Privacy Policy
Purchee is built consumer-first. This is a working summary of how we handle your data. A full Privacy Policy is being finalised before launch and will be published here.
Who we are
Purchee is being built and operated from Melbourne, Australia. The legal entity behind the product is in the process of being incorporated in Australia. Once incorporated, the entity name, ACN and registered office will be published here.
Data we plan to collect
- Account identity: phone number and/or email (single sign-up).
- Linked-card references — a tokenised reference issued by Apple Pay or Google Pay, or a tokenised reference issued by our PCI-DSS-certified payment processor if you choose to enter card details manually. We never see, store or have access to your actual card number.
- Receipts delivered through participating retailers (Purchee-connected retailers) for transactions on cards or wallets you've linked.
Data we will not collect
- Card numbers, PANs, CVVs or any raw payment credentials. If you enter card details manually, those go directly to our PCI-DSS-certified payment processor — Purchee receives only a tokenised reference plus the last four digits and expiry month/year. The full card number is never stored or seen by Purchee.
- Bank account balance, account number, or transaction feed from your bank. Purchee does not use Open Banking (CDR) or any direct bank-data integration.
- Personal data from non-Purchee retailers without your explicit consent.
- Marketing data shared with advertisers — Purchee is retailer-funded, not advertiser-funded.
Where it lives · Data processing
Data is stored in Australia under the Privacy Act 1988 (Cth). Receipts are encrypted at rest and HMAC-signed end-to-end. We use Australian-region cloud infrastructure. We do not transfer personal data outside Australia without your explicit consent. A formal Data Processing schedule (sub-processors, retention windows, deletion SLAs) will be published alongside the full Privacy Policy before launch.
What we will never do
- Sell, rent or share your data with advertisers.
- Reveal your identity to a retailer unless you explicitly opt in to that relationship.
- Send you marketing without an unambiguous opt-in (Spam Act 2003 compliant).
Your rights
- Access — you can export everything Purchee holds about you at any time.
- Correction — you can edit your profile and identity links.
- Deletion — you can delete your account; data is removed within 30 days unless required to retain by law (e.g. tax records).
- Complaints — if you believe we've mishandled your data, you can complain to the Office of the Australian Information Commissioner (oaic.gov.au).
Contact
Privacy questions: [email protected]
Last updated: May 2026 · This is a working summary. Final policy pending entity incorporation.