Privacy Policy

1. About Us

ChannelSpy is a service operated by Doma Beauty Pty Ltd (ABN 69 667 515 433), a company incorporated in New South Wales, Australia, with its registered office at 95/7-59 Macquarie Street, Sydney NSW 2000, Australia(collectively, "we", "us", or "our"). This Privacy Policy explains how we collect, use, store, and disclose personal information when you access or use the ChannelSpy website and service (the "Service").

We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as applicable international privacy laws including the EU General Data Protection Regulation (GDPR) and the UK GDPR where those laws apply to our processing activities.

2. Information We Collect

We collect the following categories of information:

We do not collect sensitive information (as defined under the Privacy Act) such as health data, racial or ethnic origin, political opinions, or biometric data.

3. How We Collect Information

We collect information directly from you when you create an account, subscribe to the Service, contact our support team, or otherwise interact with the Service. We also collect information automatically through cookies, log files, and similar tracking technologies when you use the Service. Where you authenticate via a third-party provider (such as Clerk), we receive only the profile data that provider shares with us pursuant to its own privacy policy and your consent.

4. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the Service;
• Process subscription payments and manage your account;
• Send transactional communications (receipts, password resets, service notices);
• Send marketing communications where you have opted in (you may opt out at any time);
• Analyse usage patterns to improve the Service;
• Detect, prevent, and investigate fraud, abuse, or security incidents;
• Comply with legal obligations.

Where we rely on legitimate interests as our legal basis under the GDPR, those interests are the operation of a commercial service and the prevention of fraud. You may object to processing based on legitimate interests by contacting us at [email protected].

5. Cookies and Tracking Technologies

We use strictly necessary cookies to maintain your authenticated session. We may also use analytics cookies (such as those provided by a privacy-respecting analytics service) to understand aggregate usage patterns. We do not use advertising cookies or sell your data to third-party advertisers. You can disable cookies in your browser settings; however, doing so may prevent you from using certain features of the Service.

6. Disclosure of Your Information

We may share your information with:

• Stripe, Inc. — for payment processing. Stripe's privacy policy is available at stripe.com/privacy.
• Clerk, Inc. — for authentication services. Clerk's privacy policy is available at clerk.com/legal/privacy.
• Infrastructure providers — cloud hosting and database services necessary to operate the Service, bound by data processing agreements.
• Law enforcement or regulators — where required by law, court order, or to protect our legal rights.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

7. International Data Transfers

We are based in Australia and our infrastructure providers may process data in the United States, the European Economic Area, and other jurisdictions. Where personal data is transferred outside Australia, we take reasonable steps to ensure the recipient upholds privacy standards comparable to the Australian Privacy Principles, including through contractual protections such as Standard Contractual Clauses where required under the GDPR.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Upon account deletion, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal, tax, or regulatory purposes (typically up to 7 years for financial records under Australian law).

9. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. If you are in the EU or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

10. Security

We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These include encrypted data transmission (TLS), hashed credentials, and access controls. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected] and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and/or by posting a prominent notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal information, please contact our Privacy Officer:

If you are located in Australia and are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.