Privacy policy.

This policy explains how Mr. Nicolas Raffa Pirra (ABN 46946705935)(“we”, “us”, “our”) — the operator of stamplio at stamplio.club (the “Service”) — collects, holds, uses, and discloses personal information. We are based in New South Wales, Australia and handle personal information in line with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth).

1. Who this policy covers

The Service has two kinds of users:

• Merchants — café and small-business operators who sign up for a paid plan and run a loyalty programme through our dashboard.
• Customers— the people who tap a merchant’s NFC sticker, install a wallet pass, and earn stamps. Most customer activity is anonymous to us.

This policy applies to both groups.

2. What personal information we collect

From merchants: email address, first and last name (optional), authentication credentials managed by Clerk (password hashes — we never see the plaintext), business name and trading details you enter, your brand logo and colours, billing information held by Stripe (we receive only a Stripe customer ID and subscription metadata, not card numbers), dashboard activity, IP address, browser and device metadata, unhandled application errors, and email-correspondence content if you write in to support.

From customers:an anonymous identifier stored in a first-party cookie on your device (used to attribute stamps before you have a wallet pass), the wallet pass token issued by Apple PassKit or Google Wallet when you save a pass, your stamp count and visit history at each merchant, IP address and basic device metadata for the duration of a tap, and any name or email you choose to enter at a merchant’s sign-up form. If you ask staff to approve extra stamps or a reward, your browser may also ask you to share approximate location so staff can see whether the request appears near the store. Staff users may choose to enable request alerts; in that case we store the browser push subscription needed to send those alerts to that device. We do not require you to create an account or hand over an email to use the Service.

We do not knowingly collect sensitive information (health, racial or ethnic origin, political views, religious beliefs, sexual orientation, biometric or genetic data).

3. How we collect it

• Directly from you (sign-up forms, support emails, dashboard input).
• Automatically from your device when you visit the Service (cookies, log data, page analytics).
• From third parties acting on our behalf: Clerk (authentication events), Stripe (payment confirmations and subscription status), Apple and Google (wallet pass install + lifecycle events).

4. Why we collect it

We use personal information to:

• Provide the Service — sign you in, issue wallet passes, record stamps and redemptions.
• Bill you (merchants) and manage subscriptions through Stripe.
• Send transactional emails: confirmations, receipts, password resets, important service notices.
• Run analytics on how the Service is used so we can improve it, debug, and prioritise fixes.
• Detect, prevent, and respond to fraud, abuse, and security incidents.
• Meet our legal obligations and exercise or defend legal claims.

We do not sell your personal information. We do not use it for third-party advertising or for any purpose materially different from the ones above without your consent.

Marketing communications. Transactional emails (receipts, password resets, important service notices) are part of the Service. We will only send you marketing or promotional email — product updates, feature announcements, newsletters — if you have opted in, and every marketing email will contain a one-click unsubscribe link, in line with the Spam Act 2003 (Cth).

5. Who we share it with

The Service runs on a small set of vetted service providers (“subprocessors”). Each receives only what it needs to perform its role, under a written agreement:

• Clerk — authentication and identity management (United States).
• Stripe — payment processing and subscription billing (United States, Ireland, Australia).
• Neon — managed Postgres database hosting (United States and/or European Union, depending on region).
• Vercel — application hosting and serverless compute (United States, with global edge caching).
• Resend — transactional email delivery (United States, Ireland).
• PostHog — product analytics and error monitoring (United States).
• Apple Inc. and Google LLC — distribution of wallet passes via Apple PassKit and Google Wallet (United States).

We will only disclose personal information outside this list where you have consented, where required by Australian law (e.g. in response to a lawful subpoena or court order), or in connection with a business sale or restructure — in which case any acquirer will be bound by terms no less protective than this policy.

6. Overseas disclosure

Because the subprocessors above operate outside Australia, your personal information is likely to be disclosed to recipients in the United States, Ireland, the European Union, and other countries where those providers operate. We take reasonable steps to ensure each recipient handles your information in a way consistent with the Australian Privacy Principles, including contractual data-processing terms.

7. How we keep it secure

All traffic between your device and the Service is encrypted in transit using TLS. Data is encrypted at rest by our hosting and database providers. Authentication is handled by Clerk; we never store or see your password. Access to production systems is restricted, logged, and protected with multi-factor authentication. No method of transmission or storage is 100% secure, and we can’t guarantee absolute security. If we ever suffer a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, in line with the Notifiable Data Breaches scheme — regardless of whether we are strictly bound by it as a small business.

8. How long we keep it

We retain personal information for as long as your account is active and for a reasonable period after to meet legal, accounting, or dispute-resolution requirements. When you ask us to delete your account, we remove your records and ask our subprocessors to do the same within 30 days, except where we are required to retain information by law (for example, tax records under the Income Tax Assessment Act). Anonymous, aggregated analytics that can no longer be linked to you may be kept indefinitely.

9. Cookies and analytics

We use a small set of first-party cookies for the Service to work (sign-in sessions, the anonymous customer identifier for stamp attribution before a wallet pass exists, CSRF protection). PostHog places a first-party analytics cookie to deduplicate pageviews and link events to a session. We do not use third-party advertising trackers. You can disable cookies in your browser, but parts of the Service may stop working — in particular, you won’t be able to sign in or have stamps attributed to you reliably.

10. Your rights — access, correction, deletion

You have the right to:

• Ask us what personal information we hold about you.
• Ask us to correct information you believe is inaccurate or out of date.
• Ask us to delete your account and the personal information attached to it.
• Withdraw any consent you have given us, at any time.
• Object to a particular use of your information — for example, to opt out of product analytics.

Email hello@stamplio.club from the address on your account and we’ll action your request within 30 days. We may ask you to verify your identity before making changes.

11. Children

The Service is not directed at, and we don’t knowingly collect personal information from, children under 16. If you believe a child has provided us with personal information, contact us and we will delete it.

12. Complaints

If you think we’ve mishandled your personal information, please email hello@stamplio.club with the details. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you’re not satisfied with our response, you can escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

13. Changes to this policy

We may update this policy from time to time — for example when we add a new subprocessor or change how a feature works. The “Last updated” date at the top will always reflect the current version. For material changes that affect your rights, we will email registered account holders at least 14 days before the change takes effect.

14. Contact

Questions about this policy or how we handle your personal information?

• Email: hello@stamplio.club
• Post: U 6 90 COOGEE BAY RD COOGEE NSW 2034
• ABN: 46946705935