Privacy Policy

1. Introduction

Tasman Star Distribution ("we", "us", "our") operates the website tasmanstarseafoodmarket.com.au, located at 12 Barnett Place, Molendinar, QLD 4214.

We are committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, hold, use, and disclose your personal information.

2. Information We Collect

We may collect the following types of personal information:

• Identity information: full name, email address, phone number
• Account information: login credentials (email and hashed password), Google OAuth profile data
• Delivery information: street address, suburb, state, postcode
• Payment information: processed securely through Stripe — we do not store your credit card details on our servers
• Order information: products ordered, order history, order value
• Wholesale application data: business name, ABN/ACN, business type, trade references
• Communication data: emails, SMS messages, and push notifications you receive from us
• Technical data: IP address, browser type, device information, and cookies for website functionality
• Newsletter subscription: email address for marketing communications

3. How We Collect Information

We collect personal information through:

• Account registration on our website
• Placing an order (online or in-store)
• Wholesale account applications
• Newsletter sign-up forms
• Contacting us via email, phone, or social media
• Google OAuth sign-in (with your consent)
• Web push notification subscriptions
• Cookies and similar technologies when you browse our website

4. Why We Collect Your Information

We use your personal information to:

• Process and fulfil your orders, including delivery
• Manage your account and provide customer support
• Process payments securely via Stripe
• Assess and manage wholesale applications
• Send order confirmations, shipping updates, and receipts via email and SMS
• Send promotional offers and newsletters (with your consent)
• Send push notifications about deals and order updates (with your consent)
• Improve our website, products, and services
• Comply with legal obligations and resolve disputes
• Detect and prevent fraud

5. Third-Party Disclosure

We do not sell, trade, or rent your personal information. We may share your information with the following trusted third-party service providers who assist us in operating our business:

• Stripe (United States) — payment processing
• Resend (United States) — transactional and marketing emails
• Twilio (United States) — SMS notifications
• Amazon Web Services (AWS) — image and file storage (S3)
• PostHog (United States) — anonymised website analytics
• Vercel (United States) — website hosting
• Neon — database hosting
• Google — OAuth authentication (if you choose to sign in with Google)

These providers are bound by their own privacy policies and data protection obligations. Where your data is transferred overseas (including to the United States), we take reasonable steps to ensure it is protected in accordance with the APPs.

6. Cross-Border Disclosure

Some of our third-party service providers are located in the United States. By using our services, you consent to the transfer of your personal information to these overseas recipients. We take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the APPs (APP 8).

7. Cookies and Tracking

Our website uses cookies and similar technologies to:

• Maintain your login session
• Remember your shopping cart
• Store your theme preference (light/dark mode)
• Analyse website usage and improve performance

You can control cookies through your browser settings. Disabling cookies may affect the functionality of our website, including your ability to place orders.

8. Analytics

We use PostHog to collect anonymised usage data that helps us understand how visitors interact with our website and improve your experience. PostHog may collect the following information:

• Page views and navigation paths
• Click events and feature usage
• Browser type, device type, and screen size
• Approximate geographic location (derived from IP address, which is not stored)

Analytics data is stored on PostHog Cloud in the United States. This data is anonymised and cannot be used to personally identify you. If your browser sends a Do Not Track signal, PostHog will respect that preference and will not collect analytics data from your session.

9. Data Security

We take reasonable steps to protect your personal information from:

• Unauthorised access, modification, or disclosure
• Misuse, interference, and loss

Our security measures include:

• Encrypted HTTPS connections across the entire website
• Hashed and salted passwords (we never store plaintext passwords)
• Stripe PCI-DSS compliant payment processing — card details never touch our servers
• Content Security Policy (CSP) headers
• Rate limiting on API endpoints to prevent abuse
• CSRF protection on all form submissions
• Role-based access control for administrative functions

10. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

• Account data: retained while your account is active, and for a reasonable period after deletion request
• Order records: retained for 7 years in accordance with Australian tax law requirements
• Newsletter subscriptions: retained until you unsubscribe
• Abandoned orders: automatically cleaned up after a reasonable period

11. Your Rights Under the Privacy Act

Under the Australian Privacy Principles, you have the right to:

• Access — request a copy of the personal information we hold about you (APP 12)
• Correction — request correction of inaccurate, out-of-date, or incomplete information (APP 13)
• Opt out — unsubscribe from marketing communications at any time using the unsubscribe link in our emails or by contacting us
• Complain — lodge a complaint if you believe we have breached your privacy

To exercise any of these rights, please contact us using the details in Section 15 below. We will respond to your request within 30 days.

12. Notification Preferences

We send the following types of notifications:

• Transactional notifications (order confirmations, dispatch updates, delivery updates) — these are essential to fulfilling your order and cannot be opted out of.
• Promotional emails — special offers, new products, and seasonal promotions. You can unsubscribe at any time using the unsubscribe link included in every promotional email.
• SMS notifications — promotional messages sent to your mobile number. You can opt out by replying STOP to any promotional SMS, or by updating your preferences in your account settings.
• Push notifications — browser-based notifications about deals and updates. You can disable these through your browser settings or your account notification preferences.

You can manage your notification preferences at any time from the Account Settings page on our website. All promotional communications comply with the Spam Act 2003 (Cth) and include a clear mechanism to unsubscribe.

13. Direct Marketing

We may use your personal information to send you marketing communications about our products, special offers, and events. We will only do so where:

• You have provided your consent (e.g., by subscribing to our newsletter)
• You would reasonably expect to receive such communications based on your relationship with us

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails, replying STOP to our SMS messages, or contacting us directly. We comply with the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

14. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete such information.

15. Contact Us

If you have any questions about this Privacy Policy, wish to make a complaint, or want to exercise your rights, please contact us:

16. Complaints to the OAIC

If you are not satisfied with our response to your privacy complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.