Privacy Policy
Last updated: 26 April 2026
Draft notice. This Privacy Policy is a working draft prepared by the Localwise team. It has not yet been reviewed by an Australian-qualified legal practitioner. It must not be treated as legal advice, and a final review is required before public launch.
1. Overview
Localwise Pty Ltd (“Localwise”, “we”, “us”, “our”) operates the Localwise mobile application, the consumer website at golocalwise.com.au, the merchant portal, and the admin portal (collectively, the “Platform”). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information.
We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we handle personal data of individuals located in the European Union or the United Kingdom, we additionally aim to comply with the General Data Protection Regulation (GDPR) and the UK GDPR.
2. Information We Collect
2.1 Information you provide directly
- Account information: name, email address, phone number (where supplied), and password credentials managed via Firebase Authentication.
- Merchant business information: ABN, trading name, address, contact details, business category, opening hours, and uploaded media (logos, photos).
- Payment information: card details and billing address are submitted directly to Stripe and are not stored on our servers. We retain a Stripe customer ID and a tokenised payment-method reference only.
- Support correspondence: any messages you send to us via email or in-app support forms.
2.2 Information collected automatically
- Location data: GPS coordinates from your device, used to surface nearby offers. Coordinates are anonymised (truncated/snapped to a reduced precision) after 12 months in line with our retention rules (see §6).
- Device information: device model, operating system, app version, language, push notification tokens.
- Usage data: ads viewed, offers saved, redemptions, scratch card activity, search queries, and timestamps.
- Cookies and similar technologies: the merchant and admin portals set strictly necessary cookies for authentication (Firebase session) and a small number of preference cookies (theme, language). The marketing website uses no third-party advertising cookies.
2.3 Information from third parties
- Identity providers: when you sign in with Google, Apple, or another supported provider via Firebase Authentication, we receive your name, email address, and a stable user identifier from that provider.
- Email delivery: we receive bounce and complaint signals from our email delivery provider (Resend) so that we can suppress further sending to addresses that have hard-bounced or marked our email as spam (see §5).
3. How We Use Your Information
We use personal information to:
- create and manage your account and authenticate sessions;
- show you relevant nearby offers and personalised recommendations;
- process payments, subscriptions, and invoices via Stripe;
- distribute, reveal, and validate scratch cards and offer redemptions;
- send transactional notifications (e.g. redemption confirmations) via push and email;
- send service announcements and, where you have opted in, marketing communications;
- detect and prevent fraud, abuse, and breaches of our Terms of Service;
- comply with legal obligations (tax, accounting, law-enforcement requests under valid process);
- improve the Platform via aggregated and de-identified analytics.
We do not sell your personal information to third parties, and we do not use it for cross-context behavioural advertising.
4. Third-Party Data Processors
Localwise shares limited personal data with the following processors strictly to provide the Platform. Each processor is contractually bound to handle data on our instructions and to maintain appropriate security:
| Processor | Purpose | Privacy notice |
|---|---|---|
| Stripe Payments Australia Pty Ltd | Card processing, subscription billing, payouts | https://stripe.com/au/privacy |
| Google LLC (Firebase) | Authentication, hosting, push delivery (FCM) | https://firebase.google.com/support/privacy |
| Cloudflare, Inc. | Edge compute (Workers), CDN, DNS, image optimisation | https://www.cloudflare.com/privacypolicy/ |
| Resend, Inc. | Transactional email delivery, bounce/complaint signals | https://resend.com/legal/privacy-policy |
| OpenAI, L.L.C. | Content moderation of user-submitted ad copy | https://openai.com/policies/privacy-policy |
| Sentry (Functional Software, Inc.) | Error monitoring and performance telemetry | https://sentry.io/privacy/ |
A current list is maintained internally and will be updated here as processors change.
5. Email Bounces and Complaints
When an email we send to you bounces (the receiving server permanently rejects it) or you mark an email as spam, our email delivery provider notifies us via webhook. We record the address as suppressed and stop sending further non-essential email to it. You may request reinstatement by contacting privacy@golocalwise.com.au.
6. Data Retention
| Data category | Retention period |
|---|---|
| Account record (consumer or merchant) | Lifetime of the account; deleted on request (see §7) |
| Redemption history | 7 years (financial / tax records) |
| Scratch card activity | 24 months from issue |
| Raw GPS coordinates | 12 months, then anonymised to reduced precision |
| Push notification tokens | Until token expires or device is deregistered |
| Stripe payment metadata | Retained per Stripe’s policies and AU tax law |
| Server access logs | 90 days |
| Sentry error events | 90 days |
When you delete your account, we remove or de-identify your personal information within 30 days, except where retention is required by law (e.g. tax records).
7. Your Rights
Subject to the Australian Privacy Principles, and where applicable the GDPR/UK GDPR, you have the right to:
- Access the personal information we hold about you. The Localwise mobile app provides a self-service “Export My Data” action (under Profile) that delivers a JSON archive of your profile, redemption history, scratch cards, favourites, and registered devices.
- Correct inaccurate or out-of-date information directly in the app, or by contacting us.
- Delete your account and associated personal information. In-app account deletion is available; alternatively email privacy@golocalwise.com.au.
- Port your data — the export described above is provided in a structured, machine-readable JSON format.
- Restrict or object to certain processing (e.g. marketing email) at any time.
- Withdraw consent for processing that is based on consent (e.g. location services), without affecting prior lawful processing.
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au if you believe we have mishandled your personal information.
We respond to verifiable requests within 30 days and free of charge in ordinary cases.
8. International Transfers
Localwise is operated from Australia. Some of our processors (including Stripe, Firebase/Google, Cloudflare, Resend, OpenAI, and Sentry) store or process data in the United States and other jurisdictions. We rely on each processor’s contractual safeguards (Standard Contractual Clauses or equivalent) for these transfers.
9. Security
We use TLS for all data in transit, encrypt data at rest where supported by the underlying platform (Cloudflare D1, R2, KV; Firebase), enforce Firebase Authentication for all user sessions, and follow OWASP-aligned secure-development practices. No system is perfectly secure; if we become aware of an eligible data breach we will notify affected individuals and the OAIC in accordance with the Notifiable Data Breaches scheme.
10. Children
The Platform is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us so we can delete it.
11. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notice or email. The “Last updated” date at the top reflects the most recent revision.
12. Contact Us
For privacy enquiries, data subject requests, or to lodge a complaint with us before escalating to the OAIC:
- Email: privacy@golocalwise.com.au
- Postal: Localwise Pty Ltd, [registered address — to be confirmed before launch]