Privacy Policy

IMPORTANT-READ THIS PRIVACY POLICY CAREFULLY BEFORE ACCESSING OR USING THIS SAAS SERVICE. BY ACCESSING OR USING THIS SAAS SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, THAT YOU UNDERSTAND IT, AND THAT YOU AGREE TO BE BOUND BY ITS TERMS. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY, PROMPTLY EXIT THIS PAGE WITHOUT ACCESSING OR USING THE SAAS SERVICE.

This Privacy Policy describes how iMagic Pty Ltd ("we", "us", or "our") collects, uses, discloses, stores, and protects personal information in connection with the "Sticky Guest" SaaS service (the "Service") and related offerings. We are committed to protecting your privacy and complying with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and other applicable privacy laws. This policy is effective as of October 24, 2023, and applies to personal information we collect from or about you through the Service.

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Kinds of Personal Information We Collect and Hold
We may collect and hold the following types of personal information, depending on your interactions with us and the Service:
- Account and contact details such as name, email address, phone number, organization name, and billing address (e.g., when you create an account, subscribe, or contact support).
- Payment information (e.g., credit card details processed through secure third-party providers for subscriptions).
- Usage data, such as IP address, browser type, device information, login times, session activity, and interaction logs (e.g., for security, analytics, and improvements).
- User-generated content, such as guest details (names, contacts, preferences, check-in data) that you input or upload to the Service, which is stored on our servers.
- Sensitive information (e.g., health or accessibility data for guests) only if necessary and with your explicit consent.
We do not collect personal information unless it is reasonably necessary for our functions or activities related to providing the SaaS Service.

How We Collect Personal Information
We collect personal information directly from you when you:
- Sign up for an account, subscribe to the Service, or log in.
- Use the Service's features, such as entering guest data or generating reports.
- Contact us via email, chat, our website, or support portals.
- Participate in webinars, surveys, or provide feedback.
We may also collect information automatically through the Service (e.g., via cookies or analytics tools) or indirectly from third parties, such as integration partners or payment processors. If you connect third-party services (e.g., calendars or payment gateways), we may receive data from them.

How We Hold Personal Information
Personal information is stored securely on our cloud servers located in Australia or with trusted global providers compliant with Australian privacy standards. We use industry-standard security measures, including encryption (at rest and in transit), multi-factor authentication, access controls, regular vulnerability scans, and data backups, to protect against unauthorized access, loss, misuse, or alteration. As a SaaS provider, we manage server-side security, but you are responsible for securing your account credentials and end-user devices.

Purposes for Which We Collect, Hold, Use, and Disclose Personal Information
We collect, hold, use, and disclose personal information for the following primary purposes:
- To provide, host, maintain, and enhance the Service, including user authentication, data storage, and feature functionality.
- To process subscriptions, payments, and billing.
- To communicate with you, including service updates, security alerts, newsletters, or promotional materials (with opt-out options).
- To monitor and analyze usage for performance optimization, troubleshooting, and product improvements.
- To ensure security, prevent fraud, and comply with legal obligations.
- For internal operations, such as auditing, data analysis, and research.
We may disclose personal information to third parties, including:
- Service providers (e.g., cloud hosting like AWS, payment processors like Stripe, analytics tools like Google Analytics).
- Integration partners (e.g., if you connect to external APIs or services).
- Professional advisors (e.g., lawyers, auditors).
- Government authorities if required by law or for legal proceedings.
Disclosures are limited to what is necessary, and we require third parties to handle data securely and in compliance with applicable laws, often through data processing agreements.

Cookies and Tracking Technologies
The Service and our website use cookies, pixels, local storage, and similar technologies to collect non-personal information like session data, preferences, and usage patterns. This enables features like auto-login and analytics. Essential cookies are required for functionality; others (e.g., for marketing) can be managed via your browser or our consent tool. For details, refer to our cookie policy on our website.

Access to and Correction of Personal Information
You have the right to request access to or correction of your personal information we hold. Log into your account to view or update much of your data directly, or contact us for assistance. We will respond within a reasonable time (usually 30 days) and provide access free of charge unless exceptions apply (e.g., vexatious requests). If we refuse, we will provide reasons and complaint options.

Complaints About Breaches
If you believe we have breached the APPs or mishandled your personal information, please contact us with details. We will investigate and respond in writing within 30 days. If unsatisfied, you can complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992.

Disclosure to Overseas Recipients
As a SaaS provider, we may disclose personal information to overseas recipients, such as cloud providers or support teams in the United States, European Union, or other regions with adequate data protection. Before disclosure, we take reasonable steps to ensure compliance with the APPs (e.g., via standard contractual clauses or binding corporate rules). By using the Service, you consent to such overseas transfers where necessary for service delivery.

Anonymity and Pseudonymity
Where practical, you may interact with us anonymously or using a pseudonym (e.g., for general website inquiries). However, this is not feasible for the Service, as account creation and usage require identification for security and functionality.

Data Retention and Destruction
We retain personal information for as long as your account is active or as needed to provide the Service, plus any periods required by law (e.g., 7 years for financial records). Upon account closure or request, we will delete or anonymize data unless retention is legally mandated. Secure deletion methods include overwriting, degaussing, or certified destruction.

Children's Privacy
The Service is not intended for children under 13 years old. We do not knowingly collect personal information from children without verifiable parental consent. If we discover such collection, we will delete it immediately.

Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, laws, or the Service. We will notify you of material changes via email, in-app notices, or on our website. Your continued use after the effective date constitutes acceptance. Check the policy date for the latest version.

Contact Us
For questions about this Privacy Policy, to access or correct your information, or for any privacy concerns, please contact iMagic Pty Ltd at https://stickyguest.com/ContactUs.