PowerBuy Privacy Policy
Effective date: 9 June 2026
This policy explains how the operator of PowerBuy collects, holds, uses and discloses personal information. PowerBuy intends to manage information consistently with the Privacy Act 1988 (Cth) and Australian Privacy Principles where they apply.
1. Information we collect
We may collect account and identity information such as name, email address, telephone number, postcode, authentication records and account preferences; supplier information such as business contacts, ABN, licences, insurance and offer evidence; activity information such as saved deals, referrals, redemptions and support requests; and technical information such as device, browser, IP-derived security signals, timestamps and audit events.
We do not ask users to provide payment-card details to PowerBuy during the MVP. Suppliers must not upload unnecessary personal, health, government identifier or financial information as evidence.
2. How information is collected
Information is collected directly through registration, supplier applications, deal submissions, redemptions, surveys and support. We also collect limited security and usage data automatically. A referral may tell us that an existing member invited another person, but the invited person must register and provide their own information.
3. Why we use information
We use information to provide and secure accounts, operate the deal marketplace, verify suppliers and offers, issue and validate single-use redemption codes, calculate commission, prevent fraud, communicate service messages, respond to complaints, improve the platform, comply with law and enforce our terms. Marketing is sent only where permitted and can be unsubscribed from without closing the account.
4. Disclosures
We disclose information to suppliers only as needed to redeem and verify an offer. A supplier does not receive a member's password, authentication factors or unrelated marketplace activity. We may disclose information to contracted hosting, database, email, monitoring, analytics and professional advisers; regulators, law enforcement or courts when legally required; and a purchaser or successor as part of a properly managed business transaction.
5. Overseas processing
Some service providers may process data outside Australia. Before launch, PowerBuy will publish the countries reasonably likely to receive information based on the final hosting, monitoring and email configuration. The current development database is not approved for public personal information and must be replaced by the designated production environment.
6. Storage, security and retention
PowerBuy uses access controls, multi-factor authentication for administrators, encrypted transport, database row-level security, private evidence storage, audit logs and backups. No system is risk-free. Information is retained only for operational, dispute, accounting and legal purposes, then deleted or de-identified under the retention schedule. Redemption and commission records may need to be retained longer than an inactive profile.
7. Access and correction
You may request access to or correction of personal information by contacting the privacy officer. We may verify identity first. If access or correction is refused where legally permitted, we will explain the reason and available complaint options.
8. Marketing and notifications
Transactional messages needed for account security, redemption and service administration are not optional while an account remains active. Promotional email or SMS requires the applicable consent and includes sender identification and a working unsubscribe method.
9. Data breaches
PowerBuy maintains an incident-response process. Suspected breaches are assessed promptly. If an eligible data breach is likely to cause serious harm and remedial action cannot prevent that risk, affected individuals and the Office of the Australian Information Commissioner will be notified as required.
10. Complaints
Send privacy complaints to the privacy contact published on the final PowerBuy domain. We aim to acknowledge complaints within five business days and provide a substantive response within 30 days. If unresolved, you may be entitled to complain to the OAIC.
11. Changes
Material changes will be dated and communicated where appropriate. We will not materially change how existing information is used without considering whether new notice or consent is required.
Guidance basis: OAIC Australian Privacy Principles Guidelines and Notifiable Data Breaches scheme.