Australia addendum (Privacy Act 1988 + APP)
This addendum supplements our baseline Privacy Policy for users in Australia under the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs). It reflects the staged Privacy Act reforms introduced from late 2024.
1. APP highlights
- APP 1 — this notice and our baseline policy.
- APP 5 — collection notification (provided at or before the time of collection in the app, banner, and host invitation).
- APP 6 — we use personal information only for the primary purpose, or for a directly related secondary purpose the user would reasonably expect.
- APP 8 — cross-border disclosures: we are accountable for overseas recipients (Stripe, Sentry, AWS, Hetzner, etc.) and use contractual safeguards.
- APP 11 — security: TLS, encryption at rest, access controls, incident response inside 72 hours.
- APP 12 / 13 — access and correction on request, free of charge for routine requests.
2. Sensitive information & biometrics
Biometric information (face vectors for the optional face-grouping feature) is sensitive information under the Act and processed only with affirmative consent collected by the event host. From the 2024 reforms a statutory tort for serious invasions of privacy applies; we treat any non-consensual use of biometric grouping as out of scope.
3. Notifiable Data Breaches scheme
We comply with the NDB scheme (Part IIIC of the Privacy Act). Eligible breaches are reported to affected individuals and the OAIC as soon as practicable, generally within 72 hours of awareness.
4. Children
We treat consumers under 18 with extra care; under 16 we follow GDPR-K-equivalent protections, and from the 2024 reforms onwards we comply with the developing Children's Online Privacy Code.
5. Complaints
Contact us first at [email protected]. If you remain dissatisfied you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.