Legal

Privacy
Policy.

Last updated: 1 February 2026

local. ("we", "us", "our") is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what data we collect, how we use it, and your rights.

1. What data we collect

Business account holders:

Name, email address, business name, and location
Billing information (processed securely via our payment provider — we never store raw card details)
POS integration credentials (encrypted, never readable by our staff)
Usage data — how you interact with the dashboard

End customers (loyalty card holders):

Name and email or mobile number (provided when they join a loyalty programme)
Visit and stamp history for each business they're enrolled with
Apple/Google Wallet pass identifiers

2. How we use your data

To provide and improve the local. platform
To process payments and manage subscriptions
To send transactional emails (account setup, billing receipts, plan changes)
To support you when you contact us
To send product updates — you can unsubscribe at any time

We do not sell your data to third parties. We do not use your data for advertising purposes.

3. How we share your data

We share data only where necessary to provide the service:

Payment processors — Stripe (PCI-DSS compliant) for billing
Apple and Google — to deliver and update Wallet passes
POS providers — only the data you've authorised during your integration setup
Cloud infrastructure — AWS (Sydney region) for hosting and storage

All third parties are bound by data processing agreements and may not use your data for their own purposes.

4. Data storage and security

All data is stored in Australia (AWS ap-southeast-2, Sydney). We use AES-256 encryption at rest and TLS 1.3 in transit. Access to production systems is restricted to authorised personnel only and is logged.

We will notify you within 72 hours of becoming aware of any data breach that is likely to result in serious harm, as required under the Notifiable Data Breaches scheme.

5. Data retention

We retain your account data for as long as you have an active subscription. If you cancel or your account is terminated, we retain data for 30 days then delete it, unless we're required to retain it by law (e.g. financial records are kept for 7 years under Australian tax law).

6. Your rights

Under the Australian Privacy Principles, you have the right to:

Access the personal information we hold about you
Request correction of inaccurate information
Request deletion of your data (subject to legal retention requirements)
Complain about how we've handled your information

To exercise any of these rights, contact us at privacy@local.com.au.

7. Cookies

Our website uses essential cookies only — for session management and security. We do not use tracking or advertising cookies. You can disable cookies in your browser settings, though some parts of the site may not function correctly.

8. Contact

For privacy-related enquiries, contact our Privacy Officer at privacy@local.com.au. If you're not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

PrivacyPolicy.