Privacy Policy

Version 1 — MVP

This policy explains what personal information Nodus collects, how it is used, how it is stored, and the rights of individuals under Australian privacy law.

Nodus is committed to handling personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

Account information — When you register, we collect your name, email address, phone number, and role (buyer or seller). Sellers also provide business name and ABN.

Transaction information — When you place or receive an order, we record order details, amounts, fulfilment type, and delivery addresses where applicable.

Payment information — Payment card details are collected and processed directly by our third-party payment provider, Stripe. Nodus does not store, access, or process card numbers, CVVs, or bank account details. Stripe's handling of payment data is governed by Stripe's own privacy policy and PCI-DSS compliance.

Freight information — For delivery orders, we share necessary details (names, addresses, phone numbers) with third-party freight carriers to arrange transport.

Dispute information — If a dispute is raised, we collect photographs, descriptions, and supporting evidence submitted by buyers and sellers.

Usage information — We may collect basic usage data such as pages visited and actions taken on the platform for the purpose of improving the service.

We use personal information to: operate the platform and process transactions; facilitate communication between buyers, sellers, and the platform; arrange freight and delivery; handle disputes and enforce platform policies; send transactional notifications (in-app and email); comply with legal obligations; and improve the platform.

We do not use personal information for marketing purposes without your consent. We do not sell personal information to third parties.

We share personal information only where necessary to operate the platform.

Stripe — Payment processing. Stripe receives buyer payment details directly and seller bank account details for payouts. Governed by Stripe's privacy policy.

Freight carriers — Delivery address, contact name, and phone number are shared with carriers to fulfil delivery orders. Carriers operate under their own privacy policies.

Buyers and sellers — Sellers see the buyer's name and delivery details for fulfilled orders. Buyers see the seller's business name and pickup location. Neither party sees the other's email, phone number, or account details unless explicitly provided in the listing or order context.

We do not share personal information with advertisers, data brokers, or unrelated third parties.

Personal information is stored in our database hosted by Supabase, which uses encrypted connections and access controls. Authentication is managed by Supabase Auth with hashed passwords and secure session management.

Payment data is handled entirely by Stripe and is not stored on our servers.

We use Row Level Security (RLS) on our database to ensure users can only access data they are authorised to see.

While we take reasonable steps to protect personal information, no system is completely secure. We encourage users to maintain strong passwords and contact us if they suspect unauthorised access to their account.

Nodus uses essential cookies for authentication and session management. These are necessary for the platform to function and cannot be disabled.

We do not use advertising cookies, tracking pixels, or third-party analytics services that track individual users across other websites.

Under the Australian Privacy Principles, you have the right to: access the personal information we hold about you; request correction of inaccurate information; and request deletion of your personal information, subject to our legal obligations to retain certain records (such as transaction and dispute records required for compliance and dispute resolution).

To exercise any of these rights, contact us at privacy@nodus.au. We will respond within 30 days.

We retain personal information for as long as your account is active and for a reasonable period afterwards to comply with legal obligations, resolve disputes, and enforce platform policies.

Transaction records, dispute records, and payout records are retained for a minimum of 7 years in accordance with Australian tax and business record-keeping requirements.

If you request account deletion, we will remove or anonymise personal information that is not required for legal retention.

Nodus is a business-to-business platform intended for use by businesses and individuals aged 18 years or over. By creating an account, you confirm that you are at least 18 years of age. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected information from a person under 18, we will take steps to delete it.

We may update this policy from time to time. Changes apply prospectively and do not alter rights or obligations arising prior to the update.

Where a material change is made, we will notify registered users via email or in-app notification.

For privacy-related enquiries, requests for access or correction, or complaints about how your personal information has been handled, contact us at privacy@nodus.au.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.