PRIVACY POLICY

POLISHED TURDS

Operated by JARACZEWSKI HOLDINGS PTY LTD (ABN: 33692484790)

Effective Date: 15 February 2026

1. ABOUT THIS POLICY

1.1 Responsible Entity

This Privacy Policy is issued by JARACZEWSKI HOLDINGS PTY LTD (ABN: 33692484790), trading as "Polished Turds," with its registered office at Level 19, 10 Eagle Street, Brisbane, QLD, Australia. References to "we," "us," or "our" throughout this document refer to this entity.

1.2 Scope

This policy applies to all personal information collected through the Polished Turds platform, including the web application, progressive web app (PWA), Android application, and any associated services or APIs.

1.3 Our Mission

"To promote transparency and accountability in the Australian rental market by empowering tenants to share their genuine experiences, while maintaining the highest standards of privacy protection for all users."

2. DEFINITIONS

In this Privacy Policy, the following terms have the meanings set out below:

Personal Information -- information that identifies or could reasonably identify an individual, as defined by the Privacy Act 1988 (Cth).
Platform -- the Polished Turds web application, PWA, Android application, and associated services.
User -- any individual who accesses or uses the Platform, whether registered or unregistered.
Content -- any text, images, videos, ratings, reviews, or other material submitted by Users.
APPs -- the Australian Privacy Principles contained in Schedule 1 of the Privacy Act 1988 (Cth).

3. INFORMATION WE COLLECT

3.1 Overview

We collect information necessary to operate the Platform and provide our services. The categories below describe the types of information collected, the specific data points, and the purposes for collection.

3.2 Account and Registration Data

Data Point	Required	Purpose
Email address	Yes	Account authentication and essential communications
Username	Yes	Public profile identification and anonymity
Password	Yes	Account security (stored as secure hash only)
Profile picture	No	User personalisation and community identity
Assigned anonymous number	Auto	Additional layer of user anonymity

3.3 User-Generated Content Data

Content Type	Data Collected	Visibility
Property reviews	Address, ratings, review text, media uploads	Public
Manager reviews	Manager name, agency, ratings, review text	Public
Comments	Comment text, timestamp, author reference	Public
Reactions	Reaction type, timestamp	Aggregated publicly
Reports/flags	Report reason, supporting details	Private (moderation only)

3.4 Automatically Collected Data

Data Type	Purpose	Retention Period
IP address	Security, fraud prevention, approximate geolocation	90 days
Device type and OS	Platform optimisation and compatibility	90 days
Browser information	Rendering compatibility and debugging	90 days
Pages viewed	Service improvement and analytics	12 months
Search queries	Search relevance improvement	12 months
View history	Recently Viewed feature (limited to 50 entries)	Until manually cleared
Timestamps	Activity logging and trending algorithms	12 months
Network status	Offline capability and sync management	Session only

4. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

Providing, maintaining, and improving the Platform and its features
Processing, displaying, and moderating user-submitted reviews and content
Authenticating users and maintaining account security
Sending essential service notifications (account activity, moderation outcomes)
Operating trending, latest, and search features using aggregated interaction data
Detecting, preventing, and responding to fraud, abuse, spam, and policy violations
Generating anonymised, aggregated analytics to improve the user experience
Responding to support inquiries, legal requests, and dispute resolution
Complying with applicable Australian laws and regulatory requirements

We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects.

5. INFORMATION SHARING AND DISCLOSURE

5.1 Categories of Recipients

Recipient	Data Shared	Purpose	Safeguards
Other Platform users	Username, reviews, comments, ratings	Core platform functionality	Users control what they submit publicly
Supabase (database host)	All stored data	Database hosting and authentication	SOC 2 Type II certified, encrypted at rest and in transit
Sentry (error tracking)	Error logs, device info, anonymised usage data	Application stability monitoring	Data minimisation, no PII in error reports
Law enforcement	As required by valid legal process	Legal compliance	Verified legal authority and valid process required
Content moderators	Reported content and associated metadata	Content policy enforcement	Access controls and audit logging

5.2 No Sale of Data

We do not sell, rent, lease, or trade your personal information to any third party for marketing, advertising, or any other commercial purpose. This commitment is unconditional and applies to all categories of personal information we collect.

5.3 Legal Disclosure

We may disclose personal information where required by law, court order, subpoena, or valid government request, or where necessary to protect the rights, property, or safety of our users, ourselves, or the public.

6. YOUR RIGHTS AND CHOICES

6.1 Available Rights

Right	Description	How to Exercise
Access	Request a copy of the personal information we hold about you	Email privacy-polished@proton.me
Correction	Request correction of inaccurate or incomplete information	Update via your profile, or email us
Deletion	Request deletion of your account and associated personal data	Email privacy-polished@proton.me
Data portability	Request a machine-readable copy of your data	Email privacy-polished@proton.me
Content removal	Request removal of specific content you submitted	Email with details of the content
Complaint	Lodge a complaint about our handling of your information	Contact us or the OAIC (www.oaic.gov.au)

We will respond to all valid requests within 30 days. In complex cases, we may extend this period by an additional 30 days with written notice. We will not charge a fee for reasonable access requests.

7. DATA SECURITY

We implement and maintain technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction:

All data transmitted via HTTPS/TLS encryption
Passwords stored using industry-standard one-way hashing algorithms
Row-level security (RLS) policies enforced at the database level
Authentication tokens with secure session management
Regular security reviews and dependency updates
Access controls limiting data access to authorised personnel only
Content moderation systems to detect and remove harmful material

While we take all reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but will promptly notify affected users in the event of a data breach as required by the Notifiable Data Breaches scheme under the Privacy Act 1988.

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 Overview

The Platform uses limited cookies and local storage technologies essential to its operation. We do not use third-party advertising cookies or cross-site tracking.

8.2 Technologies Used

Technology	Purpose	Duration	Can Be Disabled
Authentication cookies	Maintain your signed-in session	Until sign-out or expiry	No (required for account access)
Local storage	Offline data caching and preferences	Persistent until cleared	Yes (via browser settings)
Service worker cache	PWA offline functionality and performance	Managed automatically	Yes (via browser settings)
Sentry session data	Error tracking and stability monitoring	Session duration	No (essential for service reliability)
Capacitor Preferences	Native app settings storage (Android)	Persistent until cleared	Yes (via app settings)

9. DATA RETENTION

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods are noted in Section 3.4 above for automatically collected data.

Active accounts: Data retained for the lifetime of the account.
Deleted accounts: Personal data removed within 30 days of deletion request. Backup copies may persist for up to 90 days.
Public reviews: May be anonymised rather than deleted to maintain platform integrity and community trust. Anonymised content is no longer linked to any identifiable user.
Legal holds: Data subject to legal proceedings or regulatory investigation will be retained until the matter is resolved.

10. CHILDREN'S PRIVACY

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete that information. If you believe a child has provided us with personal information, please contact us at privacy-polished@proton.me.

11. INTERNATIONAL TRANSFERS

Our Platform is primarily designed for users in Australia. Our database infrastructure is hosted by Supabase, which may store data in data centres located outside Australia. Where personal information is transferred internationally, we ensure that appropriate safeguards are in place in accordance with APP 8, including contractual obligations requiring the overseas recipient to comply with the APPs.

12. AUSTRALIAN PRIVACY PRINCIPLES

We are committed to compliance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). This policy has been designed to address the requirements of each applicable APP, including:

APP 1: Open and transparent management of personal information (this Policy).
APP 3: Collection of solicited personal information only where reasonably necessary.
APP 5: Notification of collection (Sections 3.1 -- 3.4).
APP 6: Use and disclosure limited to primary purpose or related secondary purposes (Section 4).
APP 8: Cross-border disclosure safeguards (Section 11).
APP 11: Security of personal information (Section 7).
APP 12: Access to personal information (Section 6).
APP 13: Correction of personal information (Section 6).

If you have concerns about our compliance with the APPs, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by phone at 1300 363 992.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Post the updated policy on the Platform with a revised effective date
Notify registered users via in-app notification for significant changes
Provide at least 14 days notice before material changes take effect

Your continued use of the Platform after the effective date of any changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

14. CONTACT AND COMPLAINTS

If you have questions, concerns, or complaints about this Privacy Policy or our handling of your personal information, please contact us:

Email: privacy-polished@proton.me

Website: www.au-polished-turds.com/signup

Company: JARACZEWSKI HOLDINGS PTY LTD

ABN: 33692484790

Address: Level 19, 10 Eagle Street, Brisbane, QLD, Australia

We aim to resolve all complaints internally within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

CERTIFICATION

This Privacy Policy has been prepared and certified by JARACZEWSKI HOLDINGS PTY LTD in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. By using the Polished Turds platform, you acknowledge that you have read, understood, and consent to the practices described in this policy.

Document version 2.0 -- Last reviewed 15 February 2026