RewardSuite ("we", "us", "our") respects your privacy and is committed to handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APP).

This policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data.

1. Who we are

RewardSuite is an Australian-owned software-as-a-service (SaaS) platform that helps gyms, fitness businesses and similar venues run loyalty, rewards and retention programs for their members.

We act as a data processor on behalf of the businesses that use RewardSuite (our "Business Customers"). Those businesses are the data controllers of their members' information.

2. Information we collect

We collect the following categories of personal information:

Account information — name, email address, password (hashed), phone number, date of birth, gender, postcode.
Business information — for Business Customers: business name, ABN (if provided), physical address, contact numbers.
Usage data — check-in timestamps, points balances, reward redemptions, streak history, booster activations, device identifiers.
Marketing preferences — whether you've opted in to email or SMS communications.
Technical data — IP address, browser type, device type, timezone and cookies required to operate the service.

3. How we use your information

To provide and operate the RewardSuite platform
To process check-ins, award points, and deliver rewards
To send transactional notifications (check-in confirmations, reward availability)
To send marketing communications — only where you have opted in
To prevent fraud, abuse and unauthorised access
To comply with our legal obligations

4. Who we share your information with

We never sell your data. We only share it with:

Your gym / business — the Business Customer you signed up with can see your loyalty activity.
Service providers that help us operate (hosting, SMS delivery, email delivery, image hosting) — all bound by confidentiality obligations.
Regulators or law enforcement where required by Australian law.
Integrated Suite products — if your Business Customer has enabled ReferSuite or StreamifyBox, relevant loyalty data may sync between products.

5. Data storage and security

Your data is stored on secure cloud infrastructure located in Australia or the United States with industry-standard encryption at rest and in transit (TLS 1.2+). Passwords are hashed using bcrypt. We regularly review our security practices.

While we take reasonable steps to protect your information, no online system is 100% secure. If a data breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme.

6. Your rights

Under the Australian Privacy Principles you have the right to:

Access the personal information we hold about you
Correct information that is inaccurate, out of date or incomplete
Delete your account and have your personal data erased (subject to legal retention obligations)
Export a machine-readable copy of your data
Opt out of marketing communications at any time
Complain to the OAIC if you believe we have breached the APPs — oaic.gov.au

To exercise any of these rights, email privacy@rewardsuite.app. We respond within 30 days.

7. Cookies

We use essential cookies to keep you signed in, remember your preferences and protect against abuse. We do not use third-party advertising cookies. You can disable cookies in your browser — but some RewardSuite features may not work correctly without them.

8. Children's privacy

RewardSuite is intended for users aged 16 and over. If you are under 16 you may only use the service with the consent of a parent or guardian. Business Customer admins (operators running loyalty programs) must be at least 18. We do not knowingly collect personal information from children under 13.

9. Changes to this policy

We may update this Privacy Policy from time to time. We'll post any changes on this page with a new "Last updated" date. Material changes will be notified to you by email or in-app notice.

10. Contact us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact our Privacy Officer:

RewardSuite Privacy OfficerPrivacy enquiries: privacy@rewardsuite.appLegal & contracts: legal@rewardsuite.app