PRIVACY POLICY.

01About this policy

MateSync ("we", "us", "our") is operated as an Australian project by its founder. This Privacy Policy explains how we collect, use, store, and disclose your personal information.

We aim to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), even where we may be technically exempt as a small business, because we think it's the right thing to do and we want to be ready for upcoming reforms.

This policy applies to:

• Visitors to matesync.au
• People who join the MateSync waitlist or contact us by email
• Future users of the MateSync mobile application (when launched)

02What we collect

If you join the waitlist

• Your email address
• The page or section you signed up from (e.g. the hero form vs the bottom CTA) — we use this to understand which messaging works best
• The date and time of your signup
• Basic technical information automatically captured by our hosting provider (your IP address and user-agent string), used only for spam prevention and aggregate analytics

If you email us

• Your email address and any information you choose to include in the message

When the app launches, we will also collect:

• Account information: your name (as you choose to display it), phone number or email address used to sign in, and a profile photo or avatar if you upload one
• Roster information: the shift pattern you enter, including roster type (e.g. 8/6, 2/1, custom), your last fly-out date, employer or location names if you choose to add them, and your timezone
• Connections: the mates you invite or accept invites from, the labels you give them (e.g. "the boys", "family"), and any group structures you create
• Device information: the type of device, operating system version, and app version, used for compatibility and crash reporting
• Usage data: aggregated and anonymised information about which features you use, to help us improve the app
• Push notification tokens: if you enable notifications, so we can send you alerts about overlaps and roster changes

What we don't collect

We don't collect, and have no plans to collect:

• Your precise location (GPS)
• Your contacts list (you'll always pick mates manually)
• Your photos, files, or other content from your phone
• Sensitive information as defined in the Privacy Act (such as health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or biometric data)
• Financial information directly — payments will be handled by Apple, Google, or our subscription provider, who handle their own privacy obligations

03How we use it

We only use your personal information for the purposes you'd reasonably expect:

• Waitlist communications: to email you when MateSync is ready to launch, to send launch updates, and to provide your free Pro access if you're in the first 100 signups
• Running the app: calculating who's home and away, finding overlap windows, syncing roster updates between connected mates, sending notifications you've opted into
• Improving the product: understanding which features people use, fixing bugs, and identifying issues with specific devices or roster types
• Customer support: responding to your questions and issues
• Legal obligations: if we're required to keep records or respond to lawful requests from authorities

We will not use your information for any purpose unrelated to the above without telling you and (where required) getting your consent.

We don't use automated decision-making that significantly affects you. The app does compute things automatically (e.g. when your next overlap is) but these are calculations you've explicitly asked for, not decisions affecting your rights or interests.

04Who we share it with

We don't sell your personal information to anyone. Ever.

We share limited information with the following service providers, only to the extent needed for them to provide their service to us:

• Netlify (hosting and waitlist forms) — hosts this website and stores waitlist signups. Data is held on servers in the United States. Netlify is contractually bound to confidentiality and security obligations. Netlify privacy policy.
• Supabase (when the app launches) — will host the app's database and handle authentication. Data will be stored in Supabase's Sydney (ap-southeast-2) region where possible. Supabase privacy policy.
• Apple and Google — when you download the app from the App Store or Google Play, those platforms collect their own information under their own privacy policies.
• Email providers — if we use a service like Mailchimp, Buttondown, or Resend to send waitlist emails, your email address will be shared with that provider for that purpose only.

We will share information with your connected mates only as you direct. Specifically:

• When you accept a connection with a mate, your roster on/off pattern (whether you're home or away on each date) becomes visible to them, and theirs to you
• You can disconnect at any time, and historical visibility ends immediately
• Employer names, location names, and roster nicknames are only shared if you choose to make them visible

We may disclose your personal information without your consent if required by Australian law — for example, in response to a subpoena, court order, or lawful request from a regulator.

05Overseas storage

Some of our service providers store data outside Australia. As of the date of this policy:

• Netlify stores website and form data in the United States
• Supabase will store app data in Australia (Sydney region) where possible, but may transit through other regions for backup or processing
• Email service providers may be based in the US, EU, or other jurisdictions

Where personal information is sent overseas, we take reasonable steps to ensure recipients handle it consistently with the Australian Privacy Principles. By using MateSync or joining the waitlist, you consent to your information being stored and processed overseas as described.

06Security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These steps include:

• HTTPS encryption for all data in transit
• Encryption at rest for stored data (provided by Netlify and Supabase)
• Role-based access controls and row-level security on the database
• Strong authentication for our admin tools
• Regular updates to dependencies and infrastructure to patch known vulnerabilities
• Minimal data collection — we don't collect what we don't need

No system is 100% secure. If you become aware of any security issue, please contact us immediately at hello@matesync.au.

07How long we keep it

We keep personal information only as long as we need it for the purposes described in this policy, or as required by law.

• Waitlist emails: kept until you unsubscribe, or until 6 months after MateSync launches (whichever is sooner) if you don't sign up for the app
• Active app accounts: kept while your account is active
• Deleted accounts: personal information is deleted within 30 days of account deletion. Anonymised, aggregated data may be retained for analytics
• Email correspondence: kept for up to 2 years after the last contact for support continuity, then deleted

08Your rights

Under the Privacy Act and the APPs, you have the right to:

• Access the personal information we hold about you
• Correct any information that is inaccurate, out of date, or incomplete
• Delete your personal information (subject to any legal obligation we have to keep it)
• Withdraw consent for marketing communications at any time, by clicking unsubscribe or emailing us
• Lodge a complaint with us about how we handle your information, or escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, email us at hello@matesync.au. We'll respond within a reasonable timeframe (always within 30 days). There is no charge for these requests.

We may need to verify your identity before acting on your request, especially for access or deletion requests, to make sure we're not handing over information to the wrong person.

09Cookies & analytics

This website uses minimal cookies and tracking. Specifically:

• Essential cookies: required for the site to work (e.g. preventing form submission spam)
• Analytics: if we add analytics in future, we will use a privacy-friendly service such as Plausible Analytics, which doesn't use cookies and doesn't track you across sites

We do not use Google Analytics, Facebook Pixel, or other tracking pixels at this time. If we add any in future, we will update this policy and (where required) obtain your consent.

10Children

MateSync is not directed at children under 16. We don't knowingly collect personal information from children under 16. The OAIC is currently developing a Children's Online Privacy Code which is expected to take effect in late 2026; we will update this policy and our practices to comply when it does.

If you're a parent or guardian and believe your child has signed up to our waitlist or used the app, please contact us at hello@matesync.au and we will delete their information promptly.

11Data breaches

If a data breach occurs that is likely to result in serious harm to you, we will:

• Notify you as soon as practicable
• Notify the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme
• Tell you what happened, what information was involved, and what steps you should take to protect yourself
• Take immediate action to contain the breach and prevent further harm

12Policy changes

We may update this policy from time to time. When we do, we'll update the "last updated" date at the top of this page. For significant changes (such as how we collect or share your information), we'll let you know by email or via a prominent notice on the website or app.

By continuing to use MateSync after a policy change, you accept the updated policy. If you don't agree, you can stop using the service and request deletion of your data.

13Contact us

For any privacy questions, requests, or complaints:

Email: hello@matesync.au
Subject line: "Privacy"
Response time: we aim to acknowledge within 5 business days and respond fully within 30 days

If you're not satisfied with our response, you can contact the Office of the Australian Information Commissioner:

Website: oaic.gov.au
Phone: 1300 363 992