Business Privacy Policy

This Privacy Policy explains how AusLanka Business Directory (we, us, our) collects, uses, stores, and discloses personal information when you use our website and business directory services (Service).

We are an Australia-focused platform that helps users discover businesses and helps businesses manage their listings, posts, deals, menu items, products, services, events, and analytics.

Our privacy practices are intended to align with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). This policy is provided for transparency and does not limit any rights you may have under applicable law.

Depending on how you use the Service, we may collect:

• Account information: email address, name, profile photo (if provided), authentication identifiers.
• Business listing information: business name, address/suburb, contact details, opening hours, categories, descriptions, images, and other information you publish in your listing.
• Communications: messages you send to us (for example support requests), and your preferences (where provided).
• Usage and device data: pages viewed, clicks, referrer URL, approximate location inferred from IP (where available), device and browser information (for example user agent), and identifiers such as session IDs.
• Cookies and similar technologies: used to operate the Service and for analytics (see section 9).

If you choose to include personal information in your business listing (for example a personal mobile number), that information may be publicly visible.

• Directly from you when you create an account, create or edit a listing, submit content, or contact us.
• Automatically when you browse the Service (for example via cookies, analytics tools, server logs, and in-product event tracking).
• From third parties where you choose to use third-party sign-in or services integrated into the Service.

We may use personal information to:

• Provide, maintain, and improve the Service, including business listings and discovery features.
• Authenticate users and secure accounts.
• Show businesses analytics about how users interact with their public pages (for example profile views and clicks).
• Communicate with you, respond to support requests, and send service-related notices.
• Monitor for misuse, protect our users, detect fraud, and enforce our terms.
• Comply with legal obligations and respond to lawful requests.

If you choose Google Sign-In, we access specific Google account data through Firebase Authentication. This typically includes:

• Basic profile data: your Google account name, email address, and profile photo URL.
• Authentication identifiers: unique account identifiers and token claims needed to verify your identity and keep your session active.
• Account status metadata: data such as whether your email is verified and which sign-in provider was used.

We do not request Google API scopes for Gmail, Drive, Calendar, Contacts, or other restricted Google user data for this sign-in flow.

When accessed through Google Sign-In, we use Google user data to:

• Authenticate your account and allow secure sign-in.
• Create or update your AusLanka account record (for example email, display name, and profile photo).
• Issue and validate secure sessions, including cross-service single sign-on where applicable.
• Protect accounts, detect abuse, and troubleshoot authentication issues.

We do not sell Google user data, and we do not use Google user data obtained via Google APIs for advertising purposes or AI/ML model training.

Google Sign-In data is stored and processed in services we use to run the platform, including Firebase Authentication and our databases.

• Account records: fields such as UID, email, display name, profile photo URL, provider ID, and account timestamps.
• Session management: secure HTTP-only session cookies used to keep you logged in for a limited period.

We apply access controls and security measures designed to limit access to authorised personnel and systems only. You can request account deletion by contacting us at contact us.

We may disclose personal information to third parties where necessary to provide the Service, including:

• Infrastructure and hosting: cloud hosting and storage providers.
• Authentication and database: providers such as Firebase (Google) used for authentication and data storage.
• Analytics: tools such as Google Analytics, and internal analytics stored in AWS DynamoDB.
• Professional advisers: legal, accounting, or other advisers where required.
• Authorities: regulators or law enforcement where required or permitted by law.

We require service providers to handle information in a manner consistent with this policy and applicable law.

We do not sell personal information, including Google user data accessed through Google Sign-In.

We use cookies and similar technologies to operate the Service, remember preferences, measure performance, and understand how the Service is used.

We use Google Analytics to help us measure traffic and usage patterns. We may also collect internal analytics events (such as profile views and clicks) to provide aggregate insights to businesses and to improve the Service.

You can usually control cookies through your browser settings. If you disable certain cookies, some features of the Service may not function properly.

For more detail, see our Cookie Policy.

Some of our service providers (including analytics and cloud providers) may process or store information outside Australia. Where we disclose information overseas, we take reasonable steps to ensure it is handled in a manner consistent with the APPs and this policy.

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. No method of transmission or storage is completely secure.

We retain personal information only for as long as needed for the purposes described in this policy (unless a longer retention period is required or permitted by law), and then delete or de-identify it where reasonable.

Where we become aware of an eligible data breach, we will act in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

You may request access to, or correction of, personal information we hold about you. We may need to verify your identity before responding.

Businesses can generally update listing information directly through their dashboard. If you need help, contact us at contact us.

If you have a complaint about how we handle personal information, please contact us with as much detail as possible so we can investigate.

If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner (OAIC).

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

For privacy questions, requests, or complaints, contact us at contact us.

Website: business.auslanka.com.au