Privacy Policy
Version 2.1 · Effective Date: [INSERT DATE]
Data Controller: Bailey Digital Solutions Pty Ltd (ABN 68 689 651 125)
1. Introduction
Bailey Digital Solutions Pty Ltd (ABN 68 689 651 125), trading as CameraComp (“CameraComp”, “we”, “us”), is committed to protecting your personal information. This Privacy Policy describes how we collect, use, store, and share your information when you use the CameraComp platform (“the Platform”).
We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and, where applicable, the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA).
This Privacy Policy forms part of the CameraComp Terms of Service. By creating an account, you acknowledge that you have read and understood this policy.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Full name and display name
- Email address
- Password (stored as a one-way hash — we never store plain-text passwords)
- Club or federation affiliation (if applicable)
- Role within your organisation (member, judge, administrator)
2.2 Profile Information
You may optionally provide:
- Profile photograph
- Biography or about text
- Location (city/state)
- Camera equipment details
- Social media links
2.3 Photographs and Content
When you upload photographs, we process:
- The image file itself (stored securely in original, display, and thumbnail formats)
- EXIF metadata embedded in the image (camera model, lens, exposure settings, date taken)
- GPS coordinates if present in the EXIF data (see Section 6)
- Titles, descriptions, and tags you assign
- Competition entry details (category, submission date)
2.4 Payment Information
When you make a payment:
- Payment card details are entered directly on Stripe’s hosted checkout page — CameraComp does not receive, process, or store card numbers
- We record transaction details: amount, date, description, payment status, and fee breakdown
- Stripe provides us with a payment reference and the last four digits of your card for receipt purposes
2.5 Usage Data
We automatically collect:
- Pages viewed and features used
- Device type, browser, and operating system
- IP address (used for security and approximate geographic location)
- Login dates and times
- Error logs and performance data
3. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide the Platform | Account, content, usage data | Performance of contract |
| Process payments | Transaction records, Stripe references | Performance of contract |
| Manage competitions | Entries, scores, results | Performance of contract |
| Display galleries and portfolios | Photographs, profile information | Your consent (portfolio) / Contract (galleries) |
| Send notifications | Email, competition status, results | Performance of contract / Legitimate interest |
| Platform improvement | Anonymised usage data, error logs | Legitimate interest |
| Industry analytics | Anonymised EXIF metadata, aggregated statistics | Legitimate interest |
| Security and fraud prevention | IP address, login activity, usage patterns | Legitimate interest / Legal obligation |
| Legal compliance | Transaction records, identity information | Legal obligation |
4. Payment Data
All payments are processed through Stripe, a PCI DSS Level 1 certified payment processor. CameraComp uses Stripe Connect to facilitate payments between members and clubs/federations.
- CameraComp never receives or stores full card numbers, CVVs, or card expiry dates
- Stripe acts as the payment processor; the club or federation is the merchant of record for competition entries and membership dues
- Transaction records (amounts, dates, descriptions, fee breakdowns) are retained by CameraComp for 7 years as required by Australian taxation law
- Stripe’s own privacy policy applies to data processed by Stripe
5. Photograph Data
Your photographs are stored using a three-tier architecture: original files (preserved as uploaded), display-resolution copies, and thumbnails. All image storage uses content-addressable hashing (SHA-256) for integrity verification and deduplication.
- Original files are stored encrypted at rest in their uploaded format
- We create optimised display versions and thumbnails for platform performance
- Image variants are generated server-side using industry-standard libraries
- Deleted images are permanently removed from all storage tiers within 30 days
6. EXIF and Location Data
Many photographs contain EXIF metadata embedded by your camera, including camera model, lens information, exposure settings, date and time, and potentially GPS coordinates.
- EXIF metadata is stored alongside your image for your reference
- GPS coordinates (if present) are stored but are never publicly displayed on the Platform
- EXIF data may be used in anonymised, aggregated form for industry analytics (e.g., most popular camera models)
- You may remove EXIF data from your photographs before uploading — this is your responsibility
- When images are displayed publicly (galleries, portfolios, results), EXIF data is stripped from the served image files
7. Who We Share Data With
7.1 Service Providers
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database hosting | All platform data | Australia / US |
| Cloudflare R2 | Image storage | Photographs | Nearest region |
| Stripe | Payment processing | Transaction data | US (PCI compliant) |
| Vercel | Application hosting | Request logs, IP addresses | US / Australia |
| Postmark | Email delivery | Email addresses, notification content | US |
| Sentry | Error monitoring | Error logs, anonymised usage data | US |
7.2 Clubs and Federations
If you are a member of a club or federation on the Platform, your club administrators can see:
- Your name, email, and membership status
- Your competition entries and results within that club
- Your attendance and participation records
Club administrators cannot see your private gallery, your activity in other clubs, your payment card details, or your login credentials.
7.3 Judges
During the judging process, judges can see your submitted photographs but cannot see your name or identity (anonymous judging). Your identity is revealed to judges only after results are published, and only if the competition is configured to do so.
7.4 Legal Disclosure
We may disclose personal information where required by:
- Australian law, regulation, or court order
- A lawful request from a law enforcement agency
- To protect the rights, safety, or property of CameraComp, its users, or the public
7.5 No Sale of Data
CameraComp does not sell, rent, or trade your personal information to third parties for marketing purposes. We do not share your data with advertisers.
8. International Data Transfers
Some of our service providers are located in the United States. When your data is transferred outside Australia, we ensure that:
- The recipient is subject to enforceable data protection obligations (contractual or regulatory)
- Data is encrypted in transit and at rest
- We use providers with strong security track records and relevant certifications (e.g., SOC 2, PCI DSS)
For users in the European Economic Area, transfers to countries without adequacy decisions are governed by Standard Contractual Clauses or equivalent safeguards.
9. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Duration of account + 30 days after deletion | Service operation and deletion processing |
| Photographs | Until you delete them or delete your account + 30 days | Your control over your content |
| Competition results | Indefinitely (as historical record) | Competition integrity and history |
| Payment records | 7 years after transaction | Australian taxation law (ATO requirements) |
| Usage logs | 12 months | Security, debugging, platform improvement |
| Support correspondence | 3 years after resolution | Service quality and dispute resolution |
| Error logs | 90 days | Technical debugging |
10. Your Rights
10.1 Australian Privacy Principles
Under Australian law, you have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate or out-of-date information
- Request deletion of your personal information (subject to legal retention requirements)
- Make a complaint to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs
10.2 GDPR Rights (EEA Residents)
If you are located in the European Economic Area, you also have the right to:
- Data portability (receive your data in a structured, commonly used format)
- Restrict processing of your data in certain circumstances
- Object to processing based on legitimate interest
- Withdraw consent at any time (where processing is based on consent)
- Lodge a complaint with your local data protection authority
10.3 How to Exercise Your Rights
To make a request, contact us at privacy@cameracomp.com.au. We will respond within 30 days (or 28 days for EEA requests). We may need to verify your identity before processing your request.
You can also manage your data directly through your account settings, including downloading your photographs, updating your profile, and deleting your account.
11. Security
We implement the following security measures:
- Encryption of data in transit (TLS 1.2 or higher) and at rest
- Row-level security (RLS) policies restricting database access to authorised users
- Secure password hashing using industry-standard algorithms (passwords are never stored in plain text)
- Regular security updates and dependency patching
- Content-addressable storage with SHA-256 integrity verification
- Regular automated backups with point-in-time recovery
In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988).
12. Cookies
CameraComp uses essential cookies only:
- Authentication cookies (to keep you signed in)
- Session management cookies (to maintain your session state)
- Security cookies (CSRF protection)
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not participate in cross-site tracking or ad networks.
13. Children\u2019s Privacy
CameraComp requires users to be at least 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has created an account, we will promptly delete the account and associated data.
If you are a parent or guardian and believe your child has created an account, please contact us at privacy@cameracomp.com.au.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Notify you by email or in-platform notification at least 30 days before changes take effect
- Update the version number and effective date at the top of this policy
- Maintain a record of previous versions
Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.
15. Complaints
If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us at privacy@cameracomp.com.au. We will respond within 30 days.
If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner
Website: www.oaic.gov.au
Phone: 1300 363 992
16. Contact
For privacy enquiries:
Bailey Digital Solutions Pty Ltd (ABN 68 689 651 125)
Privacy: privacy@cameracomp.com.au
Support: support@cameracomp.com.au
General: contact@cameracomp.com.au
Website: www.cameracomp.com.au
This Privacy Policy is governed by Australian law and the Australian Privacy Principles.