Privacy & Cookies Policy

1. Information We Collect

We may collect the following types of personal information:

Information You Provide Directly

• Account registration: first name, last name (optional), email address, and password
• Phone number: provided during registration in E.164 format (e.g. +61 4XX XXX XXX), used for WhatsApp notifications if you opt in
• Notification preferences: your choice of notification channel (email and/or WhatsApp)
• Alert settings: campground or accommodation selections, date ranges, party size (adults, children, infants), room preferences, and related configuration for each alert you create
• Trip planner data: saved trip titles and descriptions
• Communications: any information you include when you contact us by email

Information from Third-Party Services

• Google Sign-In: if you register or log in using Google, we receive your name and email address from your Google account. We do not receive your Google password.

Information Collected Automatically

• Log data: IP address, browser type and version, operating system, referring URL, pages visited, and the date and time of your visit
• Cookies: essential cookies required for the Website to function (see Part B — Cookie Policy)
• Notification logs: when we send you alert notifications (email or WhatsApp), we store records of each send, including delivery status and message identifiers, for operational, troubleshooting, and compliance purposes. These logs are linked to your account and are deleted or anonymised when you delete your account (see Section 7).

We do not currently use analytics tracking tools (such as Google Analytics). If this changes in the future, we will update this Policy and notify you accordingly.

Information We Do Not Collect

Hike Camp Seek does not collect or store payment information (credit card numbers, bank details, or billing addresses). All payment processing for bookings is handled entirely by Bookeasy Pty Ltd and the relevant accommodation provider.

2. How We Collect Information

We collect personal information through the following means:

• Registration: when you create an account using our sign-up form or via Google Sign-In
• Account settings: when you update your name, phone number, notification preferences, or timezone
• Alert creation: when you set up cancellation alerts for specific campgrounds or accommodation
• Trip planner: when you save trips or itineraries
• Cookies: essential cookies are set automatically when you visit the Website (see Section 14)
• Server logs: our web server automatically records standard log data when you access the Website
• Direct communications: when you send us an email or contact us through the Website
• Google: if you choose to sign in with Google, we receive your name and email address from Google via their OAuth service

We only collect personal information that is reasonably necessary for the purposes described in Section 3 below.

3. Why We Collect Information

We collect and use your personal information for the following purposes:

• To create and manage your user account
• To deliver cancellation alert notifications via your chosen channel (email, WhatsApp, or other messaging services)
• To provide and improve the Services, including search, trip planning, and booking referral features
• To send essential service communications (account verification, password resets, material changes to our Terms or this Policy)
• To respond to your enquiries and provide customer support
• To monitor and analyse usage patterns to improve the Website
• To detect, prevent, and address technical issues, fraud, or abuse
• To comply with legal obligations

We will not use your personal information for direct marketing unless you have expressly consented.

4. How We Store and Protect Information

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure, in accordance with APP 11.

Security Measures

• Encryption in transit: all connections to the Website are encrypted using HTTPS (TLS)
• Password security: passwords are stored using industry-standard one-way hashing algorithms and are never stored in plain text
• Access controls: access to personal information is restricted to authorised personnel only
• Account lockout: repeated failed login attempts trigger a temporary account lockout to prevent brute-force attacks
• CSRF protection: all forms are protected against cross-site request forgery attacks

Hosting and Infrastructure

The Website and its database are hosted on DigitalOcean cloud infrastructure. Data is stored in a PostgreSQL database with access restricted by firewall rules and authentication credentials. Static files are served via a secure reverse proxy.

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your personal information.

5. Third-Party Disclosures

We do not sell, rent, or trade your personal information. We may share your information with the following third parties, solely for the purposes described below:

Bookeasy Pty Ltd (Booking Engine)

When you make a booking through the Bookeasy booking engine, your personal information (including name, contact details, and payment information) is collected and processed directly by Bookeasy Pty Ltd (ABN 68 122 744 209) and the relevant accommodation provider. This is governed by the privacy provisions in Bookeasy’s Terms and Conditions. Hike Camp Seek does not process, transmit, or store your payment information.

Google (Authentication)

If you choose to sign in using Google, your authentication is handled by Google’s OAuth 2.0 service. We receive your name and email address from Google to create or link your account. Google’s handling of your data is governed by the Google Privacy Policy.

Twilio (WhatsApp Notifications)

If you opt in to WhatsApp notifications, your phone number and notification content are transmitted via Twilio Inc., a cloud communications platform based in the United States. Twilio processes this data solely to deliver messages on our behalf. Twilio may provide delivery status updates (e.g. delivered, read) to our systems for operational and troubleshooting purposes. Twilio’s handling of data is governed by their Privacy Policy.

SendGrid (Email Delivery)

Alert notifications, account verification emails, and password reset emails are delivered via SendGrid, an email delivery service. Your email address and the content of the notification are shared with SendGrid solely for the purpose of delivery. SendGrid may provide delivery status updates (e.g. delivered, bounced) to our systems for operational and troubleshooting purposes. SendGrid’s handling of data is governed by the SendGrid Privacy Policy.

DigitalOcean (Hosting)

The Website and database are hosted on DigitalOcean LLC cloud infrastructure. DigitalOcean provides the servers where your data is stored and processed. Their handling of data is governed by the DigitalOcean Privacy Policy.

Legal Requirements

We may disclose personal information if required to do so by law, regulation, legal process, or enforceable government request, or where we reasonably believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Your Rights

Under the Australian Privacy Principles (APPs), you have the right to:

• Access the personal information we hold about you (APP 12)
• Correct inaccurate or out-of-date information (APP 13)
• Request deletion of your account and associated data
• Withdraw consent for notifications at any time by deleting alerts, changing your preferences in account settings, or deleting your account
• Lodge a complaint if you believe we have breached the APPs (see Section 11)

To exercise any of these rights, contact us at contact@hikecampseek.com.au. We will respond within a reasonable timeframe (generally within 30 days).

7. Data Retention and Deletion

We retain your personal information only for as long as necessary to provide the Services and fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Active Accounts

While your account is active, we retain all information associated with it (profile, alerts, saved trips, notification preferences, and notification logs) to operate the Services.

Account Deletion

You may delete your account at any time through your account settings or by contacting us at contact@hikecampseek.com.au. When your account is deleted:

• Your profile information (name, email, phone number), saved alerts, saved trips, and notification preferences are permanently deleted
• Notification logs (records of emails and messages sent) are deleted or anonymised
• All alert notifications cease immediately

We may retain anonymised or aggregated data (which cannot identify you) for analytical purposes.

Alert Deletion

Deleting an individual alert permanently removes that alert and its associated configuration. Deleting all alerts stops all alert notifications but does not delete your account or other personal information.

Server Logs

Standard web server log data (IP addresses, request timestamps) is retained for a limited period for security monitoring and is not linked to your account.

8. Cross-Border Data Transfers

Some of the third-party service providers we use are based outside Australia. As a result, your personal information may be transferred to, and processed in, other countries, including the United States. Specifically:

• Twilio Inc. (WhatsApp notification delivery) — United States
• Google LLC (OAuth sign-in) — United States
• DigitalOcean LLC (hosting) — data centre region selected at deployment

Where personal information is transferred overseas, we take reasonable steps to ensure that the overseas recipient handles it in accordance with the Australian Privacy Principles (APP 8). This includes selecting reputable providers with established privacy and security practices.

By using the Services, you acknowledge and consent to the transfer of your personal information to these countries for the purposes described in this Policy.

9. Children’s Privacy

The Services are not directed at children under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us at contact@hikecampseek.com.au and we will take steps to delete that information.

10. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Notify registered users by email or by posting a prominent notice on the Website

Your continued use of the Website after changes are posted constitutes your acceptance of the revised Policy.

11. Complaints

If you believe we have breached the Australian Privacy Principles or handled your personal information inappropriately, you may lodge a complaint by contacting us at contact@hikecampseek.com.au.

We will acknowledge your complaint within 7 days and investigate and respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

12. Contact Us

For any questions or requests regarding this Policy or your personal information, contact us:

13. What Are Cookies

Cookies are small text files placed on your device by a website when you visit it. They are widely used to make websites work efficiently, remember your preferences, and provide information to the site owners.

We use cookies and similar technologies (such as local storage) to operate the Website, improve your experience, and understand how the Website is used.

14. Cookies We Use

The following table describes the cookies used by the Website:

Essential Cookies

These cookies are necessary for the Website to function correctly. They cannot be disabled without breaking core functionality.

• sessionid — maintains your authenticated session so you remain logged in as you navigate the Website. Expires when you close your browser or after a period of inactivity.
• csrftoken — a security token that protects form submissions against cross-site request forgery (CSRF) attacks. Expires after 12 months.

Functional Cookies

We do not currently use functional cookies beyond the essential cookies listed above. If we introduce functional cookies in the future (for example, to remember map preferences or UI settings), we will update this section.

Analytics Cookies

We do not currently use any analytics cookies or third-party tracking tools (such as Google Analytics, Hotjar, or Meta Pixel). Website usage is monitored only through standard server logs, which do not use cookies.

If we introduce analytics tools in the future, we will update this Policy and, where required, seek your consent before setting non-essential cookies.

15. Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block all cookies from specific or all sites
• Delete all cookies when you close the browser

Please note that blocking essential cookies may prevent the Website from functioning correctly (e.g. you may not be able to log in).

For more information on managing cookies in your browser:

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge

16. Third-Party Cookies

We do not currently embed third-party services that set their own cookies on the Website (such as analytics trackers, advertising pixels, or social media widgets).

When you navigate to the Bookeasy booking engine to make a booking, you leave the Hike Camp Seek website. Bookeasy may set its own cookies on its platform, governed by the privacy provisions in their Terms and Conditions.

Similarly, if you use Google Sign-In, Google may set cookies during the authentication process, governed by the Google Privacy Policy.

If we introduce third-party services that set cookies on the Website in the future, we will update this section and seek your consent where required.