Sign inSign up freeAU
← Back to trust commitmentsTrust commitment 5 of 6

Data handling and retention

What we store, where it lives, who can access it, how long we keep it, and how you can delete it.

What we store

  • Account data: your email (if you sign in), display name (optional), preferences (sort order, hidden-sponsored toggle).
  • Shortlist / compare state: the venues you've saved. Stored in Supabase tied to your account.
  • Enquiry records: the message you sent and which venue received it. We retain this so a venue owner can respond, and so you have a record.
  • Aggregate analytics: page views, search queries (anonymised). No third-party trackers beyond what we declare in /privacy.

What we don't store

  • Your bank or credit-card details. Payments are processed by Stripe directly — we never see card numbers.
  • Your enquiry message's content beyond the retention window (12 months by default).
  • Cross-site tracking data.
  • Demographic profiles purchased from data brokers.

Where it lives

Everything is in Supabase, hosted in the Sydney AWS region (ap-southeast-2). Encrypted at rest with AES-256 and in transit with TLS 1.3. Daily backups to Cloudflare R2 in Sydney. No data leaves Australia.

Who can access it

  • You — via your account dashboard.
  • The venue you enquired with — for that specific enquiry.
  • VenueGuide.au operators (SeaQae Group, ABN 40 300 987 116) — for support and abuse investigations.

We do not share with: advertisers, lead resellers, analytics partners that combine across sites, or government agencies without lawful request.

Retention timelines

  • Enquiry messages: 12 months from send, then deleted.
  • Shortlist state: kept while your account is active.
  • Inactive accounts: anonymised after 24 months of no sign-in.
  • Audit logs: 7 years (required for Stripe-related transactions under Australian record-keeping rules).

Your rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you can:

  • Request a copy of all data we hold on you.
  • Request correction of any inaccurate data.
  • Request deletion of your data (subject to retention requirements for legal/tax compliance).
  • Object to marketing.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Email [email protected] for any of the above. We respond within 5 business days.