Cooe ("we", "our", "us") is committed to protecting your privacy and complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our QR code lost and found service at cooe.au.
1. Information We Collect
1.1 Personal Information You Provide
When you use Cooe, we collect the following personal information that you voluntarily provide:
- Email address - Required to send notifications when your items are found
- Phone number (optional) - If you choose to receive SMS notifications
- Name or identifier (optional) - To help you identify your QR codes
- Item descriptions - Information about items you've attached QR codes to
1.2 Information Collected Automatically
When you visit our website, we automatically collect:
- Device information - Browser type, operating system, device type
- Usage data - Pages visited, time spent on pages, QR codes generated
- IP address - Used for security and fraud prevention
- Cookies and tracking technologies - See Section 7 for details
1.3 Information from Third Parties
We do NOT collect information about you from third parties. All information is provided directly by you.
2. How We Use Your Information
We use your personal information for the following purposes, as permitted under APP 6 (Use or disclosure of personal information):
- Primary Purpose: To facilitate the return of lost items by notifying you when someone finds and scans your QR code
- Service Delivery: To generate and manage your QR codes, send email/SMS notifications, and maintain your account
- Communication: To respond to your inquiries and provide customer support
- Service Improvement: To analyze usage patterns and improve our service functionality
- Security: To detect and prevent fraud, abuse, and security incidents
- Legal Compliance: To comply with Australian laws and regulations
We do NOT:
- Sell your personal information to third parties
- Use your information for advertising or marketing without consent
- Share your information with data brokers
- Use your information for purposes unrelated to our lost and found service
3. How We Disclose Your Information
3.1 Disclosure to Item Finders
When someone finds your item and submits a "Found Item" report:
- What they see: Nothing until they submit the report
- What we send you: The finder's contact information (name, email, phone if provided, and location/message)
- What we send them: A confirmation that their report was submitted successfully
Important: Your contact information is NEVER displayed publicly on the QR code or visible to scanners unless you choose to contact them back.
3.2 Disclosure to Service Providers
We share personal information with the following service providers who assist us in operating our service:
- Cloud Infrastructure (AWS): Servers hosted in Australia to store your data securely
- Email Service (AWS SES): To send email notifications
- SMS Service (AWS SNS): To send SMS notifications (if you opt in)
- Analytics (Google Analytics): To understand usage patterns (anonymized where possible)
All service providers are bound by confidentiality obligations and are only authorized to use your information for the specific services they provide to us.
3.3 Disclosure for Legal Reasons
We may disclose your personal information if required by law or if we believe in good faith that disclosure is necessary to:
- Comply with legal obligations (court orders, subpoenas, warrants)
- Protect our rights, property, or safety, or that of our users
- Investigate fraud, security incidents, or violations of our Terms of Service
- Cooperate with law enforcement agencies
4. Data Storage and Security
4.1 Where We Store Your Data
Your personal information is stored on secure servers located in Australia (AWS Sydney region). We do not transfer your data outside Australia except as required for essential service providers (e.g., Google Analytics in the United States).
4.2 How We Protect Your Data
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption: HTTPS/TLS encryption for all data transmitted between your device and our servers
- Access Controls: Restricted access to personal information on a need-to-know basis
- Secure Infrastructure: AWS security features including firewalls, DDoS protection, and intrusion detection
- Regular Monitoring: 24/7 monitoring for security incidents and anomalies
- Data Minimization: We only collect the minimum information necessary to provide our service
4.3 Data Retention
We retain your personal information for as long as:
- Your QR codes are active and you are using the service
- Required to comply with legal obligations (e.g., tax records: 7 years)
- Necessary to resolve disputes or enforce our agreements
You can request deletion of your account and personal information at any time (see Section 6).
5. Notifiable Data Breaches
In accordance with the Australian Privacy Act's Notifiable Data Breaches (NDB) scheme:
- If we become aware of a data breach that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) within 30 days
- Notification will include: the nature of the breach, what information was involved, steps we've taken to contain it, and steps you should take to protect yourself
- We maintain incident response procedures to detect, contain, and remediate data breaches
6. Your Rights Under Australian Privacy Law
Under the Australian Privacy Principles, you have the following rights regarding your personal information:
6.1 Right to Access (APP 12)
You have the right to request access to the personal information we hold about you. We will provide this information within 30 days of your request, free of charge (unless the request is excessive).
6.2 Right to Correction (APP 13)
You have the right to request correction of inaccurate, out-of-date, incomplete, or misleading information. You can update your information directly through our "My Codes" dashboard or by contacting us.
6.3 Right to Deletion
You can request deletion of your account and personal information at any time. To delete your account:
- Log in to your "My Codes" dashboard
- Click "Delete Account" or contact us at privacy@cooe.au
- We will delete your information within 30 days, except where we are required by law to retain it
6.4 Right to Complain
If you believe we have breached the Australian Privacy Principles, you have the right to make a complaint. Please contact us first at privacy@cooe.au. If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
7. Cookies and Tracking Technologies
7.1 What Cookies We Use
We use the following types of cookies:
- Essential Cookies: Required for the website to function (e.g., session management, security)
- Analytics Cookies: Google Analytics to understand how visitors use our site (anonymized where possible)
7.2 How to Control Cookies
You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.
- Google Analytics Opt-Out: Install browser add-on
- Browser Settings: Most browsers allow you to refuse cookies or delete existing cookies
8. Children's Privacy
Cooe is designed to help parents and schools protect children's belongings. However:
- We do NOT knowingly collect personal information directly from children under 13 without parental consent
- Parents create QR codes on behalf of their children
- QR codes do not display any personal information about the child or parent
- If we become aware that we have collected personal information from a child under 13 without parental consent, we will delete it immediately
9. Third-Party Links
Our website may contain links to third-party websites (e.g., donation platforms, social media). We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing any personal information.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:
- We will update the "Last Updated" date at the top of this page
- For material changes, we will notify you via email (if you have an account) or prominent notice on our website
- Continued use of our service after changes constitutes acceptance of the updated policy
11. International Users
Cooe is primarily designed for Australian users. If you access our service from outside Australia:
- Your information will be transferred to and stored in Australia
- By using our service, you consent to this transfer
- Australian privacy laws will govern the handling of your information
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:
13. Australian Privacy Act Compliance Statement
Cooe is committed to complying with the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). This Privacy Policy demonstrates our compliance with:
- APP 1: Open and transparent management of personal information
- APP 2: Anonymity and pseudonymity (where practicable)
- APP 3: Collection of solicited personal information
- APP 5: Notification of collection
- APP 6: Use or disclosure of personal information
- APP 7: Direct marketing (we do not engage in direct marketing)
- APP 8: Cross-border disclosure of personal information
- APP 10: Quality of personal information
- APP 11: Security of personal information
- APP 12: Access to personal information
- APP 13: Correction of personal information
This Privacy Policy was last reviewed and updated on 7 December 2024 to ensure compliance with current Australian privacy laws and regulations.