Privacy Policy
Last updated: May 2026
1. Who we are
This policy covers LocalSpot (localspot.au). References to “we”, “us” or “our” mean the platform operator. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
2. Information we collect
Customers (requesting a quote)
- Name, email address, and phone number
- Job address, suburb, state, and postcode
- Job notes and special instructions you choose to provide
- Selected trade and job details
- IP address (used strictly for network rate-limiting, not stored long-term)
Business Owners (registering a trade business)
- Business name, trading address, phone number, and email address
- Account password (stored securely as a one-way bcrypt hash — we never hold or view your plain-text password)
- ABN, licensing declarations, regulatory compliance confirmations, and insurance confirmation data
- Google account details if you sign in via Google (sub-identifier and email address only)
- Calendar integration credentials (stored encrypted using authenticated AES-256-GCM)
- Social media content shortcodes and map photo selections (optional, if utilized by the owner)
We do not collect: credit card numbers, bank details, government identity numbers, health records, or general browsing history.
3. How we use your information
- To process, route, and confirm quote requests, and send secure OTP verification codes
- To allow tradie owners to manage their listings and respond to quote requests
- To display business listings and locations accurately in search results
- To provide AI-powered directory chat support (see section 7)
- To send transactional notifications (booking confirmation alerts, updates, cancellations) via email and SMS
- To protect our infrastructure and prevent automated bot abuse via rate limiting
We do not sell, rent, trade, or share your personal information with third parties for their marketing or advertising purposes.
4. Third-party services we use
We share the minimum necessary data with the following infrastructure service providers to operate the platform. Each provider maintains their own independent privacy terms.
- Email Delivery Vendor: Name, email address, and booking summary (for transactional emails and OTP links)
- SMS Gateway Provider: Mobile phone number, 6-digit OTP code, and booking summary (for SMS verification and alerts)
- Calendar Integration Partner: Name, email address, and phone number (for connected businesses syncing external calendars)
- Mapping API Provider: Search queries and addresses (for business location mapping and geocoding)
- Artificial Intelligence APIs: Chat conversation text inputs (to process directory assistance queries)
- Cloud Database Host: All encrypted platform data (for secure cloud server hosting)
- Web Application Host: General web traffic routing (for platform application hosting and delivery)
Because our cloud infrastructure and hosting providers utilize secure data centers globally, your encrypted platform information may be processed outside Australia. We ensure industry-standard protection measures are in place consistent with Australian Privacy Principle 8.
5. Data storage and security
- Passwords are encrypted instantly using one-way bcrypt hashes (never visible in plain text)
- Password reset tokens are stored securely using SHA-256 cryptographic hashes
- External platform integration tokens are fully encrypted at rest using AES-256-GCM
- Active user session cookies are configured as
httpOnly,SameSite, andSecurein production environments - One-Time PIN (OTP) verification codes automatically expire after 5 minutes and lock out after 5 incorrect attempts
- All backend system endpoints accessing customer data enforce strict server-side authentication
- Rate limiting rules are actively enforced across all login, registration, and data submission forms
6. Cookies
We utilize minimal functional cookies strictly required to run the platform:
- salon_id — Secure authentication token for registered tradie owners (24-hour session, httpOnly)
- admin_token — Secure authentication token reserved for platform administrative management panels (24-hour, httpOnly)
Third-party components, such as embedded maps, may set operational cookies when rendered on your screen. We do not run third-party advertising tracking pixels or retargeting cookies.
7. AI chat assistant
Our customer support widget utilizes artificial intelligence processing. When interacting with the assistant:
- Your text chat inputs are processed securely by external artificial intelligence APIs to generate directory responses
- Do not type or share sensitive personal, financial, health, or private information inside the chat input box
- Automated responses are purely informational and should always be independently verified for accuracy
8. Data retention
- Quote Request Records: Retained in active database logs for 12 months following submission
- Registered Provider Account Data: Maintained securely while your directory listing account remains active
- One-Time PIN (OTP) Codes: Purged immediately upon successful verification or code expiration (5 minutes)
- Password Reset Tokens: Purged immediately upon utilization or expiration (1 hour)
9. Your rights
Under the Australian Privacy Act 1988, you maintain the explicit right to:
- Request access to the specific personal information we hold about you
- Request immediate corrections to any inaccurate, incomplete, or outdated information
- Request the deletion of your personal data profile (subject to statutory record-keeping obligations)
- Lodge a formal inquiry or complaint with the Office of the Australian Information Commissioner (OAIC) via oaic.gov.au
To exercise any of these rights, please contact our privacy compliance officer directly at privacy@localspot.au. We process and respond to all verified requests within 30 days.
10. Contact
For all privacy inquiries, data extraction requests, or compliance questions:
Email: privacy@localspot.au
Country of Operation: Australia
This policy is provided for general information. It is not legal advice.