Privacy Policy

• Name and email address
• Password (stored in hashed/encrypted form — we never store plaintext passwords)
• Profile photo
• Phone number (optional)
• Business name, ABN/ACN, business address, service area, trading hours, and business category
• Profile bio, service descriptions, portfolio images, and any other content you add to your profile
• Account preferences and settings

• Name, email address, and profile picture from your Google account (via Google Sign-In)
• Google Calendar event data (when you connect Google Calendar integration)
• Gmail data as needed for email integration features (when you connect Gmail)
• Google Business Profile data (when you connect the Google Business Profile integration)
• OAuth tokens (stored securely to maintain your connected integrations)

• Billing name and address
• Payment card type and last four digits (full card details are handled by our payment processor and never stored by us)
• Transaction history and subscription status

• Messages you send via in-platform contact forms or enquiry tools
• Support communications (emails, tickets)
• Notification preferences

• IP address
• Browser type and version
• Operating system
• Device type and identifiers
• Pages visited, time spent, and actions taken within the Services
• Referring URLs
• Session identifiers and cookie data
• Error logs and crash reports
• API usage data

• Reviews and ratings you submit about businesses
• Photos, comments, or other content you contribute to the platform

• Contact details and business information of referral partners
• Referral activity and commission data
• Partner portal access logs

• Creating and managing your account
• Displaying your business profile and listings on the platform
• Processing transactions and managing subscriptions
• Sending service-related notifications, invoices, and transactional emails
• Facilitating communications between businesses and customers
• Enabling connected Google integrations (Calendar, Gmail, Business Profile)
• Running the partner and referral portal

• Analysing usage patterns to improve features and user experience
• Debugging, testing, and fixing issues
• Developing new features and services
• Conducting internal research and analytics

• Sending service announcements, updates, and security alerts
• Sending marketing communications about our Services (where you have opted in or where permitted by law)
• Responding to your enquiries and support requests

• Detecting, preventing, and responding to fraud, abuse, and security incidents
• Enforcing our Terms of Service and acceptable use policies
• Complying with applicable legal obligations
• Resolving disputes

• Measuring the performance of our marketing campaigns
• Building advertising audiences and enabling retargeting (where permitted)
• Tracking conversions and return on ad spend

When you connect a Google service to PlaceLocal, we collect only the data required for the specific feature you are using. We do not request access to Google data beyond what is necessary.

When you use Google Sign-In, we receive your name, email address, and profile picture. We use this solely to create and manage your PlaceLocal account. We do not access any other Google account data via Sign-In.

When you connect Google Calendar, we may read, create, update, and delete calendar events to support scheduling and appointment features. We do not use your calendar data for any purpose other than providing these features.

When you connect Gmail, we may access your Gmail account to send emails on your behalf (e.g., client communications, invoices) and, where applicable, to read relevant email threads for integrated workflows. Gmail data is used solely for the email features you activate and is never used for advertising or profiling.

When you connect the Google Business Profile integration, we may access and update your business information, respond to reviews, and manage profile data on your behalf. This is done only within the permissions you grant and for the purpose of delivering this feature.

Our use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google data to provide or improve the user-facing features of PlaceLocal
• We do not use Google data to serve advertisements
• We do not allow humans to read your Google data unless you explicitly request support that requires it, it is necessary for security purposes, or we are required to by law
• We do not sell, transfer, or use Google data for purposes unrelated to the features you have enabled

You can revoke PlaceLocal’s access to your Google account at any time through your Google Account Permissions page or within your PlaceLocal account settings. After revocation, we will delete or cease using the associated Google data within a reasonable time, except as required by law.

We use cookies, web beacons, pixel tags, local storage, and similar technologies to operate and improve the Services, remember your preferences, and understand how you interact with our platform.

These cookies are essential for the Services to function. By using the Services, you agree to their use:

• Authentication and session management cookies — maintain your logged-in state securely across the App
• Security cookies — protect against CSRF and session hijacking attacks
• Preference cookies — remember your language, theme, and configuration settings
• Infrastructure cookies — used by our hosting and CDN providers (including Vercel and Supabase) for routing and performance

We use analytics cookies to understand how visitors use the Services. Where required by law, we obtain your consent before placing analytics cookies.

We may deploy third-party advertising cookies, including those from Meta (Facebook Pixel) and Google (Google Ads conversion tracking and remarketing tags). Where required, these are only placed with your consent.

Session cookies expire when you close your browser. Persistent cookies remain on your device for a set period or until you delete them.

You can manage or delete cookies through your browser settings. Disabling strictly necessary cookies will impair the functionality of the Services.

We use Vercel Analytics on our marketing website (https://placelocal.com.au) to collect privacy-focused analytics data, including page views, referral sources, and browser types. For more information, see Vercel’s Privacy Policy.

We may use Google Analytics to collect detailed usage data about visitors to our marketing site. You can opt out using the Google Analytics Opt-out Browser Add-on.

We may deploy the Facebook Pixel on our marketing website. You can manage Meta’s use of your data via Meta Ad Settings.

We may use Google’s conversion tracking tag to measure actions (such as sign-ups or purchases) that occur after a user clicks on one of our Google Ads. This data is used only for campaign optimisation.

We may use session recording tools (such as Hotjar or similar) to record anonymised replays of user sessions to understand usability issues. These tools are configured to automatically mask sensitive fields such as passwords and payment data.

We may introduce additional analytics or advertising technologies in the future. We will update this policy accordingly and, where required, obtain your consent before deployment.

We share information with trusted third-party service providers who assist us in operating the Services:

• Supabase — database, authentication, and backend infrastructure
• Vercel — hosting and edge delivery
• Payment processors — for billing and transaction processing
• Email delivery providers — for transactional and marketing emails
• SMS providers — for notifications and communications features
• Cloud storage providers — for file and media storage
• Analytics providers — as described in Section 7
• Customer support platforms — for managing support tickets

Where you have authorised a Google integration, we share the minimum necessary data with Google APIs to enable that integration. This is subject to Google’s own privacy policies and terms.

Business profile information you choose to make public — including your business name, contact details, location, services, reviews, and photos — will be visible to all visitors of placelocal.com.au and may be indexed by search engines.

If you were referred to PlaceLocal by a referral partner, we may share information about your account status with that partner for the purpose of validating and paying referral commissions. We share only the minimum information necessary for this purpose.

We may disclose your information where required by law, regulation, or legal process, or where we believe in good faith that disclosure is necessary to protect the safety of our users, third parties, or the public, or to protect our rights and property.

In the event of a merger, acquisition, restructure, or sale of all or part of our business, your personal information may be transferred to the successor entity. We will notify you of any such transfer.

We may share your information with third parties where you have given us explicit consent to do so.

• Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
• Encryption at rest — sensitive data stored in our databases is encrypted at rest
• Password hashing — passwords are never stored in plaintext; we use industry-standard hashing algorithms
• Secure authentication — we support Google OAuth 2.0 and email-based authentication with email verification
• Access controls — access to production systems and customer data is restricted to authorised personnel on a need-to-know basis
• Infrastructure security — we rely on enterprise-grade cloud infrastructure (Supabase, Vercel)
• Regular security updates — we keep our software dependencies and infrastructure patched and up to date
• Session management — sessions are securely managed with appropriate expiry and revocation capabilities

• Staff training on data handling and security practices
• Vendor due diligence for third-party service providers
• Incident response procedures for potential data breaches

No method of transmission over the internet or method of electronic storage is 100% secure. In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Privacy Act 1988 (Cth) Notifiable Data Breaches scheme.

You are responsible for maintaining the security of your account credentials and for promptly notifying us of any suspected unauthorised access to your account.

You have the right to request a copy of the personal information we hold about you.

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

You may request that we delete your personal information. We will honour such requests where we are not required by law to retain the information and where deletion is technically feasible.

In certain circumstances, you may have the right to restrict how we process your personal information or to object to certain processing activities.

Where we rely on your consent to process personal information, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

You may opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email we send, or by contacting us at admin@placelocal.com.au.

You can revoke PlaceLocal’s access to your Google account at any time via your Google Account Permissions page.

To exercise any of the above rights, please contact us at admin@placelocal.com.au. We will respond to your request within 30 days.

If you are not satisfied with how we have handled your personal information, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.