Privacy Policy

Join form

When you join, we collect your full name, email address, mobile number, date of birth, and home address. For business memberships, we also collect your ABN, business name, contact name, and position title. This information is used to create your member record and issue your member number.

Wallet and reservation records

When you set up your wallet or update your reservations, we record your choices, timestamps, and any notes you provide. These records are a permanent part of your member record.

Payment information

Payments are processed by Stripe, a PCI DSS Level 1 certified payment processor. Stripe receives your card details directly. The Foundation never sees or stores your full card number, CVV, or expiry date. We record the payment amount, date, Stripe transaction reference, and payment status against your member record.

Identity verification (Medicare card)

If you provide Medicare card details for identity verification, your card information is encrypted using AES-256-CBC encryption before storage. We store only the first letter of your name and the last four digits of your card number in plain text, for administrative reference only. A SHA-256 evidence hash is created at submission (see Cryptographic records below). Medicare card data is kept for seven years under the AML/CTF Act 2006 (Cth), then deleted.

Address verification

If your address is checked against the Australian address register (G-NAF), a SHA-256 hash of the verification evidence is stored against your record. This hash cannot be used to reconstruct your address.

Phone verification

If SMS two-factor authentication is enabled on your account, your mobile number is sent to Twilio, a third-party SMS provider, to deliver a one-time code. Twilio keeps delivery logs under their own privacy policy.

Wallet activity

Actions you take in your wallet (password setup, reservation updates, votes, transfers) are logged with timestamps. A SHA-256 hash is created for each action and stored permanently as an audit trail in accordance with Joint Venture Participation Agreement clause 2.2(h). These records are not shared externally.

Referral codes

If you enter a referral code on your join form, that code is recorded against your member record to track community growth.

Cookies and server logs

Standard server logs may record your IP address, browser type, and pages visited. This is used only for security monitoring and debugging. The site uses session cookies to maintain your login state. These are essential cookies and are not used for advertising or tracking.

Membership administration

Your name, email, mobile, and address are used to create and maintain your member record, send you access emails, and allow you to recover your member number or reset your wallet password.

Governance participation

Your member number and reservation details determine your eligibility to vote on governance proposals and to receive relevant announcements through your wallet.

Communications

We send transactional emails only: welcome confirmation, wallet access setup, password reset, payment received, and governance notices. We do not send unsolicited marketing emails. You cannot opt out of transactional communications while your membership is active.

Administration

Member information may be synced to an internal administration system used by Foundation staff for member support. Access is restricted to authorised Foundation administrators only.

Stripe (payments)

Stripe Inc. processes all membership payments. Stripe is PCI DSS Level 1 certified. Your card details go directly to Stripe and never pass through Foundation servers. Stripe is based in the United States and transfers data under Standard Contractual Clauses.

Twilio (SMS verification)

Twilio Inc. delivers SMS verification codes for two-factor authentication. The only data sent to Twilio is your mobile number and the verification message. Twilio is based in the United States. Their privacy policy governs their handling of delivery logs.

Anthropic (AI assistant)

The FAQ chat widget on this site sends your typed question to Anthropic's API for processing. No personal information, member number, or account data is included in the request. Anthropic does not receive your identity. Anthropic's data handling policy applies to the text of your query.

Serversaurus (hosting)

The Foundation's website and database are hosted by Serversaurus, an Australian hosting provider with servers in Australia. All member data resides on Australian infrastructure. Serversaurus does not have application-level access to member records.

Email relay

Transactional emails (welcome, password reset, governance notices) are sent through an authenticated SMTP relay. We do not use email services that scan message content for advertising purposes.

Encryption in transit

All connections to cogsaustralia.org are encrypted using TLS 1.2 or higher (HTTPS). Unencrypted HTTP requests are redirected to HTTPS automatically. No personal data is sent in plain text.

Database security

Member records are stored in a secured database hosted in Australia. The database is not publicly accessible. Database credentials are stored in environment variables outside the web root and are not committed to version control. Regular automated backups are maintained.

Password security

Wallet passwords are hashed using bcrypt with a work factor of 12 or higher. Passwords are never stored in plain text and cannot be seen by administrators. A forgotten password can only be reset using your on-file contact details.

Admin access controls

Admin panel access requires a username, a password of at least 12 characters, and a time-based one-time code (TOTP) from an authenticator app. All admin actions that read or change member records are logged permanently, including the admin identity, action, timestamp, and affected record.

Session management

Wallet sessions use secure, HTTP-only session tokens that expire after inactivity. Tokens are regenerated on login to prevent session fixation. Admin sessions have shorter timeouts and require re-authentication for sensitive operations.

Application security

The application uses parameterised queries to prevent SQL injection, input validation and output encoding to prevent cross-site scripting (XSS), CSRF token protection on all state-changing forms, rate limiting on authentication and API endpoints, and Content Security Policy headers.

Data residency

All primary member data is stored on servers in Australia. Where third-party services process limited data outside Australia (Stripe, Twilio, Anthropic), the data is the minimum necessary for the service and is subject to each provider's own security controls as described above.

Parental consent and control

Kids S-NFT memberships are created by a parent or legal guardian through their own authenticated account. The child does not create an account independently. The parent provides the child's name and date of birth. Only the parent can view, manage, or close the child's membership from within their wallet.

Minimal data collection

For children under 18, the Foundation collects only the child's name and date of birth. No email address, phone number, or street address is collected separately for the child. On turning 18, the child may convert their Kids S-NFT to a full Personal S-NFT, at which point they create their own independent record with standard adult data collection.

Binding polls (anonymous)

Votes cast on binding governance polls are recorded anonymously. The system records that a vote was cast and the option chosen, but does not link the vote to your member number. Once submitted, no administrator or board director can determine how any individual voted. Total results are published to all members.

Stewardship proposals (accountable)

Stewardship proposals involve the Foundation casting votes at ASX company AGMs on behalf of members. These votes are linked to your member number. This is necessary for the Foundation to show that its AGM vote reflects the genuine will of its members, as required by governance and regulatory obligations.

What is a SHA-256 hash?

A SHA-256 hash is a one-way cryptographic fingerprint. Given an input, the system produces a fixed-length string that uniquely represents that input. The hash cannot be reversed to recover the original data. If the data changes even slightly, the hash changes completely. Hashes let us verify that a record has not been altered.

Acceptance record hash

When you join, the Foundation creates a SHA-256 hash of your complete acceptance record (your S-NFT token ID, member number, JVPA version, IP address, UTC timestamp, and Stripe payment reference). This hash is written permanently into your S-NFT token and stored in the Foundation's database. It proves that your agreement was accepted and cannot be altered by anyone. It is kept for a minimum of seven years under Joint Venture Participation Agreement clause 8.1A(f).

Agreement hash

A SHA-256 hash of the JVPA text at the version you accepted is stored with your acceptance record. This lets any member verify that the agreement text has not been altered since they accepted it.

Wallet event hashes

A SHA-256 hash is created for every action you take in your wallet: governance proposals, votes, transfers, and other member-initiated actions. These hashes are stored permanently in the database under Joint Venture Participation Agreement clause 2.2(h). When the Foundation's blockchain is deployed, these hashes will be anchored on-chain for permanent public auditability.

Planned blockchain architecture

The Foundation plans to implement a permissioned blockchain to record token issuance, transfers, and governance events. When in place, certain transaction records will be immutable. No personal information (name, address, email) will be written to the blockchain. On-chain records will reference wallet addresses only.

Right to erasure and immutable records

Because blockchain records cannot be deleted by design, the Foundation ensures no personally identifiable information is written on-chain. Off-chain records (your member profile, contact details, reservation notes) remain subject to your access, correction, and deletion rights as described in Your Rights below.

Active memberships

Member records are kept for the duration of your active membership. All wallet events, governance records, reservation history, and transaction logs are kept as part of the permanent community ledger for audit and governance integrity.

Closed memberships

If your membership is closed, your personal contact information (name, email, phone, address) is kept for seven years after closure in line with Australian financial and trust record-keeping obligations. After seven years, contact information is anonymised. Governance records and transaction history are kept indefinitely in anonymised form. Your cryptographic acceptance record (the SHA-256 hash written to your S-NFT token) is kept for a minimum of seven years from the date you joined, as required by Joint Venture Participation Agreement clause 8.1A(f). The seven-year period runs from the date you joined, not the date of closure.

Access and correction

You may request access to the personal information we hold about you at any time by contacting admin@cogsaustralia.org. If any information is inaccurate, you may request a correction. We will respond within 30 days.

Deletion

You may request deletion of your personal information. Where deletion is possible and not subject to a legal retention obligation, we will comply. Governance records and transaction history that form part of the permanent community ledger cannot be deleted but will be anonymised so they are no longer linked to your identity.

Complaints

If you believe we have handled your personal information incorrectly, you may lodge a complaint at admin@cogsaustralia.org. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Changes to this policy

This policy may be updated from time to time. Where changes materially affect how we handle your personal information, we will notify active members through their wallet inbox. The current version is always available at this URL.