Privacy Policy
Last updated Jun 4, 2026.
UBRINGIT — PRIVACY POLICY
Last updated: 04/June/2026
This Privacy Policy explains how [BUSINESS NAME] [ABN/COMPANY NUMBER] ("we", "us", "our") collects, uses, shares, and protects personal information when you use Ubringit (the "Service"). It is written to address the Australian Privacy Act 1988 and Australian Privacy Principles (APPs), the EU and UK General Data Protection Regulation (GDPR/UK GDPR), the California Consumer Privacy Act as amended (CCPA/CPRA), and comparable laws. Where a specific law gives you rights, those rights apply to you regardless of other parts of this policy.
If you do not agree with this policy, please do not use the Service.
1. WHO WE ARE (DATA CONTROLLER)
[BUSINESS NAME] is the controller responsible for your personal information. You can contact us about privacy at [CONTACT EMAIL] or [POSTAL ADDRESS].
[IF YOU TARGET EU/UK USERS WITHOUT AN ESTABLISHMENT THERE: Our representative for GDPR purposes is [EU/UK REPRESENTATIVE NAME AND CONTACT]. — Your lawyer will advise whether you need this under Article 27 GDPR.]
2. WHAT WE COLLECT
Information you give us:
- account details: your name, email address, and password (stored only as a secure hash);
- profile details you choose to add, such as a display name, bio, or avatar image;
- event information you create: titles, descriptions, dates, locations, items, and messages;
- details of people you invite, such as their name and email address, which you provide to us so we can deliver invitations and coordinate your event;
- bug reports or suggestions you submit;
- payment-related information when you subscribe to a paid plan. Card details are handled directly by our payment processor (Stripe); we do not store your full card number.
Information we collect automatically:
- technical information needed to run and secure the Service, such as your IP address, browser and device information, and activity logs (for example sign-in and security events);
- cookies and similar technologies that are strictly necessary to keep you signed in, remember preferences, and protect against fraud and cross-site request forgery.
We do not intentionally collect special categories of data (such as health, religion, or biometric data) and ask that you do not submit them.
3. HOW WE USE INFORMATION, AND OUR LAWFUL BASIS
We use personal information to:
- create and manage your account and provide the Service;
- send invitations, reminders, and notifications related to your events;
- process subscription payments and manage billing;
- keep the Service secure, prevent abuse, and investigate breaches of our Terms;
- respond to your enquiries and provide support;
- comply with our legal obligations.
For users protected by the GDPR/UK GDPR, our lawful bases for processing are:
- Performance of a contract — to provide the Service you have signed up for (accounts, events, invitations, payments).
- Legitimate interests — to secure the Service, prevent fraud and abuse, and improve reliability, balanced against your rights.
- Consent — where we ask for it (for example, optional communications or any non-essential cookies). You can withdraw consent at any time.
- Legal obligation — to meet tax, accounting, and other legal requirements.
We do not sell your personal information. We do not use it for third-party advertising, and we do not carry out automated decision-making or profiling that produces legal or similarly significant effects about you.
4. WHEN WE SHARE INFORMATION
We share personal information only as needed to run the Service:
- with other users as part of how the Service works (for example, your name and event details are visible to people you invite, and hosts can see the RSVP status of their guests);
- with service providers ("processors") who help us operate, including our payment processor (Stripe), email delivery provider, mapping provider, and hosting provider, who process information on our behalf under contract;
- in connection with a business sale, merger, or restructure, subject to this policy;
- where required by law, or to protect our rights, users, or the public.
5. INTERNATIONAL DATA TRANSFERS
We are based in Australia, and some of our service providers are located in other countries (for example, the United States and the European Union). This means your personal information may be transferred to, stored in, or processed in countries other than your own, which may have different data-protection laws.
Where we transfer personal information out of the EEA or the UK, we rely on an appropriate safeguard such as the European Commission's Standard Contractual Clauses (and the UK Addendum), an adequacy decision, or another lawful transfer mechanism. You can ask us for more detail about the safeguards that apply by contacting [CONTACT EMAIL].
6. HOW WE PROTECT INFORMATION
We take reasonable technical and organisational measures to protect personal information, including encrypted connections (HTTPS), hashed passwords, access controls, rate limiting, optional two-factor authentication, security headers, and regular backups. No system is perfectly secure, but we work to reduce risk and to respond promptly to any incident. Where the law requires, we will notify affected individuals and the relevant regulator of a personal-data breach within the applicable timeframe.
7. HOW LONG WE KEEP INFORMATION
We keep personal information for as long as your account is active and as needed to provide the Service, comply with legal obligations (such as tax and accounting records), resolve disputes, and enforce our agreements. When information is no longer needed, we take reasonable steps to delete or de-identify it. Backups are rotated and aged out over time, so deleted data may persist in backups for a limited period before being overwritten.
8. YOUR PRIVACY RIGHTS
Depending on where you live, you may have some or all of the following rights. We honour these rights for all users where practicable.
- Access — request a copy of the personal information we hold about you. You can download your data at any time from your account settings.
- Correction / rectification — ask us to correct inaccurate or incomplete information. Most details can be edited in your account.
- Deletion / erasure — ask us to delete your account and personal information. You can delete your account yourself from your account settings.
- Portability — receive your data in a structured, commonly used, machine-readable format (we provide a JSON export).
- Restriction and objection — ask us to limit or stop certain processing, including processing based on legitimate interests.
- Withdraw consent — where we rely on consent, withdraw it at any time, without affecting prior processing.
- Non-discrimination — we will not deny service or charge you differently for exercising your rights.
To exercise any right, use your account settings where available, or contact us at [CONTACT EMAIL]. We will respond within the time required by applicable law. We may need to verify your identity first.
For California residents (CCPA/CPRA): in the past 12 months we collect the categories of personal information described in Section 2 (identifiers, customer records, commercial/transaction information, internet activity, and approximate location). We use and disclose these as described above. We do not "sell" or "share" personal information as those terms are defined under California law. You have the right to know, delete, correct, and limit the use of your information, and the right not to be discriminated against for exercising these rights.
9. INVITEES AND THIRD PARTIES
If you invite someone or add their details, you confirm you are entitled to provide that information to us for the purpose of coordinating your event, and that you will handle their information responsibly. We use invitee details only to deliver invitations and run the relevant event. If you are an invitee and want your details removed, contact the event host or us at [CONTACT EMAIL].
10. COOKIES
We use cookies and similar technologies that are strictly necessary to operate the Service — for example, to keep you signed in, remember preferences such as your theme, and protect against cross-site request forgery. These do not require consent under most laws. If we ever introduce non-essential cookies (such as analytics), we will request your consent first where required and update this policy and our cookie controls accordingly. We do not use cookies for third-party advertising.
11. CHILDREN
The Service is intended for adults and is not directed at children. We do not knowingly collect personal information from anyone under 18 (or the age of digital consent in your country, where higher). If you believe a child has provided us information, contact us and we will take steps to delete it.
12. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date and, where the change is significant, take reasonable steps to notify you.
13. CONTACT AND COMPLAINTS
For privacy questions or to exercise your rights, contact [CONTACT EMAIL].
If you are not satisfied with our response, you may complain to a data-protection authority:
- Australia: the Office of the Australian Information Commissioner (OAIC), www.oaic.gov.au.
- European Union: your national supervisory authority (a list is maintained by the European Data Protection Board).
- United Kingdom: the Information Commissioner's Office (ICO), www.ico.org.uk.
- Other regions: your local privacy regulator.