Privacy Policy

1. Introduction

mediazzy (“mediazzy”, “we”, “us” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your personal information when you use our social media management platform (the “Service”).

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using the Service, you consent to the practices described in this policy.

2. Information we collect

We collect the following categories of information:

• Account information — your name, email address, password (stored hashed), role and the brands you are assigned to.
• Content data — posts, captions, comments, images, templates and inbox messages you create or manage.
• Connected platform data — access tokens and page/profile data from social platforms you connect (for example Facebook, Instagram, Google Business and LinkedIn).
• Billing information — subscription plan and payment metadata. Card details are handled by Stripe and are not stored on our servers.
• Usage and technical data — log data, IP address, device and browser information, and actions recorded in our audit trail.

3. How we use your information

We use personal information to:

• provide, operate and maintain the Service;
• generate, schedule, review and publish content on your behalf;
• process subscriptions and payments;
• send service notifications and emails you have requested or that are necessary to operate your account;
• maintain security, prevent fraud and comply with our legal obligations.

4. Cookies and similar technologies

We use essential cookies to keep you signed in and to operate the Service securely (for example, session and authentication cookies). These cookies are necessary for the platform to function. We do not use cookies to sell your personal information. You can control cookies through your browser settings, although disabling essential cookies may prevent you from signing in.

5. Third-party services

We share limited information with trusted third-party providers strictly to deliver the Service. These include:

• Meta (Facebook & Instagram) — to publish content and retrieve engagement and inbox data for pages you connect.
• Google (Google Business Profile) — to publish and manage your business listings and posts.
• Stripe — to securely process subscription payments. Stripe acts as an independent data controller for payment data.
• Neon — our managed PostgreSQL database provider, which hosts your account and content data.

Each provider handles your information under its own privacy policy. We only share what is necessary for the relevant feature to work.

6. Disclosure and overseas transfers

Some of our service providers may store or process data outside Australia. Where this occurs, we take reasonable steps to ensure that recipients handle your information consistently with the Australian Privacy Principles. We do not sell your personal information.

7. Data security and retention

We take reasonable technical and organisational measures to protect your information, including encryption in transit, hashed passwords and role-based access controls. We retain personal information for as long as your account is active or as needed to provide the Service and comply with our legal obligations.

8. Your rights

Under the Australian Privacy Principles, you have the right to:

• access the personal information we hold about you;
• request correction of inaccurate or incomplete information;
• request deletion of your information, subject to legal retention requirements;
• make a complaint about how we have handled your personal information.

To exercise any of these rights, contact us using the details below. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

9. Contact us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at pandahealthcare@gmail.com.