Privacy Policy
Effective date: 10 May 2026 · Last updated: 27 May 2026 · Version: 1.2
Privacy contact: info@busyroo.com.au · Privacy FAQ →
Summary
This Privacy Policy describes how Busyroo handles your personal information. It covers:
- Information we collect about you and your child (sections 2–3)
- How we use that information (section 4)
- Who we share it with — including providers when you send an enquiry, and other parents when you publish a review (section 5)
- Marketing, international transfers, retention, cookies, and security (sections 6–10)
- Your rights, in-app controls, and how to contact us (sections 11–14)
- Definitions of key terms (section 15)
For plain-English answers to common questions, see the Privacy FAQ.
1. About this policy
A.C.N. 694 860 627 PTY LTD (we, us, our) operates the Busyroo mobile app and website (collectively, the Service). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights.
This policy applies to:
- The Busyroo mobile app (iOS and Android)
- The Busyroo website at https://busyroo.com.au
- Any related services we operate
We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Most of Busyroo works without an account — you can browse schools, providers, ratings, and details anonymously. Four actions require a free account: sending an enquiry (which opens an in-app chat with the provider), leaving a review, favouriting a provider, and subscribing to a school. You can sign in with Apple or Google.
2. Children's information
Busyroo is designed for parents and guardians (16+) to find OSHC, after-school activities, and vacation care for their children. Children themselves do not interact with the app.
What we collect about your child:
- Age (5–12) — to filter year-appropriate providers
- School — the whole app is anchored on the school
- Name (optional) — only what you choose to type on the child profile, used to personalise the in-app experience for you; never shown publicly and never included in messages to providers unless you type it in yourself
- Gender (optional) — for personalisation (e.g. activity recommendations); never shown publicly
What we don't collect about your child:
- Date of birth, photo, voice, biometrics, or location
- Health, behavioural, or educational records
- Anything we don't need to filter providers
How your child's information is protected:
- Sent from the app to our API over HTTPS (TLS 1.2+)
- Stored in our managed Postgres database with disk-level encryption at rest
- Never used for advertising or shared with data brokers
- Never displayed publicly anywhere in the app or website
- Only the information you choose to type appears in an enquiry — we do not automatically include your child's age, school year, or any optional fields in messages to providers
We do not knowingly allow anyone under 16 to use the app. If you believe we've received information about a child without parental consent, contact info@busyroo.com.au and we will delete it.
3. What information we collect
We deliberately collect the minimum needed to operate the Service.
3.1 Information you provide directly
| What | When | Why we need it |
|---|---|---|
| Child's age, school, optional name, optional gender | During onboarding (age + school) and on the child profile (optional name + gender) | See Section 2 |
| Account name | When you sign up (Apple or Google) | Shown on your profile and included on outbound chat emails so the provider knows who's enquiring |
| Account email | When you sign up | The address linked to your account. With Sign in with Apple → Hide My Email, we only receive a @privaterelay.appleid.com relay address — your real Apple ID email is never disclosed to us |
| Authentication identifier | When you sign up | An opaque identifier issued by Firebase Authentication (and underneath, by Apple or Google) so we can recognise you on subsequent sign-ins. We do not receive your Apple or Google account password |
| Enquiry / chat messages (text you type to a provider plus follow-up replies in the same thread) | Each time you send a message | Forwarded to the provider over email; also stored as a conversation in your Enquiries tab so you have a durable record and can receive replies in-app |
| Provider replies (the body of provider responses) | When a provider replies to one of your enquiries | Routed through our inbound email service and stored as part of your chat thread so you can read replies inside the app |
| Reviews (1–5 star rating + 10–500 character text) | If you leave a review | Displayed publicly on the provider's listing alongside your account handle (e.g. xinyi3) to help other parents. One review per provider, editable |
| Favourites (which providers you've hearted) | If you favourite a provider | Lets you find them again from the Favourites screen, synced across your devices once you sign in |
| Email address | If you join the waitlist or apply as a provider | To contact you about availability or your application |
| Provider nominations (provider-side: business name, contact email, optional phone, optional issue notes) | If you submit one | To follow up with providers we should add or correct |
| Parent recommendations (provider name, optional service types, optional notes) | If you submit one | To improve provider data quality. Submissions are anonymous by default — your device identifier is not stored alongside the submission. A push token is stored only if you tick “Notify me when this provider is added” |
| Precise location (one-shot, foreground-only) | Only if you tap “Use my location” on the Explore tab and grant the OS permission | To rank activities by distance from where you are. Requested at Balanced accuracy (~100 m). No background tracking, no movement tracking, no continuous reads — one coordinate per tap, never stored. Server logs round to ~11 km (suburb scale) for operational visibility |
3.2 Information collected automatically
| What | Why |
|---|---|
| Device identifier (a UUID generated on-device, stored locally) | Lets you browse anonymously and remembers your school selections between sessions |
| Firebase Authentication tokens and account UID | To keep you signed in across launches without re-prompting, and to recognise you as the same account when you sign in on a new device |
| Push notification token (Expo push token, only if you opt in) | To send enrolment-date reminders, school subscription notifications, and chat-reply notifications when a provider responds |
Email metadata for incoming provider replies (sender address, RFC Message-ID and threading headers, spam-filter score) | To match each provider reply to the right chat thread, prevent strangers from injecting messages, and drop spam before it reaches your in-app inbox |
| Outbound email delivery status (queued / sent / delivered / opened / bounced / complained) | To show you whether your enquiry actually reached the provider, and to detect repeated bounces or spam complaints so we can pause sending from a misbehaving account |
| Usage analytics (screens viewed, taps, app version, OS, device model) | To understand which features parents find useful and fix bugs |
We do not collect:
- Background or continuous location — the Explore tab uses foreground-only, on-demand reads (see §3.1); background location is explicitly disabled in the iOS and Android app config
- Contacts, photos, microphone, or camera (we don't request these permissions)
- Browsing history outside Busyroo
- Advertising identifiers (IDFA / GAID) — we do not run ads
- IP addresses with analytics events — our analytics provider (PostHog) is configured to discard the client IP at ingest, so analytics records are not keyed to or geolocated by IP. Our API server briefly processes the client IP for security purposes (rate limiting, abuse detection) — see §10 and §8
3.3 Legal basis (APP 3 and 6)
We collect personal information because:
- You give it to us to receive a service (sending an enquiry, setting reminders, joining the waitlist) — implied consent
- We need it to operate core features (device ID for anonymous state; auth tokens to keep you signed in; analytics for product improvement) — legitimate function
- We do not sell personal information
4. How we use information
We use personal information only to:
- Show providers for your child's school and suburb
- Authenticate you when you sign in with Apple or Google, and keep you signed in across launches
- Send enquiry and chat emails on your behalf to the providers you choose, and route their replies back into your in-app chat thread
- Notify you about enrolment open dates, subscribed school updates, and replies from providers (only if you opt in to push notifications)
- Track enquiry delivery (delivered, bounced, opened) so we can tell you whether the provider received your message
- Display your reviews publicly on the relevant provider's listing, alongside your account handle, to help other parents
- Sync your favourites and subscriptions across the devices you sign in on
- Prevent abuse — rate-limit repeat sends, drop spammy inbound messages, freeze accounts that generate spam complaints or repeated bounces, and moderate reviews
- Improve the product — aggregate analytics to see what's working
- Communicate about service changes, security issues, or your enquiries
We do not use your personal information for advertising or sell it to third parties.
5. Who we share information with
We do not sell your personal information. We do not share it for advertising. We do not use it for cross-app tracking.
5.1 Providers (when you send an enquiry or chat)
When you tap “Send enquiry” — and on every subsequent reply in the same chat thread — we forward an email to the provider containing:
- Your account name (so they know who's enquiring)
- Your message text
The email comes from enquiries@busyroo.com.au with a per-conversation Reply-To relay address owned by us. This means:
- The provider does not see your personal email address — your real address (or the Apple private-relay one) stays inside Busyroo. Their reply lands at the relay address and we route it back into the chat thread in the app.
- Each conversation has its own stable relay address so threading works even months later, but the address is unique per (you, provider) — a different provider cannot read or inject messages into another thread.
The email is clearly identified as having been sent via Busyroo. The provider becomes a separate data controller for any information you include in your message — their use is governed by their own privacy practices. Be selective about what you put in message text.
5.1a Other parents (when you leave a review)
A review you publish is displayed publicly on the provider's listing inside the app and may also appear on our public website. It shows:
- The rating (1–5 stars) and your review text
- Your account handle (e.g.
xinyi3) — a short lowercase identifier derived from your first name; not your full name, not your email - A “verified parent” indicator if your account has a child at a school the provider services
You can edit or delete your review at any time from the provider's listing. We may also hide reviews that are spam, abusive, or obviously fake.
5.2 Service providers we use to operate Busyroo
| Provider | Purpose | Data handled |
|---|---|---|
| Supabase (database, hosted in Australia) | Stores schools, providers, your device ID, account record, enquiries, chat messages, reviews, favourites, subscriptions | All app data |
| Firebase Authentication (Google LLC, US) | Handles your sign-in via Apple or Google; issues the identity token our API verifies on every request; manages session/token refresh | Your Firebase account UID, the auth provider (Apple / Google), and the email address returned by the provider (real or @privaterelay.appleid.com). We do not receive your Apple or Google account password |
| Apple — Sign in with Apple (Apple Inc., US/Ireland) | Co-controller at the moment you authenticate. Apple verifies your identity, optionally shares your name (only on first authorisation), and either shares your real Apple ID email or issues a private relay address | Whatever the consent sheet shows: your name (if you confirm it), email (real or relay), and a stable Apple-issued user identifier. Governed additionally by Apple's privacy policy |
| Google — Sign in with Google (Google LLC, US) | Co-controller at the moment you authenticate. Google verifies your identity and shares your account name, email, and profile picture URL with the app you authorise | Name, email, profile picture URL, and a stable Google-issued user identifier. Governed additionally by Google's privacy policy |
| Postmark (US) | Sends enquiry and chat emails on your behalf, receives provider replies via inbound webhook, tracks delivery, scores inbound messages for spam | Your account name, message text, provider email, per-thread relay address, delivery state, inbound headers and body. Your personal email address is not placed in Reply-To — the relay address is used instead |
| Expo Push Notifications | Delivers push notifications to your device | Push token, notification payload (chat reply preview, reminder copy, etc.) |
| Google Places API | Source of provider directory data | We send provider names/addresses to Google to enrich listings — not your personal data |
| PostHog | Product analytics | Anonymous events keyed to device ID; client IP is discarded at ingest (no IP-based geolocation, no IP retention) |
| Vercel | Hosts our API and website | Routes API requests; retains short-lived access logs (IP, path, status) for security and operational visibility — no app data stored with Vercel |
| EAS / Expo Application Services | Mobile build and over-the-air updates | App binaries; no user data |
We have agreements in place requiring each provider to handle your data securely and only for purposes we authorise.
5.3 Other disclosures
We may disclose information:
- If required by law — court orders, regulatory requests, valid law enforcement requests
- To protect rights — investigate suspected fraud, security incidents, or violations of our terms
- In a business transfer — if Busyroo is acquired or merged, your data would transfer subject to this policy
- With your consent — anything else, only if you say yes
6. Direct marketing
We do not send marketing emails or push notifications. We will only contact you about:
- An enquiry you sent (delivery confirmation, provider reply)
- A reminder you set up (enrolment date, school subscription)
- A material change to this policy or our terms
- A security or service issue affecting you
You can opt out of push notifications in your device settings, or by unsubscribing from a specific school inside the app.
7. International transfers (APP 8)
Some of our service providers store or process data outside Australia (e.g. Firebase Authentication, Apple, and Google for sign-in; Postmark for email; PostHog for analytics — all primarily in the United States, with some EU regions). When personal information leaves Australia, we take reasonable steps to ensure the recipient handles it consistently with the APPs, including via contractual data protection terms.
By using Busyroo, you acknowledge that your information may be processed in those countries.
8. How long we keep information (APP 11)
| Data | Retention |
|---|---|
| Device ID, child age/school | Until you delete the app or request deletion (no automated expiry) |
| Account record (name, email, Firebase UID, auth provider) | Until you delete your account (Me → Delete account, soft-deleted immediately and purged within 30 days), or after 24 months of complete inactivity following an account-deletion request |
| Chat threads and messages (both your outbound messages and provider replies) | Until you delete the thread or delete your account |
| Reviews | Until you delete the review, your account is deleted, or we hide it for policy violations |
| Favourites and school subscriptions | Until you remove them or delete your account |
| Enquiry records (incl. parent name and email) | 24 months from the enquiry date, then deleted, unless required for dispute resolution |
| Push tokens | Deleted when you disable notifications, uninstall, or after 90 days of inactivity |
| Analytics events | 24 months |
| Provider nominations, parent recommendations | 24 months from submission, then deleted, unless required for an active follow-up; we will delete on request where lawful |
| Server access and security logs (IP, path, status, honeypot hits) | Up to 30 days, then deleted, unless retained longer to investigate a specific security incident |
9. Cookies and similar technologies
The Busyroo mobile app does not use cookies. Our website uses only essential cookies (e.g. for session state) and basic analytics; we do not use advertising or cross-site tracking cookies.
10. Security (APP 11)
We take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification, or disclosure:
- Encryption in transit: All API traffic uses HTTPS (TLS 1.2+)
- Encryption at rest: Database storage uses disk-level encryption provided by our managed Postgres host
- Access controls: Production database access is restricted to authorised personnel and audited
- Authentication: Firebase-based authentication with industry-standard token verification
- Rate limiting & abuse detection: All API endpoints are rate-limited per device identifier and per IP address. We also operate honeypot endpoints to detect automated scraping; hits are logged for review
- Bounce/complaint handling: Devices that generate repeated bounces or spam complaints are automatically frozen from sending further enquiries
- No payment data: We do not currently process payments; in-app tip jar purchases are handled entirely by Apple or Google
Despite these measures, no system is perfectly secure. If we become aware of a data breach that is likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches (NDB) scheme.
11. Your rights and choices
Under the Australian Privacy Act, you have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Delete your account and associated personal information
- Withdraw consent to push notifications (in your device settings, or via the app)
- Complain about how we've handled your information (see Section 12)
11.1 In-app controls
- Delete your account: Me tab → Delete account. We soft-delete immediately (your account can no longer sign in) and purge the underlying records within 30 days.
- Sign out: Me tab → Sign out. Signs you out and clears anything we've cached locally for you on this device — safe on shared phones. Your account data stays on the server and is restored when you sign back in.
- Edit a child's profile: Me tab → tap the child's school card. You can update the child's name, gender, and school year. Changes sync to your account immediately.
- Remove a child's profile: Me tab → Remove under the child's school card. Removes the local profile and the linked child record on the server. Available once you have more than one child on the account.
- Delete a chat thread: Trash icon in the thread header. The thread and all messages cascade.
- Edit or delete a review: Tap your review on the provider's listing.
- Remove a favourite: Tap the heart again on the provider, or open Me → Favourites.
- Opt out of push notifications: iOS/Android Settings → Busyroo → Notifications, or unsubscribe from a specific school inside the app.
- Delete your local data: Uninstall the app; the device ID and locally cached data are erased.
- Request server-side deletion (no account): Email info@busyroo.com.au with enough detail for us to identify the data (e.g. the email address you used to send an enquiry). See section 11.3 for the full process.
11.2 How to exercise your rights
Email info@busyroo.com.au with:
- Your account email (if you created an account), or enough detail for us to identify the data you're asking about
- What you'd like us to do (access, correct, delete)
We aim to respond within 30 days.
11.3 Request data deletion
How to request deletion of your Busyroo data
Email info@busyroo.com.au with the subject line “Delete my data” and include enough detail for us to identify your records — at minimum, the email address you used to send any enquiries, or (if you never sent an enquiry) the approximate date and school/suburb you used the app from.
We will erase the data described below within 30 days of your request and confirm by email when complete.
What we delete on request:
- Your account record (name, email, Firebase UID, auth provider)
- Your chat threads and messages (outbound + provider replies)
- Your reviews, favourites, and school subscriptions
- Your enquiry records (parent name, email, message, child age, school)
- Push notification tokens registered to your device
- Provider nominations and parent recommendations you submitted
- Onboarding profile (selected school, suburbs, child age, optional gender)
- Analytics events keyed to your device ID
What we may retain (and why):
- Aggregated, de-identified statistics that cannot be tied back to you (e.g. “this many enquiries were sent in May 2026”)
- Records we are legally required to keep — if Australian law requires us to retain specific records (e.g. for dispute resolution or fraud investigation), we will keep only what the law requires for as long as the law requires
- Encrypted backups — deleted data may persist in routine encrypted database backups for up to 30 days before being overwritten in normal rotation
What we cannot delete on your behalf:
- Data held by providers you enquired with. When you send an enquiry, the provider receives your account name and message text — and becomes a separate data controller for that information. To request deletion of what a provider holds, contact the provider directly.
To delete only on-device data: uninstall the Busyroo app. Your device ID and locally cached data (selected school, favourites, in-flight enquiry drafts) are erased on uninstall.
12. Complaints
If you believe we've breached the APPs or this policy, please email info@busyroo.com.au. We'll investigate and respond within 30 days.
13. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date and version above reflect the most recent change. For material changes (e.g. new types of data collected, new sharing arrangements), we'll notify you in-app or by email at least 14 days before the change takes effect.
14. Contact us
For any questions about privacy or this policy:
Privacy contact: info@busyroo.com.au
General contact: info@busyroo.com.au
15. Definitions
- Account handle
- A short lowercase identifier derived from your first name (e.g.
xinyi3), shown publicly when you leave a review. Not your full name, not your email. - APPs
- Australian Privacy Principles — the 13 principles set out in Schedule 1 of the Privacy Act 1988 (Cth) that govern how we handle personal information.
- Device ID
- A random UUID generated on your phone the first time the app launches. It lets you use the app anonymously without an account. It is not the IDFA (Apple) or GAID (Google) used for advertising.
- OSHC
- Outside School Hours Care — before-school, after-school, and vacation care for primary-school-age children.
- Personal information
- Information about an identified or reasonably identifiable individual. Includes name, email, phone, but also things like a device ID when it's linked to a person.
- Relay address
- A unique
Reply-Toaddress Busyroo issues for each chat conversation. Lets providers reply to your enquiry without ever seeing your real email; their reply lands at our inbound mailbox and is routed into the chat thread. - Service
- The Busyroo mobile app, website, and any related services we operate.
- Service provider
- A third-party company that processes data on our behalf to operate the Service (e.g. Supabase for hosting, Postmark for email). They are bound by data-protection terms.
Privacy Policy · Version 1.2 · Effective 10 May 2026 · Last updated 27 May 2026