What we collect, what we share, and what we don’t
Written for the Privacy Act 1988(Cth) and the Australian Privacy Principles. We don’t sell data, we don’t store card numbers, and we publish every sub-processor by name.
VoucherGrid (“we”, “us”, “our”) operates the platform at vouchergrid.com. This policy explains how we collect, use, disclose, and protect your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
§1 · Information we collect
Account information
When you register, we collect your name, email address, business name, ABN, and phone number. If you connect a Stripe account, Stripe shares limited account details (account ID, business name) with us to enable payment processing.
Voucher and transaction data
We store voucher details (amounts, recipients, redemption history) and transaction metadata (dates, statuses) on your behalf. Credit card numbers are processed and stored exclusively by Stripe - they never touch our servers.
Purchaser location data
When customers purchase vouchers from your online store, we use Cloudflare geo headers (country, region, city derived from the purchaser’s IP address) to provide geographic analytics on your dashboard. No IP addresses are stored - only the derived location data is retained.
Usage data
We collect product analytics (pages visited, feature usage, device type, browser) using PostHog to improve the platform. Session replay is enabled only with your explicit cookie consent. We do not sell usage data to third parties.
We also use Vercel Analytics to collect anonymous, aggregated web performance data (page load times, web vitals). This service is cookie-free and does not collect personal information or track individual users. It operates as strictly necessary performance monitoring and does not require consent.
§2 · How we use your information
- To provide and maintain the VoucherGrid service
- To process transactions and deliver vouchers on your behalf
- To communicate with you about your account (billing, security, support)
- To generate accounting and analytics reports you request
- To provide geographic purchase analytics on your dashboard
- To improve the platform based on aggregated, de-identified usage patterns
§3 · Sharing your information
We share personal information only:
- With Stripe- to process payments. Stripe’s privacy policy applies to data they hold.
- With email providers - to deliver voucher emails on your behalf (e.g. Resend). Only recipient names and email addresses are shared for delivery purposes.
- With PostHog - to collect product analytics. PostHog processes usage data on our behalf.
- With Sentry - to monitor errors and application performance.
- With accounting providers - when you enable an accounting integration (Xero, QuickBooks), we share financial transaction data (voucher amounts, dates, and reference codes) to create journal entries in your accounting system.
- With Cloudflare - for file storage (R2) and bot protection (Turnstile). Cloudflare processes user interaction data for bot detection and stores uploaded files on our behalf.
- When required by law - to comply with legal obligations, court orders, or regulatory requests.
We do not sell or rent personal information to third parties.
For a complete list of our data sub-processors, including data regions and DPA links, see our Sub-Processor Register. Merchants requiring a formal agreement can view our Data Processing Agreement.
§4 · Data storage and security
Data is stored on servers located in Singapore, operated by Render, our hosting provider. Under Australian Privacy Principle 8 (APP 8), we take reasonable steps to ensure overseas recipients handle your information in accordance with the APPs.
All data is encrypted in transit (TLS 1.2+) and at rest. We use role-based access controls, audit logging, and regular security reviews. Sensitive personal information is encrypted at the field level using envelope encryption.
| Feature | Control | What it does | Where it applies |
|---|---|---|---|
| TLS 1.2+ | Encrypts data in transit between your browser and our servers | All HTTP traffic | |
| Field-level envelope encryption | Encrypts sensitive fields with per-tenant keys | Customer PII, payment metadata | |
| Role-based access control | Restricts access to data on a need-to-know basis | Internal staff and partner portal | |
| Audit logging | Immutable log of access and mutations | All sensitive operations | |
| Notifiable Data Breaches scheme | Notification to affected individuals and the OAIC where required | Eligible data breaches |
§5 · Your rights
Under the Australian Privacy Principles, you have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your account and associated data
- Export your data at any time from your dashboard
- Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs
If you are a voucher purchaser or gift recipient who does not have a VoucherGrid account, you can exercise your data access, export, or erasure rights by submitting a request through our email-verified data subject request process. Contact privacy@vouchergrid.com or visit the merchant's store page to initiate a request.
Data retained after account cancellation
When you cancel your VoucherGrid subscription, we apply a three-tier retention model that balances your Australian record-keeping obligations against the privacy rights of your customers.
- 01
Grace period - until your current billing period ends.
Your dashboard, reports, exports, and voucher redemption remain available so you can finalise accounting and honour outstanding vouchers. Your public voucher store closes to new sales. You can reactivate at any time before the grace period ends.
- 02
At the end of the grace period - archive.
We anonymise personal information we hold on behalf of your customers: customer email addresses are replaced with a per-tenant HMAC-SHA-256 hash, names are replaced with
[redacted], and phone numbers and IP addresses are cleared. The hash is preserved (not reversed) so audit-log integrity remains verifiable without re-exposing identities. Accountants you previously granted portal access receive a one-time final-export download (a ZIP containing your records with plaintext PII) to meet their own record-keeping obligations; the signed download link expires after 7 days. - 03
Seven-year retention - anonymised financial records.
Voucher amounts, transaction dates, GST working papers, and journal entries are retained in anonymised form for 7 years to satisfy s 382-5 of Schedule 1 to the Taxation Administration Act 1953 (Cth). Outstanding voucher balances are also retained, so voucher holders can verify balances through our public check-balance page for the full honour window required by s 99B of the Australian Consumer Law and beyond. After 7 years, all remaining records are permanently purged.
Security and compliance audit log entries (with tenant identifiers nulled on purge) are retained across this period to support incident investigation under the Notifiable Data Breaches scheme.
§6 · Cookies
We use essential cookies for authentication and session management. With your explicit consent via our cookie banner, we also enable analytics (PostHog), error monitoring and session replay (Sentry). Our cookie banner offers a single accept/reject choice - accepting enables all non-essential cookies, rejecting disables them all. You can change your preference at any time using the “Cookie Settings” link in the website footer.
§7 · Third-party links
Our platform may contain links to third-party websites (e.g. Stripe, Xero, QuickBooks). We are not responsible for the privacy practices of those sites.
§8 · Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email or in-app notification. The effective date at the top of this page indicates the most recent revision.
VoucherGrid PTY LTD as The Trustee for VoucherGrid Discretionary Trust trading as VoucherGrid