Privacy Policy

1. Who We Are

2. What this Policy Covers (Collection Notices)

This Policy applies when you visit gowith.au, use the GoWith app, engage with our sales/marketing/events/support, or connect with others through GoWith.

Collection notices (APP 5): At or before collection (e.g., GPS, contacts, calendar, camera, microphone), we present a clear notice explaining what we collect, why, our lawful basis, and whether data may go overseas. You can decline and still use many features.

3. Information We Collect

3.1 Personal Information

• Contact: name, email, phone, date of birth
• Profile: photo, bio, interests, communities
• Account & auth: username, password or login token
• Location: precise GPS (if enabled) or approximate city/suburb
• Payments: billing & transactions (processed by Stripe — we don't store full card numbers)
• Activities: items you browse, create, save, or join
• Communications: messages, images, voice notes
• Device/technical: device ID, IP, OS, app performance, crash logs
• Calendar/contacts: only with your permission to plan/share events

You can browse most activities without an account. Joining/hosting/messaging requires registration.

3.2 Sensitive Information (Only with Express Consent)

We don't require sensitive information. If you choose to share it (e.g., wellness/affinity groups; health indicators you provide for suitable activity intensity), we will request explicit consent and use it only for the purpose you agreed. You can withdraw consent anytime in settings or via ben@gowith.au. Withdrawing may limit personalisation.

3.3 Automatically Collected

Logs/usage (pages, features, timestamps, IP), device data (model, OS, network), cookies/analytics (preferences, performance). Often aggregated; may link to your account for security/support.

3.4 From Third Parties

If you sign in with Google, Apple, or Meta, we receive your name, email, profile photo, and a linked ID to create/link your account. You can disconnect anytime.

4. How We Use Your Information (and Lawful Bases)

• Create/manage your account and keep you signed in securely
• Help you find, join, and organise activities
• Connect you with others (RSVPs/messages)
• Personalise recommendations
• Process payments & maintain lawful records
• Send updates & notifications (marketing only if you opt in)
• Improve GoWith and fix bugs
• Prevent fraud/misuse and enforce our Terms
• Comply with legal obligations

No sale of personal data. We never sell your personal information.

5. When We Share Your Information

We share only to run GoWith, for safety, or when you choose.

• Service providers (processors): Hosting/storage (AWS, Google Cloud/Firebase), payments (Stripe), communications (Mailchimp/push), analytics (Google Analytics, Firebase, Meta Pixel)
• Other users: Name/photo and info you choose to display may be visible in events you join/host
• Your integrations: If you link social accounts or share to contacts, data flows by your choice and the platform's policy
• Legal/safety: If required by law or to protect people, property, or rights
• Business transfers: If we merge/acquire/restructure, with notice where required
• Aggregated data: Anonymised trends that cannot identify you

We do not sell personal data, share sensitive data without express consent, or permit third parties to use your data for their own marketing.

5.1 Visibility & Controls

Public/off-platform caveat: Content you choose to share publicly may be viewable off-platform (e.g., link sharing or search indexing). Think before you post; you control visibility in settings.

6. Cookies, Analytics & Consent

We use cookies/pixels to keep you logged in, remember preferences, measure usage, fix bugs, and (with permission) personalise content.

Tools: Google Analytics, Firebase Analytics, Meta Pixel.

Your control: Manage/disable cookies in your browser/device; manage analytics/marketing in-app. Essential cookies (security/core features) may be required.

EU/UK only: We use a cookie consent banner; non-essential cookies (analytics/marketing) load only after you opt in. You can change or withdraw consent anytime from the banner link or in-app.

7. Social Logins

If you use Google, Apple, or Meta to sign in, we receive the info you permit (name, email, profile photo, linked ID) to set up your account. We don't post on your behalf. You can disconnect in settings.

8. How Long We Keep Your Information

We keep your information only as long as needed to provide services or meet legal obligations. When your account is deleted or inactive, we delete or anonymise data unless limited retention is required (e.g., legal/tax, disputes, safety). Residual copies may remain briefly in secure backups before purge. You can delete your account anytime via the app or ben@gowith.au.

9. How We Keep Your Information Safe

• Encryption in transit (TLS) and at rest
• AWS Sydney and Google Cloud with continuous monitoring
• Role-based access for authorised staff only
• Optional two-factor authentication (2FA)
• Regular security reviews and controls

No system is 100% secure. Use strong passwords, enable 2FA, and avoid public Wi-Fi for sensitive actions.

9.1 Breach Notifications (APPs & GDPR)

If a breach is likely to cause serious harm, we will notify affected users and the OAIC as soon as practicable. For GDPR users, we notify the authority within 72 hours and inform you without undue delay where required. Our notice will explain what happened, what data may be affected, steps we've taken, recommended steps you can take, and how to get help.

10. Overseas Disclosure & Our Responsibility

Some providers process/store data outside Australia (e.g., US, Singapore, EU). We apply protections equivalent to Australian law (APP 8), use GDPR-compliant safeguards (e.g., SCCs), and ensure providers use data only for contracted purposes. GoWith remains responsible for personal information disclosed overseas to the extent required by law.

11. Children and Age Restrictions

GoWith is for 18+ only. We do not knowingly collect or market to children. If we learn we collected data from someone under 18, we'll deactivate and delete it promptly. Report concerns to ben@gowith.au.

12. Your Rights and Privacy Choices

• Access/correct your data in settings
• Download your data (portability)
• Delete your account/data (subject to legal holds)
• Withdraw consent (e.g., sensitive data, marketing)
• Manage marketing: opt in/out of email, SMS, push at any time

Do Not Track: Browser DNT signals aren't standardised; we'll update this if that changes.

12.1 GDPR (EU/EEA/UK) Users

You may object to processing based on legitimate interests, restrict processing in certain cases, and lodge a complaint with your local data protection authority. If you exercise these rights, we'll explain outcomes and choices clearly.

12.2 Automated Decision-Making & Profiling

We use lightweight personalisation (e.g., ranking activities) and do not make decisions with legal or similarly significant effects. You can opt out in settings; recommendations will be more general.

Verification & authorised agents: We may ask you to sign in or provide limited additional information to verify identity. Where permitted (e.g., California), you may submit a request via an authorised agent; we may require proof of authorisation and/or ask you to verify directly.

13. Changes to This Privacy Policy

If we make material changes, we'll provide 14 days' notice (website/app notice or email). The "Last updated" date shows when the latest version takes effect. By continuing to use GoWith after changes, you agree to the updated policy.

Change history: v1.1 (2025-10-24) – privacy summary, controls matrix, cookie consent banner (EU/UK), breach notice detail, APP 8 responsibility, GDPR lawful-basis table, profiling opt-out; v1.0 (2025-10-21) – initial publication.

14. California Residents (CCPA/CPRA) — when applicable

If/when GoWith serves California residents: We do not sell personal information; we do not share personal information for cross-context behavioural advertising without an opt-out; you have rights to know/access, correct, delete, limit sensitive PI, and opt out of sale/sharing; we will provide a "Do Not Sell or Share My Personal Information" link and a CPRA notice at collection; no discrimination for exercising rights. Contact ben@gowith.au.