CoastPerks
Get started

Privacy Policy

Last updated May 26, 2026.

CoastPerks manages personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what we collect, how we use and protect it, when we disclose it, and how you can access, correct, export, or request deletion of your information.

What we collect

  • Account details such as email address, Supabase authentication identifiers, session metadata, and role.
  • Profile, consent, and merchant details such as name, business information, approval status, deal listings, uploaded deal media, saved deals, claim records, and privacy request records.
  • Optional browser location information when you choose to enable nearby-deal features. We record your location consent status and timestamp, but we do not continuously track your location in the background.
  • Newsletter email addresses and consent records when you subscribe to marketing updates.
  • Technical and security data such as IP-derived rate-limit keys, request metadata, audit logs, and abuse prevention events.

How we collect it

We collect information directly from you when you create an account, manage a merchant listing, upload deal media, save or claim a deal, subscribe to updates, submit a privacy request, or contact us. We also collect limited technical data through Supabase Auth, server logs, browser cookies, and local storage needed to keep you signed in, remember consent choices, protect the service, and operate the site.

Why we collect it

We use personal information to authenticate users, keep trusted shopper, merchant, and admin roles separate, show relevant nearby deals, let merchants manage listings, process saved deals and claim flows, respond to privacy and support requests, maintain security, prevent abuse, comply with legal obligations, and send marketing only where we have consent or another lawful basis to do so.

Disclosure

We do not sell personal information. We disclose it only where needed to operate CoastPerks, including to Supabase, hosting, storage, email, security, analytics, and support providers; to merchants and shoppers where a feature naturally requires it; to professional advisers; or to regulators, courts, law enforcement, or other parties where required or authorised by Australian law. Deal content that merchants publish may be visible to the public.

How we protect it

All backend communication uses HTTPS. Access is restricted with Supabase authentication, role checks, and row-level security. Sensitive writes are validated and rate-limited through server API routes. Server-only credentials are kept out of browser code, and audit logs are used to help investigate security, account, and merchant-management events.

Overseas disclosure

Supabase and infrastructure providers may process personal information in Australia, the United States, the European Union, and other regions where their cloud, support, security, or backup services operate. Before we use providers that may receive personal information overseas, we review their security controls and contractual privacy commitments and take reasonable steps to require APP-aligned handling.

Retention & requests

We retain account, merchant, deal, consent, and claim records while your account is active or while needed to provide the service. Inactive account data is reviewed at 24 months and may be deleted or de-identified unless legal, security, dispute, accounting, or audit obligations require longer retention. Security, privacy request, consent, and audit logs are generally retained for up to 12 months unless they are needed for an investigation or legal obligation. Backup copies may remain for a limited period before automatic expiry. You can request access, correction, export, or deletion by emailing support@coastperks.example, or by using the Privacy Center in your account dashboard.

Access, correction, and deletion

We may need to verify your identity before acting on a request. We do not charge you to make an access or correction request, and we do not charge you to correct personal information. If we refuse a request, we will explain why where reasonable and tell you how to complain. Account deletion can remove your account and owned content, but some records may be retained or de-identified where required for security, legal, audit, or fraud prevention reasons.

Response time & complaints

We acknowledge privacy requests and complaints within 3 business days and aim to complete access, correction, export, deletion, and complaint responses within 30 calendar days. If you are not satisfied after giving us a reasonable opportunity to respond, you can contact the Office of the Australian Information Commissioner at oaic.gov.au/privacy/privacy-complaints.

Marketing communications

We send marketing emails only where consent or another lawful basis applies. Marketing messages identify CoastPerks, include contact details, and provide a clear unsubscribe option. We action unsubscribe requests as soon as practical and within 5 working days.

Data breaches

If we suspect a data breach, we will contain and assess it promptly. Where the Notifiable Data Breaches scheme requires notification because serious harm is likely, we will notify affected individuals and the Office of the Australian Information Commissioner as soon as practicable.

Automated features

CoastPerks uses search, filters, location-based sorting, and merchant approval workflows to operate the service. We do not currently use personal information to make solely automated decisions that are expected to significantly affect your rights or interests. If that changes, we will update this policy before using those features.