How we collect, hold, and protect your information.
COG$ of Australia Foundation takes the privacy of Partner information seriously. This policy explains what personal information we collect, why we collect it, how it is stored and used, and your rights in relation to it.
Last updated: April 2026 · Applies to: cogsaustralia.org and test.cogsaustralia.org
Australian Privacy Act compliance. The Foundation is committed to compliance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy reflects those obligations. If you have a privacy concern, contact us at hello@cogsaustralia.org.
Information collected when you join and participate.
Join form information
When you submit a join form, we collect your full name, email address, mobile number, date of birth, street address, suburb, state, and postcode. For business partnerships, we also collect your ABN, business name, trading name, contact name, and position title. This information is required to create your Partner record and issue your Partner number.
Wallet and reservation information
When you set up your Independence Vault wallet or update your COG$ reservation mix, we record your choices, timestamps, and any notes you provide. This includes the stewardship module responses you complete on the join form. These records are permanent parts of your Partner record.
Payment information
Partnership contributions are processed by Stripe, a PCI DSS Level 1 certified payment processor. Stripe receives your payment card details directly — the Foundation never sees, handles, or stores your full card number, CVV, or expiry date. We receive and store the payment amount, date, Stripe transaction reference, and payment status against your Partner record.
Identity verification data (Medicare card)
If you submit Medicare card details for identity verification, your card name, card number, individual reference number (IRN), and expiry date are encrypted using AES-256-CBC encryption before being stored in the Foundation’s database. The Foundation stores only the first letter of your name and the last four digits of your card number in unencrypted form, for administrative reference only. Your full card details are never visible in plain text to administrators. A SHA-256 evidence hash is generated at submission, incorporating your member number, the card fields, and the submission timestamp, stored as an integrity anchor (see Cryptographic hashing of records below). Medicare card data is retained for seven years in accordance with AML/CTF Act 2006 (Cth) obligations, after which it is deleted.
Address verification
If your address is verified against the Australian address register (G-NAF), a SHA-256 cryptographic hash of the verification evidence is generated and stored against your Partner record as an integrity anchor. This hash cannot be used to reconstruct your address from the hash alone.
Phone verification (SMS 2FA)
If SMS-based two-factor authentication is enabled on your account, your mobile number is sent to Twilio, a third-party communications provider, for the sole purpose of delivering a one-time verification code. Twilio retains message delivery logs in accordance with their own privacy policy.
Wallet activity and events
Actions you take in your wallet — password setup, reservation updates, announcement reads, votes cast, gift transactions — are logged as wallet events with timestamps. A SHA-256 cryptographic hash is generated for every Partner-initiated action and stored immutably in the database, in accordance with JVPA clause 2.2(h). These hash records are independently verifiable through your Independence Vault and form the Foundation’s operational audit trail. They are not shared externally.
Referral codes
If you enter a referral code on your join form, that code is recorded against your Partner record. It is used to track community growth and to recognise contributors who helped bring Partners in.
AI chat interactions
If you use the FAQ chat assistant on this website, your question is sent to Anthropic's API for processing. Questions are not linked to your Partner record or personal identity. Anthropic processes the query under their own data handling policy. No conversation history is stored by the Foundation.
Technical information and cookies
Standard server logs may record your IP address, browser type, and pages visited. This information is used only for security monitoring and debugging. The site uses session cookies to maintain your login state — these are essential cookies and are not used for tracking or advertising. No third-party analytics or advertising cookies are used on this site.
The purposes for which your information is used.
Partnership administration
Your name, email, mobile, and address are used to create and maintain your Partner record, send you access emails, and allow you to recover your Partner number or reset your wallet password using your on-file contact details.
Governance participation
Your Partner number and reservation details are used to determine your eligibility to vote on governance proposals, to allocate voting weight in any geofenced local decisions, and to send you relevant announcements and proposals through your wallet.
Communications
We send transactional emails related to your partnership: welcome confirmation, wallet access setup, password reset, payment received, and governance notices. We do not send unsolicited marketing email. You cannot opt out of transactional partnership communications while you hold an active partnership.
CRM and administration
Partner information may be synced to an internal CRM system used by Foundation administrators for Partner support and workflow management. This system is not accessible to the public and access is restricted to authorised Foundation administrators only.
External services that receive limited data.
The Foundation uses a small number of trusted third-party services to operate the platform. Each receives only the minimum data necessary for its function.
Stripe (payments)
Stripe Inc. processes all partnership contribution payments. Stripe is PCI DSS Level 1 certified — the highest level of payment security compliance. Your card details are sent directly to Stripe and never pass through Foundation servers. Stripe's privacy policy applies to all payment data they process. Stripe is headquartered in the United States and processes data under Standard Contractual Clauses for international transfers.
Twilio (SMS verification)
Twilio Inc. delivers SMS verification codes for two-factor authentication. The only data sent to Twilio is your mobile phone number and the verification message content. Twilio is headquartered in the United States. Their privacy policy governs their handling of delivery logs.
Anthropic (AI chat assistant)
The website FAQ chat widget sends your typed question to Anthropic's Claude API for processing. No personal information, Partner number, or account data is included in the request. Anthropic does not receive your identity. Anthropic's data handling policy applies to the processing of your query text.
Serversaurus (hosting)
The Foundation's website and database are hosted by Serversaurus, an Australian hosting provider with servers located in Australia. All Partner data resides on Australian-based infrastructure. Serversaurus does not have application-level access to Partner records.
SMTP email relay
Transactional emails (welcome, password reset, governance notices) are sent through an authenticated SMTP relay. Email content passes through the relay provider's servers in transit. We do not use email services that scan message content for advertising purposes.
How your information is stored and protected.
Encryption in transit
All connections to cogsaustralia.org are encrypted using TLS 1.2 or higher (HTTPS). This applies to every page, the join form, wallet login, admin panel, and API endpoints. Unencrypted HTTP requests are automatically redirected to HTTPS. No personal data is transmitted in plain text.
Database security
Partner records are stored in a secured MySQL database hosted in Australia. The database is not publicly accessible — connections are restricted to the application server only. Database credentials are stored in environment variables outside the web root and are not committed to version control. Regular automated backups are maintained.
Password security
Wallet passwords are hashed using bcrypt with a minimum work factor of 12. Plain-text passwords are never stored, logged, or visible to administrators. The Foundation cannot retrieve your password — only reset it. Password reset requires verification against your on-file email or mobile number.
Admin access controls
Admin panel access requires a username, a password of at least 12 characters, and a time-based one-time code (TOTP 2FA) generated by an authenticator app. All admin actions that read or modify Partner records are logged in a permanent, tamper-evident audit trail including the admin identity, action, timestamp, and affected record.
Session management
Partner wallet sessions use secure, HTTP-only session tokens that expire after a period of inactivity. Session tokens are regenerated on login to prevent session fixation attacks. Admin sessions have shorter timeouts and require re-authentication for sensitive operations.
Application security
The application uses parameterised SQL queries to prevent SQL injection, input validation and output encoding to prevent cross-site scripting (XSS), CSRF token protection on all state-changing forms, rate limiting on authentication and API endpoints, and Content Security Policy headers to restrict resource loading.
Backup and recovery
The database is backed up on a regular automated schedule. Backups are stored securely and are encrypted. Backup retention follows the same access controls as production data. The Foundation maintains a tested recovery process to restore service in the event of infrastructure failure.
Data residency
All primary Partner data is stored on servers located within Australia. Where third-party services process limited data outside Australia (Stripe, Twilio, Anthropic), the data transmitted is the minimum necessary for the service and is subject to the provider's own security and privacy controls as described above.
Special protections for under-18 Partners.
Parental consent and control
Kids S-NFT partnerships are created by a parent or legal guardian through their own authenticated Partner account. The child does not create an account independently. The parent provides the child's name and date of birth. Only the parent can view, manage, or close the child's partnership from within their Independence Vault.
Minimal data collection
For children under 18, the Foundation collects only the child's name and date of birth. No email address, phone number, or street address is collected separately for the child. The child's data is held under the parent's Partner record. On turning 18, the child may convert their Kids S-NFT to a full Personal S-NFT, at which point they create their own independent record with standard adult data collection.
How your vote is recorded and protected.
Binding polls (anonymous)
Votes cast on binding governance polls are recorded anonymously. The system records that a vote was cast and the option selected, but does not link the vote to your Partner number. Once submitted, it is not possible for any administrator or board director to determine how any individual voted. The total results are published to all Partners.
Stewardship proposals (accountable)
Stewardship proposals — which involve the Foundation casting shareholder votes at ASX company AGMs on behalf of Partners — are linked to your Partner number. This is necessary for the Foundation to demonstrate that its AGM vote reflects the genuine will of its Partners, as required by governance and regulatory obligations.
On-chain data and immutability.
Planned blockchain architecture
The Foundation plans to implement a permissioned EVM blockchain to record token issuance, transfers, and governance events. When implemented, certain transaction records (token mint, gift, governance vote hashes) will be written to the blockchain and will be immutable — they cannot be deleted or altered after recording. No personal information (name, address, email) will be written to the chain. On-chain records will reference wallet addresses only.
Right to erasure and immutable records
Because blockchain records are immutable by design, they cannot be deleted on request. The Foundation mitigates this by ensuring no personally identifiable information is written on-chain. Off-chain records (your Partner profile, contact details, reservation notes) remain subject to your access, correction, and deletion rights as described below.
How SHA-256 hashes are used to protect and verify your records.
What is a SHA-256 hash?
A SHA-256 hash is a one-way cryptographic fingerprint. Given an input (such as your acceptance record), the algorithm produces a fixed-length string that uniquely represents that input. The hash cannot be reversed to recover the original data, but it enables independent verification that a record has not been altered — if the data changes even slightly, the hash changes entirely.
Acceptance record hash
At the moment you join, the Foundation generates a SHA-256 hash of your complete acceptance record (incorporating your S-NFT token ID, Partner number, JVPA version, IP address, UTC timestamp, and Stripe payment reference). This hash is written permanently into your S-NFT token metadata and stored in the Foundation’s database as a secondary record. It provides cryptographic proof of your acceptance of the Joint Venture Partnership Agreement that neither the Foundation nor any third party can alter. It is retained for a minimum of seven years per JVPA clause 8.1A(f).
Agreement hash
A SHA-256 hash of the JVPA text at the version you accepted is stored alongside your acceptance record. This enables any Partner to verify independently that the agreement they accepted has not been altered since the moment of their acceptance.
KYC evidence hash
If you submit Medicare card details for identity verification, a SHA-256 hash is generated incorporating your member number, the card fields, and the submission timestamp. This hash is stored as an evidence anchor and cannot be used to reconstruct your Medicare card details from the hash alone. The underlying card data is encrypted with AES-256-CBC (see Identity verification data above).
Wallet event hashes
A SHA-256 hash is generated for every action you take in your Independence Vault — governance proposals, votes, transfers, and other Partner-initiated operations. These hashes are stored immutably in the operational database in accordance with JVPA clause 2.2(h) and are independently verifiable through your Independence Vault. When the Foundation’s blockchain infrastructure is deployed, these hashes will be anchored on-chain for permanent public auditability.
How long we keep your information.
Active partnerships
Partner records are retained for the duration of your active partnership. All wallet events, governance records, reservation history, and transaction logs are retained as part of the permanent community ledger for audit and governance integrity purposes.
Closed partnerships
If your partnership is closed, your personal contact information (name, email, phone, address) is retained for seven years after closure in line with standard Australian financial and trust record-keeping obligations. After seven years, personal contact information is anonymised. Governance records and transaction history are retained indefinitely in anonymised form. Your cryptographic acceptance record (including the SHA-256 hash written to your S-NFT token metadata) is retained for a minimum of seven years from the date you joined — not from the date of closure — as required by JVPA clause 8.1A(f). These are separate retention obligations with different trigger dates.
Data breach notification. In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, the Foundation will notify affected Partners and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988. Notification will be made as soon as practicable after the Foundation becomes aware of the breach.
Access, correction, deletion, and complaints.
Access and correction
You may request access to the personal information we hold about you at any time by contacting us at hello@cogsaustralia.org. If any information is inaccurate, you may request a correction. We will respond within 30 days.
Deletion
You may request deletion of your personal information. Where deletion is possible and not subject to a legal retention obligation, we will comply. Governance records and transaction history that are part of the permanent community ledger cannot be deleted but will be anonymised so they are no longer linked to your identity.
Complaints
If you believe we have handled your personal information in a way that does not comply with the Australian Privacy Act, you may lodge a complaint at hello@cogsaustralia.org. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Changes to this policy
This policy may be updated from time to time. Where changes materially affect how we handle your personal information, we will notify active Partners through their Independence Vault inbox. The current version is always available at this URL.
Privacy questions or concerns.
For any question about this privacy policy, how your information is handled, or to make an access, correction, or deletion request, contact us at hello@cogsaustralia.org. We aim to respond within 5 business days.