Legal · Privacy Policy
Privacy Policy
Connect Laboratory Pty Ltd ABN: 76 696 182 180 ACN: 696 182 180 Postal address: PO Box 368, Goodwood SA 5034
Effective date: [INSERT DATE] Last updated: [INSERT DATE]
Draft note — remove before publishing. This is a first-pass draft generated from a codebase audit of the Connect web and iOS apps. It is intended as a starting point for review by an Australian lawyer before you publish or submit to the App Store. Square-bracket fields need to be filled in. Nothing in this document is legal advice.
1. About this policy
Connect Laboratory Pty Ltd ("Connect", "we", "us", "our") operates the Connect platform, including the Connect iOS application and the website at connectau.co (together, the "Platform"). This policy explains how we collect, use, store, share and protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
If you do not agree with this policy, please do not use the Platform.
2. What personal information we collect
We only collect personal information that is reasonably necessary to operate the Platform and provide our services.
2.1 Information you give us
- Account details: your name, email address, phone number, date of birth, profile photo, and optional bio, hometown and current city.
- Authentication details: when you sign in with Apple, we receive a unique Apple identifier and, if you choose to share it, your email and name.
- Content you create: event listings you publish, photos and videos you upload, messages you send in chats, comments, reactions, polls, and any other content you post on the Platform.
- Connections: friend requests, friend connections, and businesses you follow.
- Support communications: if you contact us by email or through an in-app form, we collect the content of your communication and any information you choose to share.
2.2 Information we collect automatically
- Device information: device type, operating system version, app version, language settings, and a unique device identifier used for push notifications.
- Log and usage data: IP address, approximate location derived from IP address, access times, and actions taken within the app. This information is generated by our hosting and backend infrastructure (Vercel and Supabase) as part of normal operation.
- Session cookies (web only): when you use connectau.co, we set authentication cookies provided by our auth provider Supabase. These cookies are strictly necessary to keep you signed in and are not used for tracking or advertising. We do not currently use analytics, advertising, or marketing cookies.
2.3 Information we collect with your permission
On the Connect iOS app we ask for the following device permissions. You control each one and can change your decision at any time in your device settings.
| Permission | What we access | Why |
|---|---|---|
| Location (when in use) | Your approximate device location | To show events near you on the explore screen |
| Photo Library | Photos and videos you select | To upload to your profile, event listings and chats |
| Camera | Camera feed and photos/videos you capture | To take and share photos and videos within the app |
| Microphone | Audio while recording video | Recording video with sound for posts and chats |
| Contacts | Names and phone numbers in your address book | To find friends already on Connect. Phone numbers are matched against our database and never shared publicly |
| Calendar | Calendar write access | To let you add events you're attending to your calendar |
| Notifications | Push notification delivery | To send you messages, event updates and reminders |
2.4 Payment and financial information
When you buy or sell tickets, payments are processed by Stripe Payments Australia Pty Ltd ("Stripe"). We do not collect, store or have access to your full card details. What we store is limited to:
- A Stripe customer identifier
- A Stripe payment intent identifier for each completed purchase
- The amount, currency and platform fee associated with each purchase
If you list paid events, you onboard to Stripe Connect directly. Your bank details, tax details, identification documents and any KYC information you provide during onboarding are collected and held by Stripe, not by us. We receive only a connected account identifier and a status indicating whether onboarding is complete.
3. Children and minors
Connect is intended for users aged 13 and over. The Connect iOS app enforces a minimum age of 13 at signup. If you are a parent or guardian and believe your child under 13 has given us personal information, please contact us at privacy@connectau.co and we will delete it.
We do not knowingly collect personal information from children under 13.
4. How we use personal information
We use personal information to:
- create and maintain your account
- operate the Platform and deliver its features (events, chats, listings, purchases)
- process payments and payouts (through Stripe)
- send transactional communications (purchase confirmations, event reminders, security alerts)
- send push notifications you have opted in to
- help you connect with other users
- prevent fraud, spam, abuse and violations of our Terms and Conditions
- comply with legal obligations, including responding to lawful requests from authorities
- improve the Platform based on how it is used
- respond to your enquiries and support requests
We do not sell your personal information. We do not use your information for targeted advertising. We do not share your information with advertising networks.
5. Who we share personal information with
We share personal information only with the parties listed below, and only to the extent necessary to operate the Platform.
5.1 Service providers we use
| Provider | Role | Data shared | Location |
|---|---|---|---|
| Stripe Payments Australia Pty Ltd | Payment processing and Stripe Connect | Name, email, purchase amounts; for organisers: full KYC data collected directly by Stripe | Australia, United States |
| Supabase Inc. | Database, authentication, file storage and serverless functions | All account data, content, messages, uploads | United States |
| Google LLC (Firebase Cloud Messaging) | Push notification delivery (iOS) | Device token, notification contents | United States |
| Mapbox Inc. | Reverse geocoding and location services | Approximate coordinates when you use location search | United States |
| Apple Inc. | Sign in with Apple, App Store, APNs | Apple user identifier | United States |
| Vercel Inc. | Web hosting (connectau.co) | IP addresses and request logs | United States |
Each of these providers is contractually required to handle your information securely and only for the purposes we have engaged them for.
5.2 Event organisers
If you buy a ticket to an event, we share your name, profile photo, ticket type and attendance status with the organiser of that event. This is necessary so the organiser can check you in and manage their guest list.
5.3 Other users
Information you choose to make public (your profile, events you publish, messages you send in group chats) is visible to other users according to the context in which you shared it.
5.4 Law enforcement and legal obligations
We may disclose your information if required by law, court order, or to protect the rights, property or safety of Connect, our users or others. We will only disclose information we are legally obliged to disclose.
5.5 Business transfers
If Connect is involved in a merger, acquisition or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
6. Overseas disclosure
Several of our service providers (including Supabase, Stripe, Mapbox, Apple and Google) store or process personal information outside Australia, primarily in the United States. By using the Platform you consent to this overseas disclosure.
We take reasonable steps to ensure that overseas recipients handle your information in a manner consistent with the Australian Privacy Principles, including by entering into standard contractual protections with those providers.
7. How we store and protect personal information
Personal information is stored on secure servers operated by Supabase. We apply industry-standard security controls including:
- Encryption in transit (TLS) for all data exchanged with the Platform
- Encryption at rest for database storage
- Row-level security policies to ensure users can only access data they are authorised to see
- Access controls restricting administrative access to our engineering team
- Secure credential storage for authentication tokens on your device
No system is perfectly secure. If we become aware of a data breach that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.
8. How long we keep personal information
We keep personal information for as long as your account is active and for a reasonable period afterwards to:
- comply with tax, accounting and other legal obligations (typically 7 years for financial records)
- resolve disputes and enforce our agreements
- maintain the integrity of events, chats and other shared content created during your time on the Platform
When you delete your account, we delete your profile information and personal details. Content you posted in shared contexts (for example, messages in a group chat or comments on a public event) may remain visible after account deletion, but will no longer be attributed to you by name.
9. Your rights
Under the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you
- Correct inaccurate or out-of-date personal information
- Delete your account and associated personal information
- Withdraw consent for permissions you previously granted (for example, by changing iOS settings)
- Complain if you believe we have handled your information improperly
You can exercise most of these rights directly within the app (Settings → Account) or by contacting us at privacy@connectau.co. We will respond within 30 days.
If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner:
- Website: www.oaic.gov.au
- Phone: 1300 363 992
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes we will notify you in the app or by email. The "Last updated" date at the top of this policy tells you when the current version took effect. Your continued use of the Platform after an update means you accept the updated policy.
11. Contact us
If you have any questions about this Privacy Policy or how we handle your personal information, please contact:
Privacy Officer Connect Laboratory Pty Ltd PO Box 368, Goodwood SA 5034 Email: privacy@connectau.co