Packster Privacy Policy

Effective Date: 2 March 2026

Packster Pty Ltd (ACN: TBC / TBD) ("Packster," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you use Packster (the "Service"), including our web app, AI-powered packing list and trip planning features, and related tools.

This Policy applies to all users globally, including in Australia (where the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) apply), the European Union/EEA, United Kingdom, Switzerland (where the GDPR applies), the United States, and elsewhere. We comply with applicable privacy laws in the jurisdictions where we operate or where our users reside.

By using the Service, you consent to the practices described in this Policy. If you do not agree, please do not use the Service. This Policy should be read alongside our Terms of Service.

1. Information We Collect

We collect information in these categories:

a. Information You Provide Directly

  • Account details: email address, password (hashed), name (optional).
  • Trip and packing data: destinations, travel dates, activities, number of travellers, preferences (e.g., clothing style, allergies, medications), custom items, wardrobe uploads (images/descriptions when implemented).
  • Shared content: notes, lists, or items added via sharing links (Paid Tiers).
  • Payment information: handled securely by Stripe (we do not store full card details).
  • Communications: support messages, feedback.

b. Automatically Collected Information

  • Device and usage data: IP address, browser type, device ID, operating system, app version, pages visited, time spent, features used (e.g., AI generations).
  • Analytics: aggregated usage patterns collected via PostHog (see Section 5 — Cookies & Analytics) only with your consent.
  • Log data: errors, API calls, timestamps.

c. Third-Party Data

  • Weather data from Open-Meteo (no personal identifiers attached).
  • AI processing: trip inputs sent to OpenAI for generation of packing lists/chat responses (see Section 4).
  • Authentication and storage via Supabase.

We do not collect sensitive information (e.g., precise health details beyond what you voluntarily input for packing suggestions) unless you provide it, and we minimise collection to what is necessary.

2. How We Use Your Information

We use personal information to:

  • Provide, maintain, and improve the Service (e.g., generate AI packing lists, enable sharing links, process subscriptions).
  • Authenticate accounts and prevent unauthorised access.
  • Process payments via Stripe.
  • Communicate with you (e.g., account notifications, support responses).
  • Analyse usage to enhance features (aggregated/anonymised where possible, subject to your cookie consent).
  • Comply with legal obligations, enforce Terms, detect fraud/abuse.
  • Send optional marketing (with consent where required; easy unsubscribe).

We do not sell your personal information.

3. Legal Basis for Processing (GDPR)

For users in the EU/EEA, UK, and Switzerland, we process personal data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service you have signed up for — including account authentication, generating AI packing lists, and processing payments via Stripe.
  • Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud/abuse prevention, error logging, product improvement through aggregated internal analytics, and enforcing our Terms of Service — where these interests are not overridden by your rights.
  • Consent (Art. 6(1)(a)): Optional analytics via PostHog (collected only after you accept non-essential cookies), and optional marketing communications. You may withdraw consent at any time via your browser settings or by emailing us.
  • Legal obligation (Art. 6(1)(c)): Retaining payment and transaction records as required by applicable tax and financial regulations (e.g., 7 years under Australian law).

4. Sharing Your Information

We share personal information only as necessary:

Service Providers: With trusted third parties who assist us (e.g., OpenAI for AI inference, Supabase for database/auth/storage, Stripe for payments, Open-Meteo for weather, PostHog for analytics). These providers are contractually bound to protect data and use it only for our purposes.

OpenAI: Your trip inputs and preferences are sent to OpenAI's standard API to generate AI Content. Per OpenAI's policy (as of 2026):
  • We have not opted in to share data for model training.
  • OpenAI does not use API inputs/outputs to train or improve models (default since March 2023).
  • OpenAI may retain inputs/outputs for up to 30 days for abuse/safety monitoring, after which they are deleted (unless legally required otherwise).
  • Legal Requirements: If required by law, court order, or to protect rights/safety (e.g., fraud prevention).
  • Business Transfers: In merger, acquisition, or asset sale (with notice where required).
  • Aggregated/Anonymised Data: For analytics/research (non-identifiable).

We do not share with advertisers or for unrelated marketing.

5. Cookies & Analytics

We use cookies and similar technologies. On your first visit, we display a cookie consent banner and only activate non-essential cookies after you explicitly accept them.

Essential Cookies (always active)

  • Authentication session cookies (set by Supabase): Required to keep you logged in and protect your account. These are strictly necessary for the Service to function and are set by the Service itself.

Analytics Cookies (with your consent only)

  • PostHog (posthog.com): A product analytics service we use to understand how users interact with Packster (e.g., page views, feature usage). PostHog may set cookies on your browser. If you select "Essential only," PostHog will not be initialised and no analytics data will be collected from your session. We do not use PostHog data for advertising. PostHog respects Do Not Track (DNT) browser settings.

Managing Your Cookie Preferences

You can change your preference at any time by clearing your browser's local storage for packster.app (key: packster_cookie_consent) or by contacting us. You can also configure your browser to refuse or delete cookies; doing so may affect the functionality of the Service.

6. Data Storage and International Transfers

Data is stored primarily in secure cloud providers (e.g., Supabase regions; we aim for Australia/APAC where feasible). As an Australian company, we may transfer data to the US, EU, or other countries (e.g., OpenAI servers in the US).

We rely on:

  • Adequacy decisions (e.g., EU to Australia).
  • Standard contractual clauses or equivalent safeguards for transfers outside adequate jurisdictions.
  • OpenAI's compliance commitments.

7. Data Retention

We retain personal information only as long as necessary:

  • Account/trip data: While your account is active + reasonable period post-deletion for backups/disputes.
  • Upon account deletion (via settings): Trips, lists, profiles, chat history removed within 30 days (subject to legal holds/backups).
  • Logs/analytics: Up to 12–24 months (aggregated where possible).
  • Payment records: As required by tax/law (e.g., 7 years in Australia).

OpenAI retains API inputs/outputs up to 30 days for abuse monitoring (see Section 4).

8. Your Rights

Depending on your location:

  • Australian Users (APPs): Access, correction, deletion (subject to exceptions), complaint to OAIC.
  • EU/EEA/UK/Switzerland (GDPR): Access, rectification, erasure ("right to be forgotten"), restriction, portability, object (including to processing based on legitimate interests), withdraw consent. Contact our DPO if appointed. Right to lodge complaint with supervisory authority (e.g., your national DPA).
  • California (CCPA/CPRA): Right to know what personal information we collect, right to request deletion, right to correct, right to opt out of sale (we do not sell personal information). We do not discriminate for exercising these rights.
  • Other Jurisdictions: Similar rights where applicable under local law.

To exercise rights: email support@packster.app. We respond within statutory timeframes (e.g., 30 days under GDPR; reasonable time under APPs). Verification required.

9. Children's Privacy

The Service is not directed at children under 18 (or 13 in some jurisdictions). We do not knowingly collect data from children. If we learn we have, we will delete it promptly. Contact us if concerned.

10. Security

We implement reasonable technical/organisational measures (e.g., encryption in transit/rest, access controls, regular audits). However, no system is 100% secure. You are responsible for securing your account credentials.

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify relevant supervisory authorities (e.g., OAIC in Australia, relevant EU DPA) without undue delay and, where required under GDPR, within 72 hours of becoming aware of the breach.
  • Notify affected users without undue delay where the breach is likely to result in a high risk to your rights and freedoms, via email to your registered address or prominent in-app notice.
  • Take immediate steps to contain and remediate the breach.

If you believe your data has been compromised, contact us immediately at support@packster.app.

12. Changes to This Policy

We may update this Policy. Material changes notified via email or in-app notice. Continued use after changes constitutes acceptance. Check date at top.

13. Contact Us

  • Privacy questions or rights requests: support@packster.app
  • Packster Pty Ltd
  • [Insert full registered office address, Queensland, Australia]
  • For EU/UK/Switzerland users: We act as data controller. If required by applicable law, we will appoint an EU/UK representative and notify you.

By using Packster, you acknowledge this Privacy Policy.

Return to Home