Windsor Digital

Privacy Policy

Effective date: 24 March 2026

1. About this policy

Windsor Digital Pty Ltd ("Windsor Digital", "we", "us") operates an online ordering platform for independent hospitality venues in Australia. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy applies to all users of our platform — venue owners, staff members, and customers placing orders.

2. What personal information we collect

Customers

  • Name (required to identify your order for pickup)
  • Email address (optional — only collected if you want a receipt)
  • Order contents, total amount, and order time
  • Table number (if ordering from a dine-in table)

Venue owners & staff

  • Name and email address (for account registration)
  • Business name, address, phone, and trading hours
  • Stripe payment account information (managed by Stripe — see Section 6)

We do not collect credit card numbers or payment card data. All payments are processed by Stripe. Windsor Digital never sees or stores your full card details.

3. How we collect personal information

  • Directly from you when you place an order or register an account
  • Automatically through our platform when you use our services (e.g. page views for analytics)

We do not collect personal information from third parties unless you have authorised that collection or we are required to by law.

4. Why we collect and use personal information

PurposeInformation used
Fulfilling your orderName, order contents, table number
Sending your receiptEmail address (only if provided)
Processing paymentPassed to Stripe (we do not store card data)
Operating the venue dashboardVenue owner name, email, business details
Platform analytics (aggregate, not personal)Anonymous page views, order counts
Legal and compliance obligationsOrder records (retained for tax purposes)

5. Data retention

We minimise the personal information we retain in accordance with APP 11 (security of personal information):

  • Customer names and email addresses are automatically deleted 90 days after your order is placed. After this period, your personal details are replaced with generic identifiers and cannot be linked back to you. We do not use customer email addresses for marketing.
  • Order financial records (items ordered, totals, and transaction IDs) are retained for 5 years to satisfy Australian tax record-keeping requirements under the Income Tax Assessment Act 1997. These records do not contain personal contact details after de-identification.
  • Venue owner account data is retained while the account is active. Upon account deletion, personal data is removed; order totals and financial records are retained for tax compliance.

You may request deletion of your personal information at any time by contacting management@windsordigital.com.au. Deletion requests are subject to our legal retention obligations for financial records.

6. Third-party service providers

We share personal information with the following providers only to the extent necessary to operate our platform:

  • Stripe — payment processing. Customer payment data is handled directly by Stripe and subject to Stripe's Privacy Policy. Stripe is certified PCI-DSS Level 1.
  • Supabase — database hosting. Data is stored in servers located in Australia (ap-southeast-2).
  • Resend — transactional email delivery for order receipts.
  • Vercel — platform hosting and content delivery.
  • Stack Auth — user authentication and session management for venue owner and staff accounts.

We do not sell your personal information to third parties. We do not share your information with advertising networks.

7. Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. These steps include:

  • Encrypted data transmission (HTTPS/TLS)
  • Access controls limiting data access to authorised personnel
  • Database-level security using Supabase Row Level Security
  • No storage of card numbers or payment credentials

No method of electronic transmission is completely secure. In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

8. Your rights under the Australian Privacy Principles

You have the right to:

  • Access the personal information we hold about you
  • Correct personal information that is inaccurate, out of date, or incomplete
  • Request deletion of your personal information (subject to our legal retention obligations)
  • Complain about a breach of the APPs

To exercise any of these rights, contact us at management@windsordigital.com.au. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.

9. Cookies and tracking

Our platform uses cookies and local browser storage only for essential functions such as maintaining your session and cart state. We do not use third-party advertising cookies or cross-site tracking.

10. Changes to this policy

We may update this Privacy Policy from time to time. The effective date at the top of this page indicates when the policy was last revised. Continued use of our platform after changes are posted constitutes acceptance of the revised policy. For material changes, we will notify venue owners via email.

11. Contact us

Windsor Digital Pty Ltd
Australia
Email: management@windsordigital.com.au

© 2026 Windsor Digital Pty Ltd. All rights reserved.

Back to home