Wishin Privacy Policy

1. Introduction

Wishin (operated by Wishin ABN 649 858 173 95, "Wishin", "we", "us", or "our") is committed to protecting the privacy of all individuals who use our platform, website, and services (collectively, "Platform").

This Privacy Policy explains how we collect, hold, use, and disclose your personal information in accordance with the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs").

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described below.

If you do not agree with this Privacy Policy, please do not use the Platform.

2. Who We Are

Wishin is an online wishing well platform that allows hosts to create personalised Wishing Wells for personal celebrations, and guests to contribute monetary gifts, messages, photos, and videos.

Contact Details: Email: hello@wishin.com.au Website: wishin.com.au ABN: [Insert ABN]

For all privacy-related enquiries, you may contact our Privacy Officer at the above email address.

3. What Personal Information We Collect

We collect personal information that is reasonably necessary to provide our services. The types of personal information we collect include:

3.1 Host Information

Full name and email address

Phone number

Account login credentials

Wishing Well details (event name, occasion type, personal message)

Bank account or payment details for disbursement of Contributions

3.2 Guest Information

Name and email address (where provided)

Payment card details and billing address (collected and processed by our third-party payment providers — Wishin does not store full card details)

Transaction history and Contribution amounts

3.3 User-Generated Content

Messages, photos, and videos submitted with Contributions

Any personal information contained within that content

3.4 Technical and Usage Information

IP address and approximate location

Device type, operating system, and browser type

Pages visited, time spent on the Platform, and referral source

Cookies and similar tracking technologies (see clause 10)

3.5 Identity Verification Information

Where required for AML/CTF compliance: government-issued identification documents, date of birth, and address details

We collect only the minimum personal information necessary to deliver our services. Where possible, we offer the option to interact with us anonymously or using a pseudonym, except where this is impracticable or where identification is required by law.

4. How We Collect Personal Information

We collect personal information:

Directly from you, when you create a Host account, submit a Contribution as a Guest, contact our support team, or interact with the Platform;

Automatically, through cookies, web analytics tools, and server logs when you browse the Platform; and

From third parties, such as payment processors, identity verification services, and analytics providers, in connection with the services they provide to us.

We will only collect personal information by lawful and fair means, and where reasonably practicable, we will notify you of the collection at or before the time of collection.

5. How We Use Your Personal Information

We use personal information for the following purposes:

5.1 Providing and Managing Services

Creating and managing Host accounts and Wishing Wells

Processing Contributions and facilitating disbursements to Hosts

Displaying Guest Content (messages, photos, videos) on Wishing Wells

5.2 Payments and Financial Processing

Processing transactions securely through our third-party payment providers

Issuing receipts and managing transaction records

Preventing and detecting fraud and unauthorised transactions

5.3 Legal and Regulatory Compliance

Complying with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and associated rules, including conducting identity verification and transaction monitoring

Responding to lawful requests from regulatory authorities and law enforcement

Retaining records as required by law

5.4 Communications

Sending transactional communications (account notifications, contribution confirmations, support responses)

Sending service updates, policy change notices, and security alerts

Sending marketing communications, where you have consented (see clause 11)

5.5 Platform Improvement and Analytics

Analysing usage patterns to improve Platform functionality and user experience

Conducting internal research and development

Troubleshooting technical issues

We will not use your personal information for a purpose other than those described above, or a directly related purpose, without your prior consent.

6. Disclosure of Personal Information

We may disclose your personal information to the following categories of third parties:

6.1 Payment Service Providers We share payment-related information with our third-party payment processors (such as [Insert Payment Provider, e.g., Stripe]) to facilitate secure transaction processing. These providers operate under their own privacy policies and are PCI-DSS compliant.

6.2 Technology and Hosting Providers We engage third-party providers for cloud hosting, data storage, email delivery, analytics, and customer support infrastructure. These providers are engaged under confidentiality and data processing agreements.

6.3 Identity Verification Providers Where required by law (AML/CTF compliance), we may share identification information with authorised identity verification services.

6.4 Other Users

Hosts may view Guest Content (messages, photos, videos) submitted to their Wishing Well.

Hosts do not have access to Guests' payment card details or private contact information unless voluntarily provided by the Guest.

Guest Contribution amounts may be visible to Hosts.

6.5 Legal and Regulatory Authorities We may disclose personal information to government bodies, law enforcement agencies, or courts where required or authorised by law, or where we believe disclosure is necessary to prevent or investigate fraud, unlawful activity, or threats to safety.

6.6 Business Transfers In the event of a merger, acquisition, or sale of all or substantially all of Wishin's assets, personal information may be transferred to the successor entity, subject to equivalent privacy protections.

We do not sell, rent, or trade personal information to third parties for marketing or commercial purposes.

7. Overseas Disclosure

Some of our third-party service providers may store or process personal information outside Australia (for example, in the United States or the European Union). Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient is subject to privacy laws or contractual obligations that provide a standard of protection comparable to the APPs.

By using the Platform, you consent to the potential transfer of your personal information to overseas recipients as described in this clause.

8. Storage and Security

8.1 We store personal information on secure servers protected by industry-standard encryption, access controls, and security monitoring.

8.2 Payment information is collected and processed by our PCI-DSS compliant payment providers. Wishin does not store full credit or debit card numbers.

8.3 We take reasonable technical and organisational steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.

8.4 Despite these measures, no data transmission or storage system can be guaranteed to be 100% secure. If you suspect your account has been compromised, please contact us immediately at hello@wishin.com.au.

8.5 Data Breach: If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner ("OAIC") in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.

9. Retention of Personal Information

We retain personal information only for as long as is reasonably necessary to:

provide our services and fulfil the purposes described in clause 5;

comply with our legal obligations, including AML/CTF record-keeping requirements (a minimum of 7 years for certain transaction records);

resolve disputes and enforce our agreements; and

meet any applicable regulatory or contractual retention requirements.

When personal information is no longer required, we will take reasonable steps to destroy or permanently de-identify it in a secure manner.

10. Cookies and Tracking Technologies

10.1 We use cookies, web beacons, pixels, and similar tracking technologies to operate and improve the Platform.

10.2 We use the following types of cookies:

Cookie Type Purpose

Essential Required for Platform functionality (login sessions, security)

Functional Remembering your preferences and settings

Analytics Understanding how Users interact with the Platform (e.g., Google Analytics)

Marketing Delivering relevant content and measuring campaign effectiveness (where applicable)

10.3 You can manage or disable non-essential cookies through your browser settings or a cookie consent tool on the Platform. However, disabling certain cookies may affect Platform functionality.

10.4 We do not use cookies to collect sensitive personal information or to identify individuals without their knowledge.

11. Direct Marketing

11.1 We may send you marketing communications about Wishin's services, promotions, or features where you have given us your consent, or where we are otherwise permitted to do so under applicable law.

11.2 You may opt out of receiving marketing communications at any time by:

clicking the "unsubscribe" link in any marketing email; or

contacting us at hello@wishin.com.au.

11.3 Opting out of marketing communications does not affect the delivery of transactional or service-related communications necessary to operate your account.

12. Your Privacy Rights

Under the Privacy Act and APPs, you have the right to:

12.1 Access: Request access to the personal information we hold about you. We will respond to access requests within a reasonable time (generally within 30 days). We may charge a reasonable administrative fee for providing access in certain circumstances.

12.2 Correction: Request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will take reasonable steps to correct information within 30 days of your request.

12.3 Withdrawal of Consent: Withdraw consent to the use or disclosure of your personal information where processing is based on consent. Note that withdrawal of consent may affect our ability to provide certain services.

12.4 Deletion: Request deletion of your personal information, subject to our legal obligations and legitimate business needs to retain certain records.

12.5 Complaints: Lodge a complaint if you believe we have mishandled your personal information (see clause 13).

To exercise any of these rights, please contact us at hello@wishin.com.au. We may need to verify your identity before processing your request.

13. Complaints

13.1 If you have a complaint about how we have handled your personal information, please contact our Privacy Officer in the first instance:

Email: hello@wishin.com.au Subject line: Privacy Complaint

13.2 We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. Where the matter is complex, we will notify you of the expected timeframe.

13.3 If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au

Phone: 1300 363 992

Mail: GPO Box 5218, Sydney NSW 2001

14. Children's Privacy

14.1 The Platform is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

14.2 If you believe we have inadvertently collected personal information from a child under 13, please contact us at hello@wishin.com.au and we will take prompt steps to delete that information.

15. Sensitive Information

We do not intentionally collect sensitive information (as defined in the Privacy Act, including health, racial, religious, or biometric information) unless:

it is reasonably necessary for our services and you have consented; or

we are required or authorised by law to collect it (for example, identity documents for AML/CTF compliance).

16. Changes to This Privacy Policy

16.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

16.2 Where changes are material, we will notify registered Users by email or by posting a prominent notice on the Platform at least 14 days before the changes take effect.

16.3 The current version of this Privacy Policy will always be available on our website at wishin.com.au. The effective date at the top of this document indicates when it was last updated.

16.4 Your continued use of the Platform following the effective date of updated Terms constitutes acceptance of the revised Privacy Policy.

17. Contact Us

For all privacy enquiries, requests, or complaints, please contact:

Wishin Privacy Officer Email: hello@wishin.com.au Website: wishin.com.au ABN: 649 858 173 95

We aim to respond to all privacy enquiries within 5 business days.