Privacy Policy

Effective date: 1 April 2026 · Last updated: 12 April 2026

Australian Privacy Score ("we", "us", "our") is committed to protecting your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what information we collect, how we use it, and your rights.

1. What Information We Collect

We collect minimal personal information:

  • Usage data: Page views, referrer URLs, and browser type collected by Vercel Analytics in aggregate form. No individual user profiles are created.
  • API key email: If you request a public API key, we collect your email address to deliver the key and send service communications. This is voluntary.
  • Dispute submissions: If you submit a dispute about a score, we collect your name, email, and the information you provide in the submission.

We do not use cookies for tracking, advertising, or cross-site profiling.

2. How We Use Your Information

  • To deliver the API key you requested
  • To respond to disputes and score correction requests
  • To understand aggregate usage patterns and improve the platform
  • To comply with legal obligations

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Third-Party Services

We use the following third-party services to operate the platform:

  • Vercel— hosting and edge delivery. Processes request metadata (IP addresses, headers) in accordance with Vercel's privacy policy.
  • Supabase — database and authentication. Score and entity data is stored on Supabase-managed PostgreSQL hosted in Australia (Sydney region where available).
  • Resend — transactional email delivery for API key and dispute notifications. Email addresses are transmitted to Resend only for sending.

4. Agency Client Data

When organisations engage us for a paid privacy assessment, they may provide additional documents and information beyond what is publicly available. This data:

  • Is used solely for the purpose of conducting the assessment and delivering the report
  • Is not added to the public leaderboard database unless the organisation expressly consents
  • Is retained only for the duration of the engagement plus a 90-day dispute window, then securely deleted
  • Is not shared with any third party without the client's written consent, except as required by law

5. Your Rights

Under the Australian Privacy Act, you have the right to:

  • Request access to personal information we hold about you (APP 12)
  • Request correction of inaccurate or incomplete information (APP 13)
  • Lodge a complaint with us or with the OAIC

To exercise these rights, contact us at the address below. We will respond within 30 days.

6. Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. Measures include encrypted connections (TLS), row-level security on the database, and access controls restricted to authorised personnel.

7. Contact & Complaints

For privacy enquiries or complaints, contact us at:

[email protected]

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

8. Changes to This Policy

We may update this policy from time to time. Material changes will be indicated by an updated effective date above. Continued use of the platform after changes constitutes acceptance of the revised policy.

← Back to leaderboard