PlanFlowers Logo

Privacy Policy

Last updated: 2 December 2025

1. Overview

PlanFlowers (ABN 52 202 079 312) is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

2. Information We Collect

Information you provide:

  • Account information: Your name and email address
  • Recipient details: Name, delivery address, and phone number of gift recipients
  • Occasion details: Dates, occasion types, and personal messages
  • Payment information: Handled securely by Stripe (see below)

Information collected automatically:

  • Usage data: Pages visited, features used, and interaction patterns
  • Device information: Browser type, operating system, and device identifiers
  • Analytics: Aggregated, anonymised data via Google Analytics 4

3. What We Do NOT Collect

We prioritise your security by never storing:

  • Full credit card numbers
  • CVV/security codes
  • Bank account details

All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. We only store a secure token reference and the last 4 digits of your card for display purposes.

4. How We Use Your Information

We use your information to:

  • Process and deliver your flower orders
  • Send order confirmations, delivery notifications, and receipts
  • Remind you of upcoming occasions and charges
  • Provide customer support
  • Improve our service and user experience
  • Comply with legal obligations

5. Third-Party Services

We share limited information with trusted service providers:

  • Stripe: Payment processing (PCI-DSS compliant)
  • Supabase: Database hosting (SOC 2 Type II certified)
  • Resend: Email delivery for notifications
  • Google Analytics: Anonymised usage analytics
  • Vercel: Website hosting
  • Sentry: Error monitoring (PII redacted)

We do not sell your personal information to third parties.

6. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Required for login and security
  • Analytics cookies: Google Analytics 4 (anonymised, no personal identifiers)

You can disable cookies in your browser settings, though this may affect functionality.

7. Data Security

We protect your data through:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest (database-level)
  • Row-level security policies (you can only access your own data)
  • Regular security audits
  • Limited employee access on a need-to-know basis

8. Data Retention

We retain your data for as long as your account is active. If you close your account, we will delete your personal information within 30 days, except where we are required to retain records for legal, tax, or accounting purposes (typically 7 years for transaction records).

9. Your Rights

Under Australian privacy law, you have the right to:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Portability: Receive your data in a machine-readable format
  • Complaint: Lodge a complaint with the OAIC if unsatisfied

To exercise these rights, contact us at hello@planflowers.com.au.

10. International Data Transfers

Some of our service providers (Stripe, Supabase, Vercel) may process data in the United States or other countries. These providers maintain appropriate safeguards including SOC 2 certification and standard contractual clauses.

11. Children's Privacy

Our service is not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email and posted on this page with a new "Last updated" date.

13. Contact Us

For privacy-related enquiries:

PlanFlowers
ABN: 52 202 079 312
Email: hello@planflowers.com.au
Location: Sydney, Australia

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.