onthebell

Your privacy matters to us. This Privacy Policy explains how onthebell collects, uses, stores, and discloses personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Who We Are

onthebell is a platform operated for residents of the Bellarine Peninsula, Victoria, Australia. Our primary contact for privacy matters is privacy@onthebell.com.au.

2. Information We Collect

We collect personal information only where necessary to operate the platform:

Account information: name, email address, and password (stored as a secure hash) when you register.
Profile information: optional profile photo, suburb, and bio that you choose to share, as well as your profile visibility setting (public, postcode, suburb, street, or private).
Household & address data: a Bellarine Peninsula address submitted for household registration, any supporting verification documents you upload, and a geohash derived from your address for location-based features.
Payment information: subscription payments are processed by Stripe. We do not store full card details on our servers; we receive only a Stripe customer ID, subscription status, and tier. Household subscriptions may share a billing account across household members.
User-generated content: posts, marketplace listings, job ads, events, deals, group messages, and other content you create on the platform. Posts and comments in encrypted private groups are stored using AES-256 encryption.
Identity and badges: we store account access role (user/mod/admin), residency verification status (tourist/unverified resident/verified resident), and paid membership status. Verified Resident badges and optional Supporter badges are shown using these separate fields.
Marketplace data: offers you make or receive (including amounts and messages), buyer-seller chat messages, listing favourites, and bumping activity.
Job application data: when you apply for a job listing, we store your resume, cover letter, and application status. Resumes may be uploaded as files to Firebase Storage.
Social interactions: follows, RSVPs, event and deal bookmarks, deal claims, referral codes and referral tracking data, and feedback submissions you make within the platform.
Alert preferences: marketplace and job alert settings including preferred suburbs, categories, and notification frequency.
Location data: when you create events, register a business, or verify a household, addresses are geocoded to latitude/longitude coordinates using the Nominatim geocoding service (operated by OpenStreetMap) to enable map views and location-based features.
Business analytics: if you view or interact with a business listing, we record aggregate analytics such as page views, phone number clicks, email clicks, website clicks, and direction requests to help business owners understand their reach.
Advertising data: ad impressions and clicks are tracked per session to calculate billing for advertisers. We record which ads were displayed and whether they were clicked.
Device & usage data: browser type, IP address, pages visited, and feature interactions, collected via server logs and analytics tools.
Push notification tokens: device tokens stored to deliver in-app and push notifications if you opt in.

3. How We Use Your Information

We use collected information to:

Create and maintain your account and provide platform features.
Verify your Bellarine Peninsula address and household status.
Process payments, manage your subscription tier, and handle household subscription sharing.
Send transactional and service-related notifications (including push notifications).
Deliver marketplace and job listing alerts based on your preferences.
Moderate content using automated AI tools and manual review to enforce our Terms of Service.
Manage your social connections, event RSVPs, bookmarks, referrals, and deal claims.
Facilitate marketplace offers and buyer-seller messaging between members.
Provide business analytics dashboards to business owners.
Calculate and bill advertising based on impressions and clicks.
Confirm giveaway eligibility and administer giveaway entries.
Display location-based features such as event maps and business directories.
Improve platform performance, diagnose issues, and develop new features.
Comply with legal obligations under Australian law.

We will never sell or rent your personal information to third parties.

4. Verification Document Deletion

When you submit supporting documentation to verify a Bellarine address, those documents are stored only for as long as the review is in progress. Once your household is approved or rejected, documents are permanently and automatically deleted from our storage. We retain only a verification status flag (verified / rejected) against your account.

5. Cookies & Tracking

We use the following technologies to improve your experience:

Essential cookies: required for authentication and session management.
Analytics: we may use privacy-respecting analytics tools to understand aggregate usage patterns. No individual browsing profiles are sold to advertisers.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in.

6. AI Content Moderation

We use automated AI tools to review user-generated content (posts, listing descriptions, event details, comments, and similar text) for compliance with our community standards. This processing is performed to detect potentially harmful, offensive, or spam content. No personal identification data is sent to the AI provider beyond the text being reviewed. Flagged content may be escalated to human moderators for a final decision.

7. Disclosure of Your Information

We share personal information only in the following limited circumstances:

Service providers: trusted third-party providers operate under strict data processing agreements. These include Firebase / Google Cloud (hosting, database, authentication, and storage), Stripe (payment processing), Sentry (error monitoring), Vercel (hosting, analytics, and speed insights), and Nominatim / OpenStreetMap (address geocoding for map features).
Legal requirements: we may disclose information if required by law, court order, or government authority.
Safety: we may disclose information where we believe it is necessary to prevent imminent harm or illegal activity.

8. Marketplace Messaging Encryption

Marketplace buyer-seller messages are encrypted at rest using AES-256-GCM, with keys derived from the associated listing identifier. This helps protect private conversation content while still allowing operational moderation workflows where required under our Terms.

9. Encrypted Private Groups

Premium members can create encrypted private groups. Posts and comments within these groups are encrypted using AES-256-GCM before being stored. The encryption key is generated client-side and stored alongside the group record. Only group members with access to the key can decrypt the content. onthebell cannot read encrypted group content at rest.

10. Household Data Sharing

Household membership links account-level access to shared household features. Where household subscriptions are active, billing tier and eligibility outcomes may be shared across verified members of that household.

11. Administrator Access

Platform administrators may, in the course of investigating reports, enforcing community standards, or providing support, access user accounts via an impersonation feature. All impersonation sessions are recorded in an immutable audit log that captures the administrator, the target account, and a timestamp. Administrators are bound by internal data-handling policies and may only exercise this capability for legitimate operational purposes.

12. Data Storage & Security

Your data is stored on Google Cloud infrastructure based primarily in Australia. We apply industry-standard security measures including encrypted data transmission (TLS), access controls, and regular security reviews. No system is completely secure and we cannot guarantee absolute security.

13. Data Retention

We keep your personal information for as long as your account is active or as required to provide services. Expired marketplace listings, job postings, verification requests, and ad campaigns are automatically cleaned up by scheduled processes. When you delete your account, your personal profile is removed and your public content is anonymised or deleted within 30 days, subject to any legal retention obligations. Immutable audit logs of administrator actions are retained separately for accountability purposes.

14. Your Rights Under Australian Privacy Law

Under the Australian Privacy Principles you have the right to:

Access the personal information we hold about you.
Request correction of inaccurate or incomplete information.
Opt out of direct marketing communications at any time.
Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have mishandled your data.

To exercise any of these rights, contact us at privacy@onthebell.com.au. We will respond within 30 days.

15. Children's Privacy

onthebell is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a minor has registered, please contact us and we will promptly delete the account.

16. Third-Party Links

The platform may contain links to third-party websites or services. This Privacy Policy does not apply to those sites. We encourage you to review their privacy practices before providing any personal information.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you via email and in-app notification of material changes at least 14 days before they take effect. Your continued use of the platform after the effective date constitutes acceptance of the revised Policy.

18. Contact Us

Privacy questions or concerns? privacy@onthebell.com.au

For general support: support@onthebell.com.au