Privacy Policy

1. Introduction

Horsify Pty Ltd (ACN 693 058 383) ("we", "our", or "us") operates the website https://horsify.com.au (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

2.1 Personal Information You Provide

We may collect the following personal information when you use our Service:

• Name and contact details (email address, phone number)
• Account credentials (username and password, or social media authentication tokens)
• Payment and billing information (processed and stored by Stripe)
• Horse and rider information (names, registration numbers, competition history)
• Organisation and venue details for event organisers
• Communications and correspondence with us (email, SMS, support tickets)
• Verification codes for email and mobile phone verification
• Profile information when using Facebook Login

2.2 Information Collected Automatically

When you access our Service, we may automatically collect:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, time spent, links clicked, features used)
• Authentication cookies for session management
• JWT tokens stored in secure HTTP-only cookies
• Location data (with your consent) via Google Places API
• Session identifiers for security and fraud prevention

2.3 Information from Third-Party Sources

We aggregate publicly available event information from:

• Event organiser websites and calendars
• Public event listings and notices
• Equestrian association publications
• Other publicly accessible sources

We also receive information from third-party services:

• Facebook: Profile information (name, email) when you use Facebook Login
• Google: Location and address information via Google Places API
• Stripe: Payment processing status and transaction metadata

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and maintaining our Service
• Processing event registrations and payments via Stripe
• Sending verification emails and SMS codes via Azure Communication Services
• Sending notifications about events, registrations, and account updates
• Verifying your email address and mobile phone number
• Processing location searches and venue information via Google Places API
• Improving and personalizing your experience
• Communicating with you about our services
• Complying with legal obligations and regulatory requirements
• Detecting and preventing fraud or security issues
• Aggregating and analyzing usage patterns to improve the Service
• Storing documents and images in Azure Blob Storage for processing
• Authenticating users through Facebook Login

4. Disclosure of Your Information

We may share your information with:

4.1 Event Organisers

When you register for an event, we share your registration details with the relevant event organiser.

4.2 Service Providers

We work with third-party service providers who assist us with:

• Payment processing: Stripe (payment gateway and Stripe Connect)
• Email communications: Azure Communication Services
• SMS notifications: Azure Communication Services
• Cloud hosting and data storage: Microsoft Azure (including Azure SQL Database and Azure Blob Storage)
• Location services: Google Places API and Google Maps
• Authentication: Facebook Login (optional)
• Document processing: Azure Document Intelligence
• Analytics and performance monitoring: Azure Application Insights

4.3 International Data Transfers

Some of our service providers are located outside Australia, including in the United States (Stripe, Google, Facebook) and other countries where Microsoft Azure operates data centers. By using our Service, you consent to the transfer of your information to these countries, which may have different data protection laws than Australia.

4.4 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes or government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Respond to court orders or subpoenas

5. Data Security

We implement appropriate technical and organisational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit (HTTPS/TLS) and at rest (Azure Storage encryption)
• Secure storage of secrets in Azure Key Vault
• JWT-based authentication with secure HTTP-only cookies
• Regular security assessments and updates
• Access controls and role-based permissions
• Managed Identity authentication for Azure services
• Payment data security managed by Stripe (PCI-DSS Level 1 certified)
• Secure cloud infrastructure with Microsoft Azure

However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security. We are not liable for security breaches caused by third-party service providers.

6. Data Retention

We retain your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Account information: Retained while your account is active and for a reasonable period after closure
• Transaction records: Retained for at least 7 years for tax and financial compliance (as required by Australian law)
• Event registrations: Retained for historical records and organiser reference
• Communications logs: Retained for customer support and dispute resolution purposes
• Email verification tokens: Expired and deleted after 30 minutes
• SMS verification codes: Expired and deleted after 10 minutes
• Payment events: Retained indefinitely for audit and reconciliation purposes
• Anonymized analytics data: Retained indefinitely for service improvement

When your information is no longer needed, we will securely delete or anonymize it, unless retention is required by law.

7. Your Rights Under Australian Privacy Law

Under the Australian Privacy Principles, you have the right to:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal requirements and legitimate business needs)
• Complaint: Lodge a complaint about how we handle your personal information
• Opt-out: Unsubscribe from marketing communications at any time
• Data Portability: Request a copy of your data in a structured format (where technically feasible)

To exercise these rights, please contact us at privacy@horsify.com.au.

Account Deletion: You can request account deletion at any time by visiting https://horsify.com.au/removeacc or contacting us. Please note that some information may be retained for legal, tax, or legitimate business purposes as outlined in our data retention policy.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyse usage, and maintain session security. The specific cookies we use include:

• Essential Cookies: Authentication cookies containing JWT tokens (HTTP-only, secure) for maintaining your logged-in session
• Session Cookies: Temporary identifiers for fraud prevention and security
• Preference Cookies: Settings and preferences you configure (e.g., saved filters, postcode preferences)
• Analytics Cookies: Azure Application Insights for monitoring application performance and usage patterns

You can control cookies through your browser settings, but disabling essential cookies may affect your ability to use certain features of our Service, particularly authentication and session management.

Third-Party Cookies: When you use Facebook Login or interact with Google Maps, those services may set their own cookies subject to their respective privacy policies.

9. Third-Party Links

Our Service may contain links to third-party websites, including event organiser websites and external event sources. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

Third-Party Services We Use:

• Stripe: Stripe Privacy Policy
• Google: Google Privacy Policy
• Facebook: Facebook Privacy Policy
• Microsoft Azure: Microsoft Privacy Statement

10. Children's Privacy

Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will take steps to delete such information.

For users aged 13-18, parental or guardian consent may be required for certain activities, including event registrations and payment processing.

11. Specific Data Processing Activities

11.1 Payment Processing (Stripe)

When you make a payment, we use Stripe to process your payment information. Stripe collects and stores your payment card details, billing address, and transaction information. We receive only:

• Last 4 digits of your card number
• Card brand (Visa, Mastercard, etc.)
• Payment status and transaction ID
• Billing email address

Full payment card details are stored securely by Stripe and are never stored on our servers.

11.2 Email Communications (Azure Communication Services)

We use Azure Communication Services to send transactional emails, including:

• Email verification links
• Event registration confirmations
• Payment receipts
• Account notifications

Your email address and the content of these communications are processed by Microsoft Azure servers.

11.3 SMS Notifications (Azure Communication Services)

If you opt-in to SMS notifications or request mobile verification, we use Azure Communication Services to send text messages. Your phone number and message content are processed by Microsoft Azure and telecommunications carriers. Standard SMS rates may apply.

11.4 Location Services (Google Places API)

When you search for events or venues, we use Google Places API to:

• Geocode addresses to coordinates
• Provide address autocomplete suggestions
• Calculate distances between locations
• Display maps and venue locations

Your search queries and location data may be sent to Google servers subject to Google's Privacy Policy.

11.5 Facebook Login

If you choose to authenticate using Facebook Login, we receive from Facebook:

• Your name
• Your email address
• Your Facebook user ID
• Your profile picture (optional)

We do not access or store your Facebook password or other Facebook account information beyond what is necessary for authentication.

11.6 Document Storage (Azure Blob Storage)

Documents and images you upload (such as entry forms or verification documents) are stored in Azure Blob Storage. These files are:

• Encrypted at rest using Azure Storage encryption
• Accessed only by authorized personnel and automated processing systems
• Retained according to our data retention policy
• Stored in Australian or Asia-Pacific Azure data centers where possible

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

13. Complaints and Disputes

If you have a complaint about how we handle your personal information, please contact us first at privacy@horsify.com.au. We will investigate and respond to your complaint within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

• Company Name: Horsify Pty Ltd
• ACN: 693 058 383
• Email: privacy@horsify.com.au
• General inquiries: hello@horsify.com.au
• Website: https://horsify.com.au

The Horsify name and logo are subject to a pending trademark application.