Privacy Policy

Last updated: 19 April 2026

1. About This Policy

This Privacy Policy describes how Deep Patel, ABN 12 794 897 122, trading as GlowBook AU ("we", "us", "our"), collects, uses, discloses, and manages personal information in connection with the GlowBook AU software suite, including the Frontdesk application (frontdesk.glowbook.com.au) and the Admin Console (admin.glowbook.com.au) (together, the "Services"), and the GlowBook AU marketing website at glowbook.com.au.

We are bound by the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs) contained in that Act.

By using the Services or the website, you consent to the collection, use, and disclosure of your personal information as described in this Policy. If you do not agree, you must not use the Services.

2. What Personal Information We Collect

2.1 Business Subscribers (Admin Console and Frontdesk)

When you sign up for and use the Services, we collect:

  • Full name and email address provided at registration
  • Business name and business contact details
  • Phone number (if provided)
  • Staff member names, email addresses, and phone numbers entered into the system
  • Client (end-customer) names, email addresses, phone numbers, and appointment notes entered by you or your staff
  • Appointment, scheduling, and service data created through use of the Services
  • Frontdesk PIN credentials (stored as a one-way bcrypt hash; we do not store the raw PIN)
  • Session tokens associated with Frontdesk device access
  • Subscription and billing information (invoices, bank transfer records)

2.2 Website Visitors

When you visit glowbook.com.au, we may collect:

  • IP address and approximate geographic location
  • Browser type, device type, and operating system
  • Pages visited, time spent, and referral source
  • Information you voluntarily submit through contact or enquiry forms

2.3 Information We Do Not Collect

We do not collect:

  • Payment card numbers or bank account details (payments are made by direct bank transfer; we issue invoices but do not process card payments at this time)
  • Government-issued identity documents
  • Sensitive information as defined under the Privacy Act, unless you voluntarily include it in appointment notes

3. How We Collect Personal Information

We collect personal information:

  • Directly from you when you register for the Services, contact us, or use the Admin Console or Frontdesk application
  • From your staff when they use the Services under your account
  • Automatically through the Services via server logs, session tokens, and analytics tools
  • Through cookies and similar tracking technologies on our marketing website

4. Purposes for Which We Collect, Hold, Use, and Disclose Personal Information

We collect and use personal information to:

  • Provide, operate, maintain, and improve the Services
  • Set up and manage your business account and subscription
  • Enable scheduling, appointment management, and staff management functions within the Services
  • Send transactional and service-related emails (e.g., account setup, subscription notices)
  • Issue invoices and manage payment records
  • Respond to support requests and enquiries
  • Monitor and analyse usage patterns to improve product performance and user experience
  • Comply with our legal obligations
  • Protect the security and integrity of our Services

We will not use or disclose your personal information for purposes other than those for which it was collected, except with your consent or as permitted or required by law.

5. Disclosure of Personal Information

5.1 Service Providers

We disclose personal information to the following third-party service providers who assist us in operating the Services. Each is engaged under appropriate contractual obligations:

  • Supabase Inc. (database and authentication infrastructure) - data is hosted on AWS ap-southeast-2 (Sydney, Australia)
  • Resend Inc. (transactional email delivery) - data is processed on servers located in the United States of America
  • Google LLC (website analytics via Google Analytics) - data is processed on servers located in the United States of America

5.2 Overseas Disclosure (APP 8)

As noted above, Resend Inc. and Google LLC are located in the United States of America. By using the Services or visiting our website, you consent to your personal information being disclosed to these overseas recipients. We take reasonable steps to ensure these providers handle your information consistently with the Australian Privacy Principles; however, you acknowledge that once disclosed, we may not be able to take remedial action if an overseas recipient breaches the APPs, and that APP 8.1 will not apply to such disclosures.

5.3 Other Disclosures

We may also disclose personal information:

  • If required or authorised by law (e.g., to comply with a court order, subpoena, or regulatory obligation)
  • To protect the rights, property, or safety of GlowBook AU, our users, or the public
  • In connection with a sale, merger, or transfer of all or part of our business (in which case the acquiring party would be bound by this Policy or required to obtain fresh consent)

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

6. Data Storage and Security

All business and appointment data is stored on Supabase infrastructure hosted in AWS ap-southeast-2 (Sydney, Australia). We implement the following security measures:

  • Role-based access control and row-level security policies on all database tables
  • One-way bcrypt hashing of Frontdesk PIN credentials; raw PINs are never stored
  • Session token hashing for Frontdesk device sessions
  • HTTPS/TLS encryption for all data in transit
  • Separation of the Frontdesk and Admin Console applications at the subdomain and authentication level

No method of transmission over the internet or electronic storage is 100% secure. While we implement industry-standard safeguards, we cannot guarantee absolute security. You use the Services at your own risk in this respect.

7. Data Retention

We retain personal information for as long as necessary to provide the Services and fulfil the purposes described in this Policy. Specifically:

  • Active account data is retained for the duration of your subscription
  • Upon cancellation or termination of your account, we retain your data for 90 days to allow for re-activation or data export, after which it is permanently deleted from our systems
  • We may retain anonymised or aggregated data (from which no individual can be identified) indefinitely for product improvement purposes
  • We may retain certain records for longer periods where required by law (e.g., financial records for taxation purposes)

8. Cookies and Tracking Technologies

Our marketing website (glowbook.com.au) uses cookies and similar tracking technologies, including:

  • Google Analytics cookies - to collect anonymous usage statistics about website visitors. Data is sent to Google's servers in the United States
  • Session cookies - essential for the operation of the Admin Console and Frontdesk applications

You may disable cookies through your browser settings; however, doing so may impair the functionality of the Services. By continuing to use our website with cookies enabled, you consent to our use of cookies as described above.

9. Your Rights Under the Australian Privacy Principles

Subject to the Privacy Act 1988 (Cth), you have the following rights:

  • Access: You may request access to the personal information we hold about you
  • Correction: You may request correction of inaccurate or out-of-date personal information
  • Complaints: You may make a complaint if you believe we have breached the APPs (see section 11 below)
  • Opt-out of direct marketing: If we send marketing communications (which we will only do with your consent), you may opt out at any time

To exercise any of these rights, please contact us at the details in section 10. We will respond within a reasonable time (generally 30 days). We may need to verify your identity before processing a request.

10. How to Contact Us

For any privacy-related enquiries, access or correction requests, or complaints, please contact:

Deep Patel

Trading as: GlowBook AU

ABN: 12 794 897 122

Email: glowbooksoftware@gmail.com

Website: glowbook.com.au

11. Privacy Complaints

If you believe we have breached the Australian Privacy Principles and wish to make a complaint, please contact us in the first instance (see section 10). We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Mail: GPO Box 5218, Sydney NSW 2001

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or legal obligations. When we make material changes, we will update the "Last updated" date at the top of this Policy and, where the change is significant, notify you by email or through the Services. Your continued use of the Services after any change constitutes acceptance of the updated Policy.