Privacy Policy
Stratosyte Pty Ltd (ABN 95 682 286 326)
This Privacy Policy describes how Stratosyte Pty Ltd (ABN 95 682 286 326) ("KeepMyBooking", "we", "us") collects, uses, discloses, stores, and protects your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and the Privacy Act 2020 (NZ) and the Information Privacy Principles (IPPs) for New Zealand users.
1. Scope
This Policy applies to all personal information we collect through the KeepMyBooking mobile application, website at keepmybooking.com, and related communications and services. By using the Platform, you acknowledge that your personal information will be handled as described in this Policy.
2. Information We Collect or May Verify
2.1 Identity and Account Information
- Full name, email address, and phone number.
- Date of birth (collected for age verification - 16+ requirement).
- Profile photograph (if uploaded).
- Google Account information where you authenticate via Google, including name, email address, and Google profile identifier.
- Apple account information where you authenticate via Apple sign in, including name and email.
2.2 Business Information (Merchants Only)
- ABN, ACN, trading name, and registered business address.
- Bank account details connected via Stripe (processed and stored by Stripe, not KeepMyBooking).
- Professional licence or qualification information as disclosed during verification.
2.3 Booking and Transaction Data
- Services booked, booking dates and times, booking status, and booking history.
- Payment metadata (transaction identifiers, amounts, refund records). Full payment card details are processed and stored by Stripe, not by KeepMyBooking.
- Cancellation and refund records.
2.4 Location Data
- Geolocation data used to surface relevant Merchants in your vicinity. Collected with your consent and in accordance with your device permissions.
2.5 Communications Data
- In-app chat messages between Users and Merchants.
- Emails, enquiries, or other correspondence with KeepMyBooking.
2.6 Review and Rating Content
- Review text, star ratings, and metadata (whether submitted publicly or anonymously). Anonymous reviews retain internal account association for moderation purposes.
2.7 Usage and Analytics Data
- Device type, operating system, and app version.
- In-app behaviour and navigation data, feature interactions, and booking flow data.
- Crash reports, error logs, IP addresses, and general network information.
2.8 Google Calendar Sync Data
- Calendar event data from your Google Calendar, where you have authorised the integration, used solely to enable bi-directional appointment sync.
2.9 Sensitive Information
KeepMyBooking does not intentionally collect sensitive information as defined under the Privacy Act 1988 (Cth), including health information, racial or ethnic origin, political opinions, or religious beliefs. You should not include sensitive information in your profile, booking notes, or communications on the Platform.
We acknowledge that certain service categories (e.g., wellness bookings) may implicitly reveal health-related context through booking behaviour. KeepMyBooking does not use such inferred information for any purpose beyond facilitating the relevant booking, and it is not shared with third parties for any secondary purpose.
3. How We Collect Your Information
- Directly from you when you create an account, make a booking, submit a review, or contact us.
- Automatically through the Platform via SDKs and analytics tools.
- From third parties, including Google (authentication and Calendar sync), Apple (authentication), and Stripe (payment and identity verification data).
- From Merchants, where they enter information in connection with a booking or communication.
4. Purposes of Collection and Use
We collect and use your personal information for the following purposes:
- Account registration, authentication, and management.
- Age verification (16+ requirement).
- Facilitating and managing bookings between Users and Merchants.
- Processing payments and refunds via Stripe.
- Enabling geolocation-based discovery and search.
- Providing in-app communication features, including chat.
- Displaying and moderating reviews and ratings.
- Enabling Google Calendar synchronisation (where authorised).
- Sending booking confirmations, reminders, and service notifications.
- Providing customer support and dispute resolution.
- Conducting analytics to monitor Platform performance and improve user experience.
- Complying with legal obligations, including fraud prevention and AML requirements.
- Marketing communications (where you have provided consent - see Section 8).
5. Sharing of Personal Information
5.1 Merchants
When you make a booking, we share relevant personal information with the relevant Merchant, including your name, contact details, and booking details. Merchants are required to handle this information in accordance with applicable privacy laws and the Merchant Terms.
5.2 Stripe
Payment information is processed by Stripe. Your payment data is subject to Stripe's Privacy Policy (stripe.com/privacy). KeepMyBooking does not store full card details. We share transaction metadata with Stripe as necessary to process payments.
5.3 Google
If you use Google Account authentication or Google Calendar integration, data is exchanged with Google in accordance with Google's Privacy Policy (policies.google.com/privacy). We use Google OAuth for authentication and the Google Calendar API for sync functionality only.
5.4 Apple
If you use Apple account authentication, data is exchanged with Apple in accordance with Apple's Privacy Policy (apple.com/au/legal/privacy/en-ww/). We use Apple Sign In for authentication purpose only.
5.5 Analytics and Technology Providers
We may share anonymised or aggregated usage data with analytics service providers to support Platform performance monitoring and improvement. These providers are contractually bound to protect the data.
5.6 Legal and Regulatory Disclosure
We may disclose personal information to law enforcement agencies, courts, or regulators where required by law or court order, or where we believe in good faith that disclosure is necessary to protect the safety of any person or prevent fraud.
5.7 No Sale of Data
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
6. Overseas Disclosures and Cloud Hosting
Your personal information may be stored and processed domestically and on servers located outside of Australia and New Zealand, including in the United States, where services such as Stripe, AWS, Google Cloud, and analytics providers operate. Before disclosing personal information overseas, we take reasonable steps to ensure that overseas recipients are subject to substantially similar privacy protections.
Australian users: We comply with APP 8 regarding overseas disclosures. By using the Platform, you consent to overseas transfer as described in this policy. We may disclose personal information to overseas service providers and partners in accordance with the Australian Privacy Principles, including APP 8 relating to cross-border disclosure of personal information. Where we disclose personal information overseas, we take reasonable steps to ensure that overseas recipients handle such information in a manner consistent with Australian privacy law. By using the Platform, you acknowledge that your personal information may be transferred to and processed in countries outside Australia as described in this Privacy Policy.
New Zealand users: We comply with IPP 12 requirements regarding overseas disclosures.
We may rely on contractual safeguards, due diligence, technical controls, user consents where appropriate, or other lawful mechanisms to support overseas disclosures and cross-border processing.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account and profile data | Duration of account plus 7 years after closure |
| Booking and transaction records | 7 years (AU tax law obligations) |
| Chat and communication records | 2 years from last activity |
| Review content | Duration of Platform listing or until account deletion |
| Age verification data (DOB) | Duration of account |
| Analytics and usage data | 2 years, then anonymised or deleted |
| Google Calendar sync data | Session-based; not permanently stored beyond sync purpose |
8. Marketing Communications
We may send promotional communications where you have opted in. You may unsubscribe at any time by using the unsubscribe link in any marketing email, updating notification preferences in-app, or contacting [email protected]. We comply with the Spam Act 2003 (Cth) (Australia) and the Unsolicited Electronic Messages Act 2007 (NZ).
9. Security
We implement commercially reasonable technical and organisational security measures including:
- Encryption of data in transit (TLS/HTTPS).
- Encryption of data at rest on our servers.
- Access controls limiting staff access on a need-to-know basis.
- Regular security assessments and monitoring.
You hereby understand and agree that no internet data transmission is completely secure. In the event of a data breach likely to result in serious harm, we will notify affected individuals and the relevant regulator (OAIC and/or NZ Privacy Commissioner) in accordance with applicable notifiable data breach requirements.
10. Your Privacy Rights
10.1 Access and Correction
You have the right to request access to personal information we hold about you and to request correction of inaccurate, incomplete, or outdated information. Contact: [email protected].
10.2 Deletion
You may request deletion of your personal information. We will process deletion requests subject to our legal retention obligations and the need to retain certain information to complete pending transactions or resolve disputes.
10.3 Complaint Process
If you believe we have handled your personal information in breach of this Policy or applicable law, you may immediately contact our Privacy Officer at [email protected].
11. Australian Privacy Act Compliance
This Policy is intended to describe KeepMyBooking's personal information handling practices in accordance with applicable Australian privacy law, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles, to the extent applicable.
We may and reserve the right to update our privacy practices and this Policy to reflect changes in our business, technology providers, legal obligations, and regulatory guidance.
12. New Zealand Privacy Act 2020 Compliance
For users in New Zealand, this Policy is designed to comply with the Privacy Act 2020 (NZ) and the Information Privacy Principles. New Zealand users have the right to access and correct information held about them, and to complain to the NZ Privacy Commissioner.
We may and reserve the right to update our privacy practices and this Policy to reflect changes in our business, technology providers, legal obligations, and regulatory guidance.
13. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via in-app notification or email. Continued use of the Platform constitutes acceptance of the updated Policy.
14. Contact
Privacy Officer: [email protected] | Stratosyte Pty Ltd, ABN 95 682 286 326 | keepmybooking.com | Phone: +61 2 8456 7107
Related documents: Consumer Terms and supplemental policies.