Within Cooee — Privacy Policy

Effective: 8 May 2026 · Last updated: 8 May 2026

This is the privacy policy for the Within Cooee mobile app ("Within Cooee", "we", "us", "our"). Within Cooee is operated by Scott McGufficke, sole trader (ABN 61 795 631 245), Australia. This policy explains what personal information we collect when you use the app, how we use it, who we share it with, where it is stored, and your rights.

Questions or requests? Email hello@withincooee.app.

1. Information we collect

Information you give us

• Email address — required to create an account.
• Password — handled only by Google Firebase Authentication. We never see your raw password.
• Display name — chosen by you, shown publicly inside the app.
• Profile photo — optional; shown publicly on your profile if you upload one.
• Vehicle preferences — optional (e.g. caravan, motorhome). Used to personalise content. Kept private to your account.
• Notification preferences — your in-app settings.

Information collected when you use the app

• Precise GPS location — collected only when the app is in the foreground, and only when you actively (a) view the map, (b) capture a badge near you, or (c) plan a trip. We do not collect location in the background.
• Badge captures — which badges you collect, when, and the location coordinates and accuracy at the moment of capture (stored privately as evidence of capture).
• Photos you take in-app — if you choose to capture a photo as part of a badge capture, that photo is uploaded to our servers and linked to your capture. Photo capture is optional.
• Trip data — itineraries you create, including the coordinates of stops on a trip. Public trips are visible to other users; unlisted and draft trips are not.
• Engagement — trips you have liked or saved.
• Push notification tokens — when push notifications are enabled in a future version of the app, your device's push token is stored so we can deliver notifications.

Information collected automatically

• Basic device info — device type and operating system version, used so the app renders correctly. We do not collect advertising IDs (IDFA, GAID) or other persistent device identifiers.
• Map and search service usage — when you use the map or search inside the app, the underlying providers (Mapbox and Algolia) receive your queries and basic technical data per their own privacy policies. See Third-party services.

2. How we use your information

We use your information to:

• Create and manage your account
• Show your location on the map and find content nearby
• Verify badge captures within the badge's capture radius
• Save, display, and share trips you create
• Display your public profile (display name, photo, badges, public trips)
• Improve the app and fix bugs
• Comply with legal obligations

We do not use your information for advertising, profiling, or sale to third parties.

3. Who can see your information

Visible to other Within Cooee users

• Your display name, profile photo, total badges and points
• Trips you have published as Public
• Activity feed entries you generate (e.g. publishing a trip)

Kept private to your account

• Your email address
• Vehicle preferences and location-sharing preference
• Exact GPS coordinates and accuracy at the moment a badge was captured
• Trips you have saved as Unlisted or Draft

Third-party service providers

We use the following providers to operate the app. Each is bound by its own privacy policy:

• Google Firebase (Authentication, Firestore database, Cloud Storage) — Google LLC, USA. firebase.google.com/support/privacy
• Mapbox (map tiles and rendering) — Mapbox, Inc., USA. mapbox.com/legal/privacy
• Algolia (search) — Algolia, Inc., USA / France. algolia.com/policies/privacy
• Expo / EAS (app build and update infrastructure) — 650 Industries, Inc., USA. expo.dev/privacy
• Cloudflare (domain and website hosting for this privacy policy) — Cloudflare, Inc., USA. cloudflare.com/privacypolicy

Legal disclosure

We may disclose information if we are required by law (for example, a court order or subpoena under Australian law), or where we believe in good faith that disclosure is necessary to protect users, prevent fraud, or enforce this policy.

Business transfers

If we sell, transfer, or wind up Within Cooee in the future, your information may be transferred to the new operator, subject to this policy.

4. Where your information is stored

Your information is stored on servers operated by our service providers, primarily in the United States. By using the app you consent to your information being transferred to and processed in countries outside Australia. Our providers are bound by their own data protection terms.

5. How we keep it secure

• HTTPS / TLS encryption for data in transit
• Firebase Authentication for password storage (we never see your password)
• Firestore security rules limit what other users can read about you

No system is completely secure. If we become aware of a data breach that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.

6. How long we keep it

We keep your information for as long as your account is active. If you delete your account, we will delete your profile, badge captures, and private content within 30 days, except where we are required by law to keep specific records longer. Public content you created (such as published trips) may be retained in aggregate or anonymised form.

7. Your choices and rights

• Access and update your profile inside the app at any time.
• Withdraw permissions (location, camera, photos) at any time in your device's system settings. The features that rely on those permissions will stop working.
• Delete your account by emailing hello@withincooee.app from the email address on the account. We will confirm and complete deletion within 30 days.
• Request a copy of the personal information we hold about you by emailing hello@withincooee.app.

If you believe we have mishandled your information, please contact us first. You can also lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.

8. Children

Within Cooee is not directed at children under 13. If you are under 13, please do not create an account. If we learn that an account belongs to a child under 13, we will delete it. Parents who believe their child has registered should contact hello@withincooee.app.

9. Changes to this policy

We may update this policy from time to time. The current version is always at withincooee.app/privacy and the "Last updated" date at the top will reflect any changes. For material changes we will notify you in the app or by email before the change takes effect.

10. Contact us

Within Cooee
Scott McGufficke (sole trader)
ABN 61 795 631 245
Australia

Email: hello@withincooee.app

© 2026 Within Cooee. All rights reserved.