Privacy Policy — TraxRewards

1. Who we are

TraxRewards is a digital loyalty platform operated by Computer Guardians (computerguardians.com.au), a business based in Victoria, Australia. In this policy, "we", "us" and "our" refer to Computer Guardians.

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you are a customer of a business that uses TraxRewards, that business is the primary holder of your loyalty data, and we process it on their behalf as a service provider.

2. What information we collect

Customer accounts (loyalty card holders)

Your name and email address.
A mobile phone number, if you choose to provide one.
Your loyalty activity — visits, stamps, rewards earned and redeemed.
The business(es) whose loyalty card you have joined.
Technical data needed to keep your account secure: hashed password, IP address, browser type, session timestamps.

Business operators & staff

Contact name, business name, email, phone, industry, number of locations.
Login credentials and staff role assignments.
Billing information needed to process subscription fees.

Sales enquiries

Anything you submit through the contact form on our website, plus the IP address and user-agent of the submission (to prevent spam and abuse).

3. How we collect it

We collect personal information directly from you when you sign up, contact us, or use the platform. In some cases the business operator whose loyalty card you have joined may add your details on your behalf (for example, when assisting you at the counter). Where this happens, the business is responsible for ensuring you have agreed to share that information with them.

4. Why we use it

We use personal information to:

Create and maintain your loyalty account or admin account.
Record stamps, calculate rewards and surface promotions inside your loyalty card.
Send transactional emails — account confirmation, password reset, reward notifications.
Send marketing or promotional messages only with your consent, with an easy opt-out in every message.
Provide customer support and respond to enquiries.
Keep the platform secure — detect fraud, abuse, double-stamping, brute-force login attempts.
Comply with our legal obligations (tax records, lawful requests from authorities).
Improve the service through aggregated, de-identified analytics.

5. Who we share it with

We share personal information only as follows:

The business whose card you have joined — they can see the loyalty activity tied to their program.
Service providers who help us run TraxRewards, under contract and only for that purpose. These include hosting and storage (Amazon Web Services, ap-southeast-2 Sydney region) and email delivery (Amazon SES).
Professional advisors (lawyers, accountants, insurers) where reasonably necessary.
Law enforcement or government agencies when required by Australian law, a court order, or to protect the rights, property or safety of any person.
Successors in the event of a merger, acquisition or sale of business assets — subject to the buyer agreeing to honour this policy.

We do not sell your personal information to anyone.

6. Where we store data

Personal information is stored on servers located in Australia (AWS Sydney, ap-southeast-2). Some service providers (for example, transactional email) may process limited information in other regions in the ordinary course of operating their service. When this happens, we use providers that offer contractual protections consistent with Australian Privacy Principle 8.

7. How we protect it

All traffic between your device and our servers is encrypted in transit (HTTPS / TLS).
Passwords are stored as one-way hashes — we cannot read them, even on our own systems.
Admin access is role-based; staff can only see what their role requires.
Loyalty stamps are signed and audit-logged to prevent tampering.
Backups are encrypted and access-controlled.

No system is perfectly secure. If a data breach occurs that is likely to cause serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme.

8. How long we keep it

Active accounts — for as long as the account exists.
Closed accounts — personal identifiers are removed within 90 days. Anonymised, aggregated statistics may be kept indefinitely.
Sales enquiries — up to 24 months from the last interaction.
Billing & tax records — at least 7 years, as required by Australian tax law.

9. Your rights

Under Australian privacy law you have the right to:

Access the personal information we hold about you.
Correct information that is inaccurate, out of date or incomplete.
Delete your account and the personal information tied to it. You can do this yourself from your account page, or by emailing us.
Withdraw consent for marketing at any time — every marketing email includes an unsubscribe link.
Complain if you believe we have mishandled your information (see below).

To exercise any of these rights, email support@traxrewards.com. We will respond within 30 days and may need to verify your identity before acting on the request.

10. Cookies & analytics

TraxRewards uses a small number of strictly necessary cookies to keep you logged in and to protect forms against cross-site request forgery. We do not use third-party advertising or behavioural-tracking cookies. If we add basic privacy-respecting analytics in future, we will update this policy first.

11. Children

TraxRewards is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with their information, please contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the latest revision. Where changes materially affect how we use your personal information, we will notify you by email or via a notice in the app before the change takes effect.

13. How to contact us

Privacy Officer — Computer Guardians
Operator of TraxRewards
Email: support@traxrewards.com
Web: computerguardians.com.au

If you are not satisfied with our response to a privacy complaint, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.