.
  • Prevent fraud, maintain security and comply with law.

We do not sell or rent personal information.

4. Payments

Keeperoo uses Stripe for payments. Stripe collects and processes payment card data directly. Keeperoo receives limited transaction references/metadata but never sees full card numbers or CVV. For details, refer to Stripe's own privacy policy.

5. When we disclose information

We disclose personal information only to run Keeperoo or as required by law. Typical recipients are:

  • Cloud hosting and platform providers (e.g. Vercel for application hosting, Supabase for database services). We target Australian regions (e.g. Sydney) where available, but some data may be stored or backed up in other countries by those providers.
  • Email and SMS service providers used to deliver OTP codes and messages.
  • Analytics providers (Google Analytics) configured with IP anonymisation and aggregate reporting.
  • Payment processors (Stripe) for transactions.
  • Support and logging tools we use to resolve issues and keep services secure.

We require our service providers to handle personal information securely and only for the purposes we specify.

6. Overseas disclosures

Some service providers may store or process data outside Australia. Where that happens, we take reasonable steps to ensure your information is protected in a way that is broadly consistent with Australian privacy requirements.

7. How we protect information

  • HTTPS/TLS encryption for data in transit.
  • Database-level controls including Row Level Security (RLS) to restrict access to only the right records.
  • Access is limited to the sole operator (principle of least privilege) and to service providers under contract.
  • Monitoring, logging and regular updates to address vulnerabilities.

No method of storage or transmission is 100% secure. If an eligible data breach occurs, we will assess and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) where legally required.

8. Retention and deletion

  • Active account data is kept while the merchant relationship continues or while an end customer's profile is active.
  • When a profile or account is deleted or closed, we archive it (soft delete) so it is no longer visible to end users or merchants.
  • Archived data is kept for up to 12 months in case it's needed to correct errors, address disputes or prevent fraud. After that, we permanently delete it.
  • Deleted data may remain in system backups for a short period before being overwritten. We may retain limited records where the law requires.

9. Your choices and rights

9.1 End customers (loyalty/checkout users)

  • Access & correction: You can request access to, or correction of, your information via the merchant you deal with or by contacting Keeperoo.
  • Unsubscribe: Every marketing email from a merchant includes an unsubscribe link or instruction. You can also contact the merchant directly.

9.2 Business customers

You can access and update your business account details in the dashboard or by contacting us.

We will take steps to verify your identity before actioning requests.

10. Cookies and tracking controls

  • You can set your browser to block or delete cookies. Keeperoo will still work for essential functions but some features may not remember your session.
  • We do not use third party advertising cookies or create cross-site advertising profiles.

11. Responsibilities of merchants

Merchants using Keeperoo are responsible for ensuring they have a lawful basis to collect and share their customers' personal information with Keeperoo (including any consent required for marketing under the Spam Act 2003 (Cth)). Keeperoo provides tools (e.g. unsubscribe links) to help merchants meet these obligations.

12. Changes to this policy

We may update this policy from time to time. The "Effective date" will be updated and a current version will be posted in our apps/website. Significant changes will be communicated through the service.

13. Complaints and questions

If you have questions or a privacy complaint, contact us first:

Keeperoo (Australia)

Email: ianoxwell@gmail.com

Phone: 0422 979 293

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) for guidance on your options.