Privacy Policy
Last updated: 13 May 2026 · Version 3.0 · Effective from launch
WearMoney is operated from Brisbane, Queensland, Australia. This policy explains what personal information we collect, why we collect it, how we use it, who we share it with, and how to control it. Plain English with technical specifics where they matter.
Contents
1. What we collect
1.1 Account
- Email address (login + transactional email)
- Password hash (we never store plaintext)
- Role — Hunter, Carrier, or Merchant
- Public handle (e.g.
@sam_brz) — visible to other users in QR codes and voucher signatures - Display name (optional, defaults to the handle)
1.2 Location
- Hunters: GPS coordinates while the app is foregrounded, plus a captured snapshot at each scan or redeem event
- Carriers: Continuous GPS while broadcasting "online", to advertise availability to nearby Hunters. You may stop broadcasting at any time from inside the app
- Merchants: Store address coordinates only — declared during onboarding
1.3 Activity
- Scan events — which Carrier you scanned, your GPS at scan time, distance from the Carrier, your device timestamp
- Voucher claims and redemptions — which template you received, which merchant accepted, GPS verification
- Streak and gameplay counters — XP earned, suburbs visited, daily streak
1.4 Payments
- Card and bank details — handled by Stripe. We never see or store card numbers
- Stripe Customer ID, Stripe Connect Account ID, Stripe Transfer / Payout IDs — kept for reconciliation
- Transaction history — amount, currency, kind (scan / claim / redeem / payout / credit purchase)
1.5 Device
- APNs push notification token (so we can notify you of scan events, voucher expiry, etc.)
- App version, iOS version, anonymous device identifier (for crash reports — Apple's
IDFAis not used)
2. Why we collect it
- To match Hunters with nearby Carriers and merchants
- To award and track gameplay (XP, streaks, suburb badges)
- To pay Carriers their share via Stripe Connect
- To charge merchants for results delivered (scan / claim / redeem)
- To prevent fraud — for example, blocking self-scans, multi-device farming, GPS spoofing
- To send you transactional emails (welcome, receipts, payout confirmations, expiry warnings)
- To meet Australian Consumer Law and Australian Taxation Office record-keeping requirements
3. Who we share it with
| Service | What we share | Why | Region |
|---|---|---|---|
| Stripe | Customer ID, Connect Account ID, transaction amounts, payout requests | Payment processing + KYC | USA + EU |
| Firebase / Google Cloud | All app data — hosting + database | Backend infrastructure | australia-southeast1 (Sydney) |
| Resend | Email address + email body | Transactional email delivery | USA |
| Mapbox | Map viewport coordinates only (not pinned to you) | Map tile rendering | USA (Mapbox CDN) |
| Printful | Carrier name + shipping address (for T-shirt fulfilment) | Print-on-demand T-shirt with embedded QR code | Latvia + USA + Mexico |
| Apple (APNs) | Encrypted push notification payloads | To deliver in-app notifications | Apple's global APNs |
Merchants see only anonymous aggregate scan / claim / redeem counts. They see your public handle on a redeemed voucher but not your email, address, or card details.
We do not sell personal information. We do not use third-party advertising trackers.
4. Location data — Hunter and Carrier specifics
4.1 Hunter location
While you are foregrounded in the WearMoney app, we capture your GPS once every 5 seconds. We use it only to:
- Find Carriers within 30 metres of you (so you can scan them)
- Verify you are within 5 metres of a merchant when you redeem a voucher
- Award suburb badges
GPS pings tied to a scan or redeem event are kept for 12 months for fraud investigation. Other location samples are dropped within 24 hours.
4.2 Carrier location
When you toggle "broadcast" on, your GPS is published in real time to Hunters within a 30-metre bubble. The full broadcast trail is logged for the duration of the session and kept for 90 days for income reconciliation. You can stop broadcasting at any time. The app does not require "Always" location permission unless you opt-in to background broadcasting.
4.3 Merchant location
Merchant address coordinates are publicly displayed inside redeemed vouchers and are part of the Mystery Hunt reveal mechanic.
5. Payment data and Stripe Connect
All card payments and bank account details are handled by Stripe. We never see or store full card numbers. We hold a Stripe Customer ID for merchants and a Stripe Connect Account ID for Carriers, plus the IDs of every Transfer and Payout.
Carriers must complete Stripe KYC (identity verification) before requesting their first payout. Stripe handles that flow under its own privacy policy.
Merchants pay WearMoney via prepaid credit packs (Stripe Checkout). Their card details stay with Stripe.
6. Data retention (per type)
| Type | Kept for | Why |
|---|---|---|
| Account data (email + handle) | Until you delete + 30 days residual | Account recovery window |
| Voucher records | 3 years from claim | Australian Consumer Law minimum + 1 year audit buffer |
| Transaction history | 7 years | Australian Taxation Office requirement |
| Scan / claim event logs | 12 months | Fraud investigation |
| Location pings (untied to event) | 24 hours | Performance + session continuity only |
| Carrier broadcast trails | 90 days | Income reconciliation + dispute handling |
| Email logs | 30 days | Delivery troubleshooting via Resend |
7. Your rights
Under the Australian Privacy Principles you have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Request deletion of your account — we will purge or anonymise within 30 days, subject to retention requirements above
- Withdraw consent for any marketing email at any time (transactional emails are not opt-out)
- Receive a copy of your data in a portable format (JSON)
- Lodge a complaint with the Office of the Australian Information Commissioner
To exercise any of these, email privacy@wear-money.com. We aim to respond within 14 days.
8. International transfers
Some of our service providers (Stripe, Resend, Printful, Apple APNs) process your data outside Australia. Where personal information is transferred internationally, we use the European Commission's Standard Contractual Clauses (or equivalent safeguards) to ensure your data receives a comparable level of protection.
9. Age requirements
WearMoney is intended for users 18 and over. Carriers must be 18+ to comply with Stripe Connect requirements. Hunter accounts can be created under 18 with parental consent; in that case, any earned balance is held until the Hunter turns 18 (we cannot disburse to a minor).
10. Security
- All traffic uses HTTPS (TLS 1.2+)
- Database access is gated by Firebase Auth + Firestore Security Rules
- Sensitive secrets (Stripe keys, Resend API key, APNs key) are stored in Google Cloud Secret Manager
- Payment data never touches our servers — it flows directly to Stripe
- We anonymise personal information in analytics and aggregate reports (no names, no email addresses, no precise GPS)
11. Changes to this policy
If we make material changes, we will notify you via the email address on your account at least 14 days before the change takes effect. The "Last updated" date at the top of this page reflects any change.
12. Contact
Privacy officer: privacy@wear-money.com
General: hello@wear-money.com
Postal: WearMoney, Brisbane, Queensland, Australia