1. About This Policy
PostureCore ("we", "us", "our") is an Australian e-commerce business committed to protecting the privacy of everyone who visits our website or purchases our products. This Privacy Policy explains how we handle your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act.
This policy applies to all personal information collected through our website at posturecore.netlify.app, our Shopify-powered online store, via email and any other interaction you have with PostureCore.
By placing an order, creating an account, subscribing to our mailing list, or otherwise providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy and consent to the practices described herein.
Our commitment: We collect only what we need, use it only for legitimate purposes, keep it secure, and will never sell your personal information to third parties.
2. Personal Information We Collect
The types of personal information we may collect and hold include:
Identity and Contact Information
- Full name
- Email address
- Phone number (if provided)
- Delivery address (street, suburb, state, postcode)
- Billing address (if different from delivery address)
Payment Information
- Payment card details (card number, expiry date, CVV) — these are processed directly by Shopify Payments or our payment processor and are not stored on our servers
- Transaction identifiers and billing records
- Fraud risk signals generated during payment processing
Order and Account Information
- Order history, including products purchased, quantities, and prices paid
- Returns and refund requests
- Customer service correspondence and support notes
- Account login credentials (email and hashed password, if you create a customer account)
Device and Browsing Information
- IP address
- Browser type and version
- Operating system
- Referring website or traffic source
- Pages viewed on our site and time spent on each page
- Clickstream data and on-site interaction events
- Device type (desktop, mobile, tablet)
- Cookie identifiers and similar tracking identifiers
Marketing and Preference Data
- Whether you have subscribed to or unsubscribed from our email list
- Email open and click data (aggregated and individual, as permitted by law)
- Advertising attribution data (for example, which ad or channel led you to our site)
We do not intentionally collect sensitive information as defined in the Privacy Act — such as health or medical information beyond what is necessary to provide customer service, racial or ethnic origin, religious beliefs, or criminal records. If you choose to share health-related context with us (for example, when contacting our support team about your use of the product), we will treat that information with additional care and confidentiality.
3. How We Collect Your Information
We collect personal information through the following means:
Directly from You
- Order forms: When you place an order on our Shopify store, you provide your name, delivery address, email address, phone number (optional), and payment details.
- Account creation: If you create a customer account, you provide contact and login details.
- Email newsletter sign-up: When you subscribe to our mailing list via a pop-up, footer form, or checkout opt-in.
- Customer service contact: When you email us at support@posturecore.com.au or contact us through any other channel.
- Competitions and promotions: If we run any promotions and you choose to enter or participate.
Automatically Through Technology
- Cookies and tracking pixels: Our website uses cookies and tracking technologies to collect device and browsing data automatically as you navigate our site. See Section 6 for full details.
- Shopify platform: Our store is hosted on Shopify, which logs technical data about sessions, transactions, and site interactions as part of its standard platform operations.
- Analytics tools: We use web analytics services (such as Google Analytics) that automatically collect aggregated and individual browsing data about how visitors use our site.
- Advertising platforms: If you arrive at our site through a paid advertisement, the advertising platform (e.g., Meta, Google Ads, TikTok Ads) may share attribution data with us indicating which ad or campaign prompted your visit.
From Third Parties
- Payment processors: Our payment processor may share transaction confirmation data, fraud signals, and billing status information with us.
- Shipping carriers: Our delivery partners share tracking status and delivery confirmation information relating to your order.
- Social media platforms: If you interact with our social media profiles or advertisements, those platforms may share limited engagement or attribution data with us.
4. Why We Collect and Use Your Information
We collect and use personal information only where we have a legitimate purpose to do so. Our purposes include:
Order Fulfilment (Primary Purpose)
- Processing and confirming your order
- Charging payment and issuing receipts
- Arranging dispatch and delivery to your nominated address
- Sending you order confirmation, dispatch notification, and tracking information by email
- Managing returns, refunds, and exchanges under our 30-day guarantee or Australian Consumer Law
Customer Service
- Responding to your enquiries and support requests
- Resolving complaints and disputes
- Maintaining records of our communications with you
- Verifying your identity when you contact us about an order or account
Marketing and Communications (With Your Consent)
- Sending you promotional emails about new products, offers, and PostureCore news — only where you have opted in or where we are otherwise permitted under applicable law (for example, as an existing customer under the Spam Act 2003 (Cth))
- Showing you relevant advertisements on platforms such as Meta and Google, using your data for audience targeting and lookalike modelling — you can opt out at any time as described in Section 10
- Remarketing to you if you visited our site but did not complete a purchase
Site Improvement and Analytics
- Understanding how visitors use our website so we can improve the user experience and product offerings
- Diagnosing technical errors and performance issues
- Conducting A/B testing to improve conversion and usability
- Measuring the effectiveness of our advertising campaigns
Legal and Compliance Obligations
- Complying with our obligations under Australian law, including taxation, consumer protection, and anti-money-laundering laws
- Responding to lawful requests from government bodies, regulators, or courts
- Detecting and preventing fraud, chargebacks, and misuse of our store
- Maintaining records as required by law (for example, under the Australian Taxation Administration Act 1953)
We will not use your personal information for any purpose that is incompatible with the purpose for which it was collected, unless you consent or we are required or authorised to do so by law.
5. Who We Share Your Information With
We do not sell your personal information to anyone. We share it only where necessary to operate our business, with the following categories of trusted service providers:
E-commerce Platform — Shopify
Our store is built on and hosted by Shopify Inc. Shopify processes and stores order data, customer account information, and payment data on our behalf as a data processor. Shopify operates under strict data processing agreements and its servers are located primarily in the United States. See Shopify's Privacy Policy for further details.
Payment Processors
Payment card transactions are processed by Shopify Payments (powered by Stripe) or other payment gateways enabled on our store. These processors receive your payment card details to authorise and process transactions. They operate under strict PCI-DSS Level 1 compliance. We do not store raw card numbers or CVV codes on our own systems.
Shipping and Logistics Carriers
We share your name, delivery address, and contact details with our shipping carriers to arrange delivery of your order and to provide you with tracking information. Carriers may include Australia Post, Sendle, CouriersPlease, or other standard Australian courier networks.
Email Marketing Platforms
If you have subscribed to our newsletter, or we are otherwise permitted to contact you, your email address and name are shared with our email service provider (such as Klaviyo or a comparable platform). These providers are bound by their own privacy policies and data processing agreements.
Analytics Providers
We use analytics services such as Google Analytics to understand site usage. These services may receive anonymised or pseudonymised browsing data. Google Analytics data is processed by Google LLC, primarily in the United States. You can opt out via the Google Analytics opt-out browser add-on.
Advertising Platforms
We may share customer lists, hashed email addresses, or pixel-based behavioural data with advertising platforms such as Meta (Facebook/Instagram), Google Ads, and TikTok Ads for the purpose of targeted advertising, conversion measurement, and lookalike audience creation. You can manage your ad preferences through each platform's own privacy settings.
Professional Advisers
We may share information with our lawyers, accountants, or other professional advisers where necessary to run our business, subject to confidentiality obligations.
Law Enforcement and Regulators
We may disclose your information to law enforcement agencies, courts, regulators, or government bodies if required by law, compelled by court order, or where necessary to protect the rights, property, or safety of PostureCore, our customers, or the public.
6. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies. A cookie is a small text file placed on your device by your browser when you visit a website. We use the following categories of cookies:
Essential Cookies
These cookies are strictly necessary for the website to function correctly. They manage your shopping cart session, maintain your login state, enable the checkout process, and prevent fraudulent transactions. They cannot be disabled without breaking core site functionality. No personal data from essential cookies is used for marketing purposes.
Analytics Cookies
We use analytics cookies (including those set by Google Analytics) to collect information about how visitors interact with our website — for example, which pages are most visited, where visitors come from, and how long they stay. This data is primarily used in aggregate form to improve our site. Analytics cookies may be set by third-party services operating on our behalf.
Marketing and Advertising Pixels
We use advertising tracking pixels and tags from platforms including Meta (Facebook Pixel), Google Ads, and TikTok Pixel. These technologies track your interactions with our website (such as page views, add-to-cart events, and purchases) to enable us to measure conversions, serve you relevant advertisements on those platforms, and build retargeting audiences. They may set cookies on your device and transmit browsing data to the respective advertising platform.
Managing Your Cookie Preferences
You can manage or disable cookies through your browser settings at any time. Note that disabling essential cookies will affect the functionality of our store (for example, your shopping cart may not persist between pages). Most modern browsers let you:
- View all cookies currently stored on your device
- Delete existing cookies individually or in bulk
- Block cookies from specific websites or all third-party cookies
- Set alerts when a website attempts to set a cookie
For browser-specific instructions, visit aboutcookies.org. To opt out of interest-based advertising more broadly, visit the Your Online Choices platform (Australia).
7. International Transfers of Personal Information
PostureCore is an Australian business and our primary operations are based in Australia. However, some of the third-party service providers we rely on — including Shopify (United States), Google (United States), Stripe (United States), and Meta (United States/Ireland) — store and process data on servers located outside Australia.
Under Australian Privacy Principle 8, when we disclose personal information to overseas recipients, we are required to take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information. We do this by:
- Using only reputable service providers with established data protection practices and compliance frameworks
- Relying on contractual data processing agreements that require the recipient to handle data in a manner consistent with Australian privacy law
- Ensuring that certain recipients are subject to binding privacy laws or schemes in their own jurisdiction that provide protections broadly comparable to the APPs (for example, GDPR in Europe)
By providing your personal information to us, you acknowledge that it may be transferred to, stored, and processed in countries outside Australia where data protection laws may differ from Australian law. We take all reasonable steps to ensure your data is handled appropriately wherever it is processed.
8. Data Security
We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:
- SSL/TLS encryption: All data transmitted between your browser and our website is encrypted using industry-standard TLS protocols (HTTPS). You can verify this via the padlock icon in your browser's address bar.
- PCI-DSS compliant payment processing: Payment card data is handled exclusively by PCI-DSS Level 1 certified processors. We never receive, transmit, or store raw card details on our own infrastructure.
- Shopify platform security: Our store is hosted on Shopify, which employs enterprise-grade security infrastructure including regular third-party security audits, DDoS protection, encrypted data storage, and a dedicated security team.
- Access controls: Access to customer data within our internal systems is restricted to authorised personnel on a need-to-know basis. We do not provide broad team access to order or customer records.
- Password security: Customer account passwords are hashed using industry-standard cryptographic algorithms — we cannot view or retrieve your raw password.
- Regular review: We periodically review our security practices and update them in response to new threats, technology changes, and legal requirements.
Despite these measures, no method of electronic transmission or data storage is 100% secure. We cannot guarantee the absolute security of your information. If you suspect that your PostureCore account has been compromised or that your personal information has been misused, please contact us immediately at support@posturecore.com.au.
In the event of a data breach that is likely to result in serious harm to any individual, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth).
9. Your Rights — Access, Correction, and Deletion
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights regarding your personal information:
Right of Access (APP 12)
You have the right to request access to the personal information we hold about you. To submit an access request, email us at support@posturecore.com.au with the subject line "Privacy — Access Request". Please include your full name, the email address associated with your account, and a description of the information you wish to access. We will respond within 30 days. We may need to verify your identity before providing access, and may charge a reasonable fee to cover our administrative costs in some cases, though we will advise you of this in advance.
Right to Correction (APP 13)
If you believe that personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you have the right to ask us to correct it. Email us at support@posturecore.com.au with the subject "Privacy — Correction Request". We will take reasonable steps to correct the information within 30 days. If we disagree that the information requires correction, we will tell you why and note your request on our records. You may then seek review through the OAIC if you are not satisfied.
Right to Deletion
You may ask us to delete personal information we hold about you. We will consider and respond to all such requests. Please be aware that we may be legally required to retain certain records — for example, transaction records must be retained for taxation purposes under Australian law, and records relevant to a dispute or legal proceeding must be retained until the matter is resolved. We will explain any such limitations in our response to you.
How to Exercise Your Rights
All rights requests should be sent to support@posturecore.com.au. We will acknowledge your request within 5 business days and aim to respond in full within 30 days. If we cannot meet the 30-day deadline due to complexity, we will notify you and provide an updated timeframe.
10. Opting Out of Marketing
You can withdraw your consent to marketing communications from PostureCore at any time using any of the following methods:
- Email unsubscribe link: Click the "Unsubscribe" link at the footer of any marketing email we send. This will remove you from our mailing list immediately, in compliance with the Spam Act 2003 (Cth).
- Email request: Send an email to support@posturecore.com.au with the subject "Unsubscribe" and we will remove you from all marketing communications within 5 business days.
- Ad platform settings: To opt out of targeted or interest-based advertising on specific platforms, visit the privacy or advertising settings on Meta (facebook.com/settings), Google (myaccount.google.com/ad-settings), and TikTok (their app settings under "Ads").
Please note that opting out of marketing will not affect necessary transactional communications. We will still send you order confirmations, dispatch notifications, tracking updates, and refund confirmations for orders you have placed, as these are essential to fulfilling your purchase.
11. Privacy Complaints
If you believe that PostureCore has mishandled your personal information or breached the Australian Privacy Principles, we encourage you to raise your concern with us first so that we can attempt to resolve it promptly.
Step 1 — Contact PostureCore Directly
Email your complaint to support@posturecore.com.au with the subject line "Privacy Complaint". Please describe your concern in as much detail as possible, including your name and contact details, the nature of the alleged breach, and the outcome you are seeking. We will acknowledge your complaint within 5 business days and aim to provide a full response within 30 days. If the matter requires additional investigation, we will keep you informed of progress.
Step 2 — Contact the OAIC
If you are not satisfied with our response, or if we have not resolved your complaint within 30 days, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
The OAIC can investigate privacy complaints and take regulatory action if it determines that an interference with your privacy has occurred. There is no fee to lodge a complaint with the OAIC.
12. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our business practices, technology, legal requirements, or other factors. When we make changes to this policy, we will:
- Update the "Last updated" date shown at the top of this page
- Post the revised policy on our website at the same URL
- Where changes are material and affect existing customers, send an email notification to customers who have provided their email address
We encourage you to review this policy periodically to stay informed about how we protect your information. Your continued use of our website or services after any update constitutes your acceptance of the revised policy. If you disagree with any changes, please cease using our services and contact us to discuss the removal of your personal information.