Privacy Policy

1. About This Policy

This privacy policy explains how Reco collects, holds, uses, and discloses your personal information. We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Privacy and Personal Information Protection Act 1998 (NSW) (PPIPA).

This policy applies to all personal information collected through the Reco platform, our website, and any related services.

2. Who We Are

Reco is operated by:

[Company legal name] (ABN [number])
[Registered address]
New South Wales, Australia

For any privacy queries, contact us at info@reco.tips.

3. What Personal Information We Collect

Depending on how you use Reco, we may collect the following kinds of personal information:

Account Registration

Name and email address — to create and manage your account
Password — for authentication (securely hashed, never stored in plain text)
Phone number (optional) — for SMS verification and referral contact
Location (town, city, postcode, state) — for location-based service matching
Date of birth (month and year only) — for age verification (18+)
Language and timezone preferences — to personalise your experience

Referral Data

Referrer and referee names, email addresses, and (optionally) phone numbers — to process and track referrals
IP addresses — for fraud prevention and audit purposes
Consent records with timestamps — to demonstrate lawful collection

Provider / Organisation Data

Contact name, email, phone, and business address — for account administration and service display
Payment information — processed securely by Stripe (we do not store card details)

4. Information We Do Not Collect

We do not collect:

Full date of birth (only month and year)
Tax file numbers or government ID numbers
Financial account details (handled entirely by Stripe)
Health, biometric, or genetic information
Sensitive information such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, sexual orientation, or criminal record — unless you voluntarily provide it and consent to its collection

5. How We Use Your Information

We collect and use your personal information only for purposes that are reasonably necessary for our functions and activities, or as otherwise permitted under the APPs. These purposes include:

Providing and managing your Reco account and the referral platform
Processing referrals, verifying identities, and managing rewards
Communicating with you about your account, referrals, and platform updates
Fraud prevention, security monitoring, and enforcing our terms of service
Improving and developing our platform and services
Complying with Australian laws and regulations, including tax and record-keeping obligations

We may use your personal information for direct marketing purposes (such as email newsletters) where you have consented or where it is reasonably expected. You can opt out of marketing communications at any time by using the unsubscribe link in our emails or updating your account settings.

6. How Referral Data Works

When someone refers a friend through Reco:

The referrer provides the referee's name and contact details.
The referee is promptly notified and given the opportunity to verify the referral or opt out.
If the referee opts out, their personal information is deleted and no further contact is made.
Referee information is only disclosed to the provider once the referee has verified the referral.

We may disclose your personal information to the following third-party service providers who assist us in operating the platform:

Google Cloud / Firebase — Cloud infrastructure, authentication, database, and file storage. Firebase may collect device identifiers, IP addresses, and app usage data to provide and improve its services. For more information, see Google's privacy policy.
Stripe — Payment processing and subscription management
Twilio — SMS verification codes and referral notifications
Google Maps Platform — Address lookup and location services

We never sell your personal information to third parties. We only disclose personal information to third parties where it is reasonably necessary for the purposes described in this policy, or where required or authorised by law.

We do not use Google Analytics or any third-party analytics or advertising tracking tools. We do not collect data for the purpose of serving targeted advertisements.

8. Overseas Disclosure

Some of our service providers are located overseas, including in the United States. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles your information in a manner consistent with the APPs. Where we cannot ensure this, we will seek your consent or only disclose where otherwise permitted under APP 8.

9. How Long We Keep Your Information

We retain your personal information only for as long as reasonably necessary for the purposes for which it was collected:

Active accounts — for the duration of your account plus 30 days after a deletion request
Referral records — for the duration of the business relationship
Billing records — as required by Australian tax law (generally 5 years)
Opt-out records — indefinitely, to continue honouring your preference
Verification codes — 24 hours (automatically deleted)

10. Your Rights

Under the Privacy Act 1988 and the APPs, you have the right to:

Access — Request access to the personal information we hold about you. We will respond within 30 days.
Correction — Request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading. You can also update most information directly in your account settings.
Anonymity — Where practicable, you have the option of not identifying yourself or using a pseudonym when dealing with us. However, this may limit the services we can provide.
Opt out of marketing — Unsubscribe from direct marketing communications at any time.
Deletion — Request deletion of your account and personal information, subject to any legal obligations we may have to retain certain records.

To exercise any of these rights, email us at info@reco.tips. We will respond within 30 days. There is no charge for making a request or for us to correct your personal information.

11. How to Request Data Deletion

You have the right to request the deletion of all personal data we hold about you. You can do this in two ways:

Delete via the App

You can delete your account directly from your account settings within the Reco app. This will initiate the deletion process immediately.

Delete via Email

Send an email to info@reco.tips with the subject line "Data Deletion Request". Please include the email address associated with your Reco account so we can locate your records.

What Happens Next

We will verify your identity to protect against unauthorised deletion requests.
Once verified, we will delete your personal data within 30 days.
You will receive a confirmation email once the deletion is complete.

What Gets Deleted

Your account profile and login credentials
Your referral history and associated records
Your preferences, settings, and saved data
Any content you have submitted to the platform

What May Be Retained

In limited circumstances, we may retain certain data after your deletion request where required by law:

Billing and transaction records — retained for up to 5 years as required by Australian tax law
Fraud prevention logs — retained where necessary to protect the integrity of the platform
Opt-out records — retained to ensure we continue to honour your communication preferences

Any retained data is kept only for the minimum period required and is not used for any other purpose.

12. Cookies

We only use strictly necessary cookies for the service to function (such as authentication and UI preferences). We do not use analytics, advertising, or cross-site tracking cookies. For more details, see our Cookie Policy.

Firebase Authentication may set its own cookies and local storage tokens to manage user sessions. These are strictly necessary for the authentication service to function and are not used for tracking or advertising purposes.

13. Children

Reco is intended for users aged 18 and over. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided personal information, the account will be deleted.

14. How We Protect Your Information

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure:

All data is encrypted in transit (HTTPS/TLS) and at rest
Authentication managed by Firebase with industry-standard password hashing
Multi-factor authentication required for admin access
Role-based access control across the platform
All admin actions are logged for audit purposes

15. Changes to This Policy

We may update this privacy policy from time to time. When we do, we will update the "last updated" date at the top of this page. We encourage you to review this policy periodically.

16. Complaints

If you believe we have breached your privacy or mishandled your personal information, you can lodge a complaint by emailing us at info@reco.tips. We will investigate and respond within 30 days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

For matters relating to NSW public sector privacy obligations, you can also contact the NSW Information and Privacy Commission (IPC).

17. Contact Us

If you have any questions about this privacy policy or how we handle your personal information, contact us at info@reco.tips.