Privacy Policy

Effective: 20 March 2026

1. Introduction

Frippy ("we", "us", "our") is a peer-to-peer marketplace for secondhand fashion, operated by Frippy AU (ABN 51 847 511 301) in Perth, Western Australia.

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and how we protect it. This policy applies to all users of the Frippy mobile application and frippy.au (together, the "Platform").

We are committed to handling your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

2. Information We Collect

Information you provide directly:

When you create an account: email address, username, display name, and profile photo. If you sign in with Apple or Google, we may also receive your first and last name from your account.

When you use the Platform: listing details (photos, descriptions, pricing, condition, sizing), chat messages and images, shipping addresses, profile information, and reviews and feedback on transactions.

When you make a purchase: your payment information is collected directly by Stripe and is not stored on our servers.

When you verify your identity to sell: identity and banking details are collected directly by Stripe as part of their Know Your Customer (KYC) process. Frippy does not have access to these details.

Information collected automatically:

When you use the Platform, we automatically collect usage data such as pages viewed, actions taken, device type, operating system, app version, and notification preferences. This data is collected through PostHog, our analytics provider, and is used to improve the Platform.

We also collect error and performance data through Sentry to identify and fix technical issues.

3. How We Use Your Information

We use your personal information to:

Provide and operate the Platform, including processing transactions, generating shipping labels, and facilitating communication between buyers and sellers.

Protect users and the Platform through content moderation, fraud detection, and enforcement of our Terms of Service.

Send you notifications related to your account, transactions, and orders, including push notifications and transactional emails. You can manage your notification preferences in the app settings.

Improve the Platform by analysing usage patterns, identifying bugs, and developing new features. You can opt out of usage analytics in the app settings under Privacy.

Comply with applicable laws and respond to legal requests.

We will not use your personal information for purposes materially different from those described here without notifying you first.

4. Who We Share Your Information With

We do not sell your personal information to third parties.

We share your information with the following service providers, who process data on our behalf to operate the Platform:

Stripe — payment processing, identity verification, and seller payouts.

Supabase — database hosting, user authentication, and file storage.

Shippo and ShipEngine — shipping label generation and delivery tracking. Your shipping address is shared with these providers and the relevant carrier to fulfil deliveries.

PostHog — anonymised usage analytics.

Sentry — error monitoring and crash reporting.

Resend — transactional email delivery.

OpenAI — content moderation. Listing text and images may be submitted for automated review. No personal identifying information is included in these requests.

We may also share information if required by law, to protect the safety of our users, or to enforce our Terms of Service.

When you transact with another user, certain information is visible to them, including your username, display name, profile photo, and ratings. When you purchase an item, your shipping address is visible to the seller on the shipping label in order to fulfil the delivery.

5. Overseas Disclosure

Some of the service providers we use to operate the Platform are located outside of Australia, primarily in the United States. This includes Stripe, Supabase, PostHog, Sentry, Resend, and OpenAI.

By using the Platform, you acknowledge that your personal information may be transferred to and stored in countries outside of Australia. We take reasonable steps to ensure that our service providers handle your information in a manner consistent with the Australian Privacy Principles.

6. Data Retention

We retain your personal information for as long as your account is active, and for a reasonable period after account deletion to comply with legal obligations, resolve disputes, and enforce our Terms.

Specific retention periods:

Transaction records and order history are retained for 7 years to comply with Australian tax and financial reporting requirements.

Chat messages are retained for the duration of your account. If your account is deleted, your messages may be retained for up to 6 months to support dispute resolution and fraud prevention, after which they are permanently deleted.

Dispute evidence (photos and supporting documents) is automatically deleted 90 days after dispute resolution.

Usage analytics data collected through PostHog is anonymised and cannot be linked back to you after account deletion.

When you delete your account, your profile, listings, and personal details are removed from the Platform. Some information may be retained in our backups for a limited period before being permanently deleted.

7. Data Security

We take reasonable steps to protect your personal information from unauthorised access, loss, misuse, and disclosure.

Our security measures include encrypted data transmission, secure database hosting with row-level access controls, and automated content moderation to prevent misuse of the Platform.

Your payment information is handled entirely by Stripe, which is PCI DSS Level 1 certified — the highest level of payment security.

While we take security seriously, no system is completely secure. We cannot guarantee the absolute security of your information.

In the event of a data breach that is likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Privacy Act.

8. Your Rights

Under the Australian Privacy Principles, you have the right to:

Access your personal information. You can view most of your data directly in the app (profile, listings, orders, chat history).

Correct your personal information. You can update your profile, display name, addresses, and other details through the app settings.

Delete your account and associated personal information through the app settings. Account deletion is permanent.

Opt out of promotional communications. You can manage your email and push notification preferences in the app settings. Note that transactional notifications related to active orders and disputes cannot be disabled.

Complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe your privacy has been breached.

To make a formal privacy request, contact us at hello@frippy.au. We will respond within 30 days.

9. Cookies & Tracking

Frippy is a mobile application and does not use cookies. Our website at frippy.au may use essential cookies for basic functionality. We do not use advertising or tracking cookies on our website.

10. Children's Privacy

Frippy is not intended for anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a user under 18, we will take steps to delete that information and close the account.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Platform. The "Last updated" date at the top of this policy indicates when it was last revised.

12. Contact

If you have questions or concerns about this Privacy Policy or how we handle your personal information, contact us at hello@frippy.au.