Privacy Policy

1. Introduction

Welcome to AussieStart ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

AussieStart operates as a marketplace connecting backpackers with job opportunities and accommodation in Australia. Our platform serves two main user groups:

• Backpackers: Users seeking jobs and accommodation through subscription-based access
• Providers: Employers and accommodation owners who post listings for free

By using AussieStart, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

2.1 Account Registration Information

When you create an account, we collect:

• Full name
• Username (unique identifier)
• Email address
• Password (encrypted)
• Nationality
• Date of birth
• Phone number (optional)

2.2 Identity Verification

For platform safety and trust, we require:

• Government-issued ID document (passport, driver's license, or national ID)
• Selfie or photo for verification purposes
• Proof of business registration (for providers only)

Security Note: ID documents are encrypted and stored securely. They are never shared publicly and are only accessed by authorized verification staff.

2.3 Profile Information

Users may provide additional information:

• Profile picture
• Bio/description
• Work experience and education
• Skills and certifications
• Language proficiency
• Visa type and expiry date
• Location preferences

2.4 Subscription and Payment Data

We collect information related to your subscription:

• Subscription plan (Membership €4.99, Premium €9.99, or Exclusive €14.99)
• Subscription status and renewal dates
• Account balance for application fees
• Transaction history (balance top-ups and application fee deductions)
• Stripe customer ID (payment processing)

Important: We do NOT store credit card details. All payment processing is handled securely by Stripe.

2.5 Usage Information

We automatically collect:

• Job searches and applications submitted
• Accommodation searches and inquiries
• Saved jobs and accommodations
• Messages between users
• Login times and frequency
• Pages viewed and features used

2.6 Technical Information

• IP address and location data
• Device type and operating system
• Browser type and version
• Screen resolution and device identifiers
• Cookies and similar tracking technologies

2.7 Provider-Specific Information

Providers additionally submit:

• Company name and registration details
• Business verification documents
• Job listings (title, description, requirements, salary)
• Accommodation listings (property details, pricing, photos)
• Contact information for applicants

3. How We Use Your Information

Purpose	Data Used	Legal Basis
Account creation and management	Registration information, profile data	Contract performance
Identity verification	ID documents, verification photos	Legal compliance, legitimate interests
Subscription management	Subscription tier, payment data, renewal dates	Contract performance
Processing application fees	Account balance, transaction history	Contract performance
Job application facilitation	Profile, resume, application details	Contract performance
Accommodation booking	Profile, inquiry details, dates	Contract performance
Payment processing	Stripe customer ID, transaction amounts	Contract performance
Platform improvement	Usage patterns, feature engagement	Legitimate interests
Fraud prevention	Account activity, IP addresses, device info	Legal compliance, legitimate interests
Customer support	Contact information, account details	Contract performance
Marketing communications	Email address, preferences	Consent, legitimate interests

3.1 Application Fee System

Our platform uses a pre-paid balance system for job and accommodation applications:

• Users top up their account balance via Stripe
• Application fees are automatically deducted from the balance
• Fee amounts vary by subscription tier:
  • Membership: €1.00 per application
  • Premium: €0.50 per application
  • Exclusive: €0.25 per application
• We track all balance transactions for transparency and audit purposes

4. Payment Information

4.1 Payment Processing

All payment processing is handled by Stripe, Inc., a PCI DSS Level 1 certified payment processor. We never store your complete credit card information on our servers.

4.2 What We Store

• Stripe Customer ID (encrypted identifier)
• Subscription status and billing dates
• Account balance amount
• Transaction history (top-ups and deductions)
• Last 4 digits of card (via Stripe, for reference only)

4.3 Payment Security

Your payment security is ensured through:

• Stripe's PCI DSS Level 1 compliance
• 256-bit SSL encryption for all transactions
• Tokenization of payment methods
• Fraud detection and prevention systems
• Secure HTTPS connections for all payment pages

4.4 Subscription Billing

For subscription management:

• Monthly subscriptions auto-renew unless cancelled
• Billing occurs on the same day each month
• Upgrade charges are processed immediately with prorated amounts
• Downgrades take effect at the end of the current billing period
• Cancellations process immediately, ending subscription access

5. Information Sharing

5.1 With Other Users

Job Applications: When you apply for a job, the employer receives:

• Your profile information
• Contact details
• Resume and cover letter
• Work history and skills

Accommodation Inquiries: When you inquire about accommodation, the provider receives:

• Your profile information
• Contact details
• Requested dates and guest count
• Special requests or questions

Provider Listings: Public information includes:

• Company/property name
• Job/accommodation details
• Location information
• Contact methods

5.2 With Service Providers

We share data with trusted third parties who assist us:

• Stripe: Payment processing and subscription management
• MC-Host24: Server hosting and infrastructure
• Email Services: Transactional and notification emails
• Analytics Tools: Platform usage and improvement (anonymized)
• Verification Services: Identity verification for user safety

5.3 For Legal Compliance

We may disclose information when required to:

• Comply with laws, regulations, or legal processes
• Respond to lawful government requests
• Enforce our Terms and Conditions
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Protect users' safety or rights

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and platform notice before your information becomes subject to a different privacy policy.

6. Data Security

6.1 Technical Safeguards

• 256-bit SSL/TLS encryption for data transmission
• AES-256 encryption for sensitive data at rest
• Bcrypt password hashing (industry standard)
• Regular security audits and penetration testing
• Intrusion detection and prevention systems
• Automated backup systems with encryption
• Secure database access controls

6.2 Organizational Safeguards

• Limited access to personal data (need-to-know basis)
• Employee confidentiality agreements
• Security awareness training
• Incident response procedures
• Regular security policy reviews

6.3 Your Security Responsibilities

Help us protect your account by:

• Using a strong, unique password
• Never sharing your password
• Logging out on shared devices
• Reporting suspicious activity immediately
• Keeping your contact information current
• Being cautious with information shared with other users

6.4 Data Breach Protocol

In the unlikely event of a data breach:

• We will investigate and contain the breach immediately
• Affected users will be notified within 72 hours
• We will report to relevant authorities as required by law
• We will provide guidance on protective measures
• We will offer support services as appropriate

7. Data Retention

7.1 Active Accounts

While your account is active, we retain all your data to provide services.

7.2 Account Deletion

When you delete your account:

• Immediate deletion: Login credentials, profile picture
• 30 days: Personal messages, search history
• 90 days: Application history, saved items
• 7 years: Financial records (legal requirement)
• Indefinitely: Anonymized usage statistics

7.3 Financial Data Retention

We retain financial data for:

• Tax compliance (7 years minimum)
• Audit purposes
• Dispute resolution
• Fraud prevention

7.4 Legal Holds

Data may be retained longer if required by:

• Ongoing legal proceedings
• Regulatory investigations
• Dispute resolution processes
• Law enforcement requests

8. Your Rights

8.1 Access and Portability

• Access: Request a copy of your personal data
• Data Export: Download your data in a portable format (JSON/CSV)
• Account Dashboard: View and manage your information anytime

8.2 Correction and Updates

• Update profile information directly in settings
• Correct inaccurate information
• Complete incomplete data
• Request manual corrections via support

8.3 Deletion Rights

• Account Deletion: Delete your entire account
• Selective Deletion: Remove specific data (e.g., old applications)
• Right to be Forgotten: Request complete data removal (subject to legal retention requirements)

8.4 Subscription Management

• Cancel subscription anytime (immediate effect)
• Upgrade or downgrade plans
• View billing history
• Manage payment methods via Stripe

8.5 Marketing Preferences

• Opt out of promotional emails (unsubscribe link)
• Manage notification preferences
• Control communication channels

Note: You will still receive essential service emails (receipts, security alerts, policy updates).

8.6 Object and Restrict

• Object: Object to processing based on legitimate interests
• Restrict: Request restricted processing in certain situations
• Withdraw Consent: Withdraw consent for consent-based processing

8.7 How to Exercise Rights

To exercise any of these rights:

• Email: privacy@aussiestart.com
• Account Settings: Manage most settings directly
• Support Center: Submit a formal request

We will respond within 30 days and may require identity verification.

9. Cookies and Tracking

9.1 Essential Cookies

Required for platform functionality:

• Session authentication
• Security features
• User preferences
• Shopping cart functionality

9.2 Analytics Cookies

Used to improve our services:

• Page views and navigation patterns
• Feature usage statistics
• Error tracking and debugging
• Performance monitoring

9.3 Managing Cookies

• Browser settings: Configure cookie preferences
• Cookie banner: Accept or reject non-essential cookies
• Privacy settings: Manage tracking preferences

Note: Blocking essential cookies may affect platform functionality.

9.4 Third-Party Tracking

We use limited third-party services:

• Stripe (payment processing)
• Analytics tools (anonymized data)

We do NOT use:

• Advertising networks
• Social media tracking pixels
• Cross-site tracking

10. International Data Transfers

10.1 Data Storage Locations

Your data is primarily stored in:

• Primary: Germany (EU) - MC-Host24 servers
• Backups: EU data centers
• Payment Processing: Stripe (global infrastructure with EU safeguards)

10.2 GDPR Compliance

For European users, we ensure:

• Data processed within EU where possible
• Standard Contractual Clauses for third-party transfers
• Adequacy decisions respected
• Right to lodge complaints with supervisory authorities

10.3 Australian Privacy Principles

We comply with Australian Privacy Act 1988 requirements:

• Open and transparent management of personal information
• Anonymity and pseudonymity options where practical
• Collection of solicited personal information
• Dealing with unsolicited personal information
• Use and disclosure requirements

10.4 Cross-Border Transfer Safeguards

• Encryption during transmission
• Contractual protections with service providers
• Regular compliance audits
• User notification of transfer destinations

11. Children's Privacy

AussieStart is intended for users aged 18 and older. We do not knowingly collect information from individuals under 18.

If we discover that a child under 18 has provided personal information:

• We will delete the account immediately
• We will delete all associated data
• We will notify the email address on file
• We will not use or share the information

If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@aussiestart.com.

Age Verification: We require government-issued ID verification, which helps ensure users meet age requirements.

12. Policy Changes

12.1 Notification Methods

We will notify you of material changes via:

• Email to your registered address
• Prominent notice on the platform homepage
• In-app notification
• Updated "Last Modified" date at the top of this policy

12.2 Advance Notice

• Minor updates: Effective immediately upon posting
• Material changes: 30 days advance notice
• Changes affecting rights: Email notification required

12.3 Your Options

After notification of changes:

• Continue using the platform (acceptance of new terms)
• Contact us with concerns or questions
• Delete your account if you disagree
• Export your data before deletion

12.4 Version History

Previous versions of this policy are available upon request at privacy@aussiestart.com.

13. Contact Us

13.1 Privacy Inquiries

Email: privacy@aussiestart.com

Response Time: Within 48 hours for urgent matters, 5 business days for general inquiries

13.2 Data Protection Officer

For GDPR-related matters:

Email: dpo@aussiestart.com

Address: Data Protection Officer, AussieStart, [Address to be added upon official launch]

13.3 Support Channels

• General Support: support@aussiestart.com
• Technical Issues: tech@aussiestart.com
• Legal Matters: legal@aussiestart.com

13.4 Supervisory Authorities

EU Users: You have the right to lodge a complaint with your local data protection authority.

Australian Users: Office of the Australian Information Commissioner (OAIC)

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

13.5 Additional Resources

• Terms & Conditions
• Imprint
• Help Center
• Manage Subscription