1. Who We Are
TreatTracker is a location-based mobile application that connects customers with nearby ice cream and coffee vans operating in Western Australia. References to "we", "us" or "our" refer to TreatTracker and its operators.
2. Information We Collect
Vendor accounts: Business name, contact email address (stored encrypted), and password (stored as a one-way cryptographic hash — never in readable form). Vendor GPS coordinates are collected only while the vendor has manually activated live tracking.
Customer location: Your approximate device GPS coordinates are used solely to calculate distances to nearby vans and display them on the map. Customer location data is processed in-session only and is
never stored on our servers.
Usage data: Anonymous interaction counts (profile views, likes) are collected to provide vendors with performance metrics. These are not linked to individual users.
3. How We Use Your Information
We collect and use personal information only for the purposes for which it was provided:
• To display live van locations to nearby customers
• To allow vendors to manage their listing, GPS broadcasting, and customer interactions
• To send transactional emails (account creation confirmation, password reset) to vendors
• To improve app performance through anonymised analytics
4. Legal Basis & Compliance
TreatTracker operates in accordance with the
Privacy Act 1988 (Cth) and the
Australian Privacy Principles (APPs), as amended by the Privacy and Other Legislation Amendment Act 2024. Location data is treated as personal information under Australian law and is handled accordingly.
5. GPS & Location Data
Vendor GPS data is broadcast in real time to users of the app while the vendor has live tracking enabled. Vendors consent to this broadcast by activating tracking. Location data is stored only as the vendor's current position — no historical route data is retained.
Customer location is accessed only with explicit device permission and is used solely to calculate proximity. It is never transmitted to our servers or shared with third parties.
6. Data Storage & Security
All personal data is stored on servers located in
Australia (AWS ap-southeast-2, Sydney). We employ the following security measures:
• Passwords: Argon2id one-way hashing (never reversible)
• Email addresses: AES-256-GCM encryption at rest
• All data in transit: TLS 1.3 encryption
• API credentials: Stored in secure environment vaults, never in source code
• Access controls: Role-based, with least-privilege principles applied
7. Data Retention
Vendor account data is retained for the duration of the active account and deleted within 30 days of account closure upon request. Customer location data is ephemeral and not retained beyond the active session. Anonymous usage metrics are retained for up to 24 months.
8. Disclosure to Third Parties
We do not sell, trade, or rent personal information to third parties. Data may be disclosed to:
• Cloud infrastructure providers operating in Australia (AWS ap-southeast-2)
• Transactional email service providers (Australian or equivalent data-protection compliant regions) solely for sending account-related emails
• Regulatory bodies or law enforcement where required by Australian law
9. Your Rights
Under the Privacy Act 1988, you have the right to:
•
Access the personal information we hold about you
•
Correct inaccurate or outdated information
•
Request deletion of your personal information (subject to legal obligations)
•
Withdraw consent for location access at any time via your device settings
•
Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at
oaic.gov.au
10. Data Breach Notification
In the event of a data breach likely to result in serious harm, we will notify affected individuals and the OAIC as required under the Notifiable Data Breaches (NDB) scheme within the timeframes prescribed by law.
11. Children's Privacy
TreatTracker is intended for use by individuals aged 13 and over. We do not knowingly collect personal information from children under 13 without verifiable parental consent.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via an in-app notice. Continued use of the app following notification constitutes acceptance of the updated policy.
13. Contact Us
For privacy enquiries, access requests, or complaints:
📧 privacy@treattracker.com.au
We aim to respond to all privacy requests within 30 days.
This policy reflects the requirements of the Privacy Act 1988 (Cth), the Australian Privacy Principles, and the Privacy and Other Legislation Amendment Act 2024. For independent advice, contact the OAIC at oaic.gov.au or 1300 363 992.
