Legal · Privacy Policy

Privacy Policy

Purchee is built consumer-first. This is a working summary of how we handle your data. A full Privacy Policy is being finalised before launch and will be published here.

Working summary (May 2026). Until the full policy is finalised, the principles below describe our intent. For questions or to request specific information about how your data would be handled, email [email protected].

Who we are

Purchee is being built and operated from Melbourne, Australia. The legal entity behind the product is in the process of being incorporated in Australia. Once incorporated, the entity name, ACN and registered office will be published here.

Data we plan to collect

Account identity: phone number and/or email (single sign-up).
Card-fingerprint hashes from your payment provider (Apple Pay, Google Pay, Square) — not your card numbers.
Optional Open Banking (CDR) transaction data, only if you explicitly authorise it.
Receipts delivered through participating retailers (Purchee-connected retailers) for transactions on cards or wallets you've linked.

Data we will not collect

Card numbers, PANs, CVVs or any payment credentials.
Your name, contact details, balance or account number from CDR feeds — CDR consent is scoped to transactions only.
Personal data from non-Purchee retailers without your explicit consent.

Where it lives · Data processing

Data is stored in Australia under the Privacy Act 1988 (Cth). Receipts are encrypted at rest and HMAC-signed end-to-end. We use Australian-region cloud infrastructure. We do not transfer personal data outside Australia without your explicit consent. A formal Data Processing schedule (sub-processors, retention windows, deletion SLAs) will be published alongside the full Privacy Policy before launch.

What we will never do

Sell, rent or share your data with advertisers.
Reveal your identity to a retailer unless you explicitly opt in to that relationship.
Send you marketing without an unambiguous opt-in (Spam Act 2003 compliant).

Your rights

Access — you can export everything Purchee holds about you at any time.
Correction — you can edit your profile and identity links.
Deletion — you can delete your account; data is removed within 30 days unless required to retain by law (e.g. tax records).
Complaints — if you believe we've mishandled your data, you can complain to the Office of the Australian Information Commissioner (oaic.gov.au).

Contact

Privacy questions: [email protected]

Last updated: May 2026 · This is a working summary. Final policy pending entity incorporation.