HouseGoing

Privacy Policy

Privacy Act 1988 (Cth) Compliance

This Privacy Policy complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). HouseGoing Pty Ltd is committed to protecting your privacy and handling your personal information responsibly.

1. About This Policy

Entity: HouseGoing Pty Ltd (ABN: [To be registered])
Contact: privacy@housegoing.com.au
Address: New South Wales, Australia
Effective Date: January 6, 2025
Version: 2.0

This Privacy Policy explains how HouseGoing Pty Ltd ("we", "us", "our") collects, uses, discloses, and manages personal information when you use our venue rental marketplace platform, mobile applications, and related services (collectively, the "Platform"). This policy applies to all users including venue seekers ("Customers"), property owners ("Hosts"), and visitors to our Platform.

We are committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth), Australian Privacy Principles (APPs), and other applicable Australian laws.

2. Information We Collect

2.1 Customer Information

Account Information:

  • Full name, email address, phone number
  • Date of birth (for age verification - must be 18+)
  • Profile photo (optional, stored via Cloudinary)
  • Account preferences and notification settings
  • Authentication data via Clerk (encrypted)

Booking Information:

  • Event details (type, date, duration, guest count)
  • Special requirements and accessibility needs
  • Booking history and preferences
  • Reviews and ratings provided to hosts
  • Cancellation history and reasons

Payment Information:

  • Credit/debit card details (securely processed via Stripe)
  • Billing address and payment history
  • Transaction records and digital receipts
  • Refund and dispute records

2.2 Host Information

Personal Details:

  • Full legal name, email address, phone number
  • Date of birth and government-issued photo ID
  • ABN, ACN, or business registration details
  • Bank account details for payment processing
  • Tax file number (if required for reporting)

Property Information:

  • Complete property address and GPS coordinates
  • Property type, size, capacity, and detailed amenities
  • Pricing structure, availability calendar, and booking rules
  • Noise restrictions and council compliance details
  • Emergency contact information and procedures

Verification Documents (Confidential):

  • Government-issued photo ID (driver's license, passport)
  • Proof of property ownership or legal authorization
  • Public liability insurance certificates ($10M+ coverage)
  • Council permits and development approvals
  • Safety inspection reports and fire safety certificates
  • Building compliance and occupancy certificates

2.3 Property Photos and Media Storage

Cloudinary Storage System:

  • High-resolution property interior and exterior photos
  • Amenity and facility detailed images
  • Safety equipment and emergency exit documentation
  • Virtual tour media and 360° panoramic images
  • Before/after event photos (if provided by hosts/guests)

Media Processing and Security:

  • Automatic image optimization and multiple format generation
  • EXIF data removal for privacy and location protection
  • Watermarking and copyright protection measures
  • AI-powered content moderation and safety screening
  • Secure CDN delivery with access controls
  • Backup and disaster recovery procedures

Data Retention:

  • Active listing photos: Retained while property is listed
  • Verification photos: Retained for 7 years post-account closure
  • Event photos: Retained for 2 years or until deletion requested

3. Technical and Usage Data

3.1 Device and Browser Information

  • IP address, device type, operating system, and version
  • Browser type, version, language settings, and time zone
  • Screen resolution, color depth, and device identifiers
  • Mobile device information, app version, and push notification tokens
  • Network information and connection type

3.2 Platform Usage Analytics

  • Pages visited, time spent, scroll depth, and click patterns
  • Search queries, filters applied, and result interactions
  • Feature usage patterns and user journey mapping
  • Error logs, crash reports, and performance metrics
  • A/B testing participation and conversion tracking

3.3 Location Information

  • Precise GPS coordinates (only with explicit consent)
  • IP-based location approximation for regional content
  • Preferred search locations and radius preferences
  • Travel patterns for personalized venue recommendations
  • Geofencing data for location-based notifications

4. How We Use Your Information

4.1 Service Provision and Platform Operations

  • Facilitate venue bookings, payments, and secure communications
  • Process payments via Stripe and manage financial transactions
  • Verify host and customer identities for safety and compliance
  • Match customers with suitable venues based on preferences
  • Provide customer support and resolve disputes
  • Send booking confirmations, reminders, and updates

4.2 Safety, Security, and Compliance

  • Verify host property ownership and insurance coverage
  • Conduct background checks and identity verification
  • Monitor for fraudulent activity and prevent platform abuse
  • Ensure compliance with NSW noise regulations and local laws
  • Investigate safety incidents and maintain incident records
  • Report to authorities when required by law

4.3 Platform Improvement and Personalization

  • Analyze usage patterns to improve user experience
  • Develop new features and enhance existing functionality
  • Provide personalized venue recommendations
  • Conduct A/B testing for platform optimization
  • Generate anonymized analytics and market insights
  • Train AI systems for better matching and recommendations

4.4 Marketing and Communications

  • Send promotional emails and platform updates (with consent)
  • Provide targeted advertising based on preferences
  • Share success stories and testimonials (with permission)
  • Conduct market research and customer satisfaction surveys
  • Notify about new venues and special offers in your area

5. Information Sharing and Disclosure

5.1 Between Platform Users

  • Host contact information shared with confirmed bookings only
  • Customer basic profile information for booking verification
  • Reviews and ratings (anonymized when requested)
  • Emergency contact details during active bookings
  • Property access instructions and safety information

5.2 Third-Party Service Providers

  • Stripe: Payment processing and financial transactions
  • Clerk: User authentication and identity management
  • Supabase: Database hosting and real-time features
  • Cloudinary: Image storage, processing, and delivery
  • Brevo: Email delivery and marketing communications
  • Mapbox: Location services and mapping functionality

5.3 Legal and Regulatory Disclosure

  • Law enforcement agencies when required by valid legal process
  • NSW Fair Trading for consumer protection investigations
  • Australian Taxation Office for tax compliance reporting
  • Emergency services during safety incidents
  • Courts and tribunals in legal proceedings
  • Regulatory bodies for compliance audits

⚠️ We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Data Security and Protection

6.1 Technical Security Measures

  • End-to-end encryption for all data transmission (TLS 1.3)
  • AES-256 encryption for data at rest in databases
  • Multi-factor authentication for admin and host accounts
  • Regular security audits and penetration testing
  • Automated vulnerability scanning and patch management
  • Secure API endpoints with rate limiting and monitoring

6.2 Access Controls and Staff Training

  • Role-based access controls with principle of least privilege
  • Regular staff training on privacy and data protection
  • Background checks for all employees with data access
  • Confidentiality agreements and privacy obligations
  • Audit logs for all data access and modifications
  • Immediate access revocation upon employment termination

6.3 Data Backup and Recovery

  • Automated daily backups with geographic redundancy
  • Point-in-time recovery capabilities
  • Disaster recovery plan with 99.9% uptime target
  • Regular backup integrity testing and restoration drills
  • Secure backup storage with encryption and access controls

7. Your Privacy Rights Under Australian Law

7.1 Access and Correction Rights

  • Access: Request copies of all personal information we hold about you
  • Correction: Update or correct inaccurate or outdated information
  • Portability: Receive your data in a structured, machine-readable format
  • Explanation: Understand how automated decisions affect you

7.2 Deletion and Restriction Rights

  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Restriction: Limit how we process your information
  • Objection: Object to processing for marketing or legitimate interests
  • Withdrawal: Withdraw consent for optional data processing

7.3 How to Exercise Your Rights

Contact Methods:

  • Email: privacy@housegoing.com.au
  • Phone: 1300 HOUSE GO (1300 468 734)
  • Online: Account settings and privacy dashboard
  • Mail: Privacy Officer, HouseGoing Pty Ltd, NSW, Australia

Response Timeline: We will respond within 30 days of receiving your request

Verification: We may require identity verification to protect your privacy

8. Data Retention and Deletion

8.1 Retention Periods

  • Active Accounts: Data retained while account is active and for legitimate business purposes
  • Financial Records: 7 years after transaction (Australian tax law requirement)
  • Verification Documents: 7 years after account closure (regulatory compliance)
  • Communication Records: 3 years for dispute resolution purposes
  • Marketing Data: Until consent is withdrawn or account deleted
  • Safety Incident Records: 10 years for insurance and legal purposes

8.2 Secure Deletion Process

  • Multi-pass data overwriting using industry-standard methods
  • Secure deletion from all backup systems and archives
  • Certificate of destruction for highly sensitive documents
  • Notification to third-party processors for coordinated deletion
  • Audit trail of all deletion activities

9. International Data Transfers

Some of our service providers are located overseas. We ensure that any international transfers of personal information comply with the Privacy Act 1988 (Cth) and provide adequate protection for your information through:

  • Contractual safeguards requiring equivalent privacy protection
  • Regular audits of overseas service providers
  • Data processing agreements compliant with Australian standards
  • Encryption of all data in transit and at rest

Current overseas service providers:

  • Stripe Inc. (United States): Payment processing with PCI DSS Level 1 certification
  • Clerk Inc. (United States): Authentication services with SOC 2 Type II compliance
  • Supabase Inc. (United States): Database hosting with ISO 27001 certification
  • Cloudinary Ltd. (Israel/United States): Media storage with GDPR compliance

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized content. Our cookie usage includes:

  • Essential Cookies: Required for platform functionality and security
  • Analytics Cookies: Help us understand how you use our platform
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Deliver relevant advertisements (with consent)

You can manage cookie preferences through your browser settings or our cookie consent banner. For detailed information, please see our Cookie Policy.

11. Privacy Complaints and Contact Information

Privacy Officer Contact

Email: privacy@housegoing.com.au

Phone: 1300 HOUSE GO (1300 468 734)

Address: Privacy Officer, HouseGoing Pty Ltd, NSW, Australia

Response Time: Within 30 days of receiving your complaint

External Complaint Options

If you are not satisfied with our response, you may lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)

Website: oaic.gov.au

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Online: Privacy complaint form

Data Breach Notification

In the event of a data breach that may cause serious harm, we will notify affected individuals and the OAIC within 72 hours as required by law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Email notification to your registered email address
  • Prominent notice on our platform homepage
  • In-app notification for mobile users
  • 30 days advance notice for significant changes

Your continued use of our services after changes become effective constitutes acceptance of the updated policy. If you do not agree with the changes, you may close your account.

Last Updated: January 6, 2025
Effective Date: January 6, 2025
Version: 2.0
Governing Law: Privacy Act 1988 (Cth), New South Wales, Australia
Next Review: January 6, 2026