Verified local dealsMelbourne's local storesStripe-secured paymentsInstant QR voucher
Back to GroceryDeals
Privacy Policy

Privacy Policy

Effective date: 10 June 2026  ·  Last updated: 26 June 2026

This Privacy Policy describes how Elephant Geeks Pty Ltd (“GroceryDeals”, “we”, “us”, or “our”) collects, uses, and protects your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

GroceryDeals never stores your payment card details. All payments are processed directly by Stripe using TLS encryption.

1. Who We Are

GroceryDeals is operated by Elephant Geeks Pty Ltd (ABN 14 653 824 198), a company registered in Australia. We operate the online marketplace at grocerydeals.com.au that connects shoppers with local grocery retailers.

We take our obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) seriously. This Privacy Policy explains what personal information we collect, how we use it, and your rights in relation to it.

If you have any questions, contact us at hello@grocerydeals.com.au.

2. Information We Collect

We collect the following categories of personal information:

Account information: your first name, last name, and email address when you register.

Transaction information: order details, voucher codes, redemption history, and payment metadata (we never store full card numbers — see Section 5).

Usage information: IP address, browser type, device type, pages visited, and timestamps of interactions with the Platform.

Support communications: any information you provide when you contact our support team.

We collect information directly from you (when you register or purchase) and automatically (via cookies and server logs). We do not collect sensitive information such as health information or government identifiers.

3. How We Use Your Information

We use your personal information to:

• Create and manage your account. • Process payments and issue QR-code vouchers. • Send transactional emails (order confirmations, vouchers, password resets) via our email provider. • Provide customer support and respond to your enquiries. • Monitor and improve the security, performance, and reliability of the Platform. • Comply with our legal obligations, including tax and consumer law requirements. • Investigate and prevent fraud, abuse, or violations of our Terms.

We do not sell your personal information to third parties. We do not use your information for direct marketing unless you have separately consented.

4. Third-Party Service Providers

We share your information only with trusted service providers who help us operate the Platform. Each provider is bound by their own privacy policy and by our data processing requirements.

Stripe (stripe.com) — payment processing. When you check out, your card details are submitted directly to Stripe over an encrypted connection. GroceryDeals never receives or stores your full card number, CVV, or expiry date. Stripe's privacy policy is available at stripe.com/au/privacy.

Resend (resend.com) — transactional email delivery. Your email address and the content of transactional messages (order confirmations, vouchers) are processed by Resend to deliver emails on our behalf.

Cloudflare R2 — image storage. Deal images uploaded by retailers are stored in Cloudflare's R2 object storage service. Shopper personal information is not stored in R2.

Sentry (sentry.io) — error monitoring. When an unexpected error occurs on the Platform, an anonymised error report (device type, browser, error message, and a portion of the page URL) is sent to Sentry to help us diagnose and fix issues. We do not send email addresses or order details to Sentry.

Axiom (axiom.co) — log analytics. Operational logs (request paths, response times, error rates) are sent to Axiom for platform health monitoring. Logs are anonymised before transmission and do not contain payment data.

Railway and Vercel — hosting infrastructure for the API and frontend respectively. Data is processed within Australian or US data centres.

5. Data Security

We protect your personal information with the following measures:

• Passwords are stored as one-way bcrypt hashes — we cannot recover your plain-text password. • All connections to the Platform use TLS encryption in transit. • Payment card details are processed by Stripe and never pass through or are stored on GroceryDeals servers. • Access to production systems is restricted to authorised personnel. • Session tokens are stored in Redis with a 7-day expiry and are invalidated on logout.

No method of electronic transmission or storage is 100% secure. If you have reason to believe your account has been compromised, please contact support@grocerydeals.com.au immediately.

6. Your Rights Under the Privacy Act 1988

As an Australian resident you have the following rights under the Privacy Act 1988 (Cth):

Access: You may request a copy of the personal information we hold about you.

Correction: You may ask us to correct personal information that is inaccurate, incomplete, or out of date.

Deletion: You may ask us to delete your account and associated personal information. We will action this within 30 days, except where we are required to retain records for legal or compliance purposes (e.g. tax records).

Complaints: If you believe we have mishandled your personal information you may lodge a complaint with us at hello@grocerydeals.com.au. If you are not satisfied with our response you may escalate to the Office of the Australian Information Commissioner (oaic.gov.au).

To exercise any of these rights, email hello@grocerydeals.com.au with the subject line "Privacy Request". We will respond within 30 days.

7. Cookies and Tracking

We use the following cookies and local storage on the Platform:

Authentication: a session cookie containing a signed JWT token that keeps you logged in. This expires in 15 minutes (short-lived access token) with a 7-day refresh mechanism.

Preferences: local storage is used to remember your postcode selection so you do not need to re-enter it on every visit.

Analytics: we use Axiom for server-side log analytics. We do not currently use client-side third-party analytics cookies (such as Google Analytics).

Error monitoring: Sentry may set a session replay identifier to help reproduce errors. All text content is masked before any session data leaves your device.

You can clear cookies and local storage in your browser settings at any time. Clearing the session cookie will log you out.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our services. Specifically:

• Account information is retained until you request deletion, or until we determine your account is permanently inactive (no activity for 3 years). • Order and transaction records are retained for 7 years to comply with Australian tax law. • Server logs are retained for 90 days. • Error reports in Sentry are retained for 90 days.

When you delete your account, your name and email are anonymised within 30 days. Order records are retained in anonymised form for the legally required period.

9. Children

The Platform is intended for users aged 18 and over. We do not knowingly collect personal information from children under 18. If you believe a child has registered on the Platform, please contact hello@grocerydeals.com.au and we will delete the account.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes we will notify you by email or via a prominent notice on the Platform at least 14 days before the changes take effect. The effective date at the top of this page will be updated accordingly.

Continued use of the Platform after the effective date of changes constitutes acceptance of the updated Privacy Policy.

Contact Us

Elephant Geeks Pty Ltd — GroceryDeals
Privacy enquiries: hello@grocerydeals.com.au
Support: support@grocerydeals.com.au

© 2026 GroceryDeals. All rights reserved. Prepared to comply with the Australian Privacy Act 1988 (Cth).