InClub — Privacy Policy

This document explains what data InClub collects about you, what we do with it, who we share it with, and how you can control it. It reflects how the platform actually works today.

It is a preliminary version pending external legal review. The substance below describes the platform truthfully; the lawyer's review may refine wording and add jurisdictional detail. When that lands, a new version (with a later date) will be published.

1. Authentication

InClub uses passwordless email sign-in only. We do not store passwords.

To sign in, you enter your email and we send a one-time code to that inbox; entering that code signs you in. The same flow handles both sign-up and sign-in.

There is no social sign-in — you never log in to InClub with a Google, Apple, Facebook or any other account, and we never receive your profile from a third-party identity service.

2. Terms and Privacy consent capture

Before we send your first sign-in link, you must tick a box confirming you agree to our Terms of Service and this Privacy Policy. At that moment we record:

• Your email
• The timestamp of your agreement
• Your IP address
• Your browser user-agent string
• The exact versions of the Terms and Privacy Policy you accepted

This record is permanently attached to your user account. You can request a copy of your consent record by emailing [email protected].

2a. Document versioning and audit trail

Every version of these documents (Terms, Privacy Policy, Brand Terms, Biometric Notice) is preserved permanently. When we update a document, the previous version remains accessible at a stable URL (for example /privacy/v/2026-05-07).

Each consent record we hold against your account references the exact version you agreed to and includes a cryptographic hash of that version, so we can reliably reproduce the document you accepted — even years later — and detect any tampering.

When we make material changes to any of these documents, we will notify all active users by email with a summary of the changes and a link to the new version. We maintain a record of who was notified, when, and through which channel.

3. Data shared with the brands behind the Clubs you join

We only share your data with a brand whose Club you have voluntarily chosen to join. We never share data with a brand a member hasn't actively engaged with.

When you join a brand's Club, and only then, we share with that brand's Shopify customer database:

• Your email address
• Your first name
• Your last name

That's all. If no customer record exists for your email on the brand's Shopify, we create one with these three fields. If a record already exists (because you have shopped with that brand before), we do not overwrite your existing name on their side.

Separately, only if you take further actions inside the Club, additional information is tagged on your Shopify customer record on that brand's side:

• Interest tags — set when you pick interests inside the Club
• Badge / tier tags — set as you earn badges through participation
• Marketing-consent state — updated only if you opt in to that brand's marketing

You control all three by your actions inside the Club. You can revoke marketing consent at any time.

We never share with a brand: your posts, comments, reactions, polls, profile photo, date of birth, age-verification result, payment data, device data, engagement data (sessions, scroll, focus), or any information about other Clubs you belong to.

4. Data we receive from the brands

When you purchase from a brand whose Club you have joined (or are eligible to join), the brand's Shopify notifies us. We record:

• The order line items (product, quantity, price tier)
• Your Shopify customer ID on that brand's side
• Any tag changes the brand has made to your customer record

We use this to award badges and points within the Club. We do not pull your full purchase history, lifetime value, address, or total spend.

5. Visibility of your profile to brand admins

Brand admins of a Club you have joined can see your member profile inside the InClub app — first name, last name, avatar, badges, and any profile fields you have filled in (bio, social links, location).

They cannot see your activity in other Clubs or any data outside that Club.

6. Age verification

InClub is a 16+ platform globally. As part of compliance with the Australian Online Safety Amendment (Social Media Minimum Age) Act 2024 — and applied uniformly to all jurisdictions — we verify your age once, at sign-up, before any account is created.

The verification has two stages:

1. Date of birth. You enter your date of birth. If the date indicates you are under 16, sign-up stops there and no account is created. To stop the same email being immediately retried with a different date, we keep a one-way hashed form of the email together with an auto-unblock date (the date you turn 16); the block lifts automatically then. Contact [email protected] if this was a typo.

2. Human verification check. If your date of birth is 16 or older, we run a brief automated human-verification check, performed through AWS services hosted in Tokyo, Japan. You complete a short interactive on-screen sequence. The check confirms a real, live person is present and estimates your age range.

Where this happens and what is kept. Because the check runs on AWS services in Tokyo, the image is processed overseas (Japan). The image is used only at the moment of verification — it is held momentarily for the duration of the check and is then instantly deleted, and it is never written to our storage. We keep only the derived signals on your account: a verification session reference (for audit), the confidence result, the estimated age range, and a timestamp. We do not store the image, a face template, or any biometric vector.

This check can affect your account. The age estimate is a second age signal, independent of the date of birth you entered: a result clearly under 16 will stop your sign-up, and a borderline result may place your account into a brief human review before it is activated.

No opt-out at sign-up. This step is required to create an account on our 16+ platform — there is no opt-out. If you do not want to undergo it, do not create an account.

Subsequent profile photos. After sign-up your profile avatar is purely cosmetic — pet photos, illustrations, anything you like. We do not run this verification, or any other biometric or face analysis, on the photos you choose to display.

A separate Biometric Notice (linked from the sign-up screen and from this Policy) contains the detailed disclosures Australian, EU, and US state law require.

7. Email delivery

Transactional emails (sign-in links, account notifications) are sent via an enterprise transactional email service hosted in Australia, on the same cloud infrastructure as the rest of our service.

Email content (recipient address, subject, message body) is processed in Australia for the duration of the send operation. Bounce and complaint events are handled internally within our own cloud account, with no third-party visibility.

8. Error tracking

We use a mobile-app crash reporting service to capture crashes and abnormal terminations of the InClub mobile app. That service receives the stack trace, device model, operating system version, app version, free memory and disk, and a randomly-generated device installation identifier (which is not linked to your InClub account).

It does not receive your name, email, profile data, posts, messages, photos, or authentication tokens.

We do not run any third-party error-tracking service on the server side or admin web app at this time.

9. Analytics

We do not run third-party analytics SDKs of any kind inside the InClub mobile app — no behavioural-event collection, no user identification, no session replay, no funnel tracking.

We do not run any third-party analytics on our marketing site at inclub.vip either — no Google Analytics, Meta Pixel, LinkedIn Insight Tag, Hotjar, or similar trackers are deployed.

10. Artificial intelligence

InClub does not use artificial intelligence or machine learning on your content. We do not send your posts, comments, photos, voice messages, or profile data to any AI provider. We do not use your content to train AI.

Our only use of automated face/image analysis is the one-time human-verification check described in section 6, which runs at sign-up only — no AI training or inference involves your data, and no biometric template is retained.

11. Reverse customer matching (in-app only)

When a brand connects its Shopify store to InClub, we match the brand's existing customer list against InClub members using a one-way SHA-256 email hash. Where there is a match, the brand's Club is added to your in-app recommendations for you to consider.

We do not store the brand's customer emails — only the hash already held against your account is compared. This match never triggers a push notification on its own; it is shown to you only when you open the Recommendations surface in the app.

12. Purchase-triggered notifications

If you purchase from a brand on Shopify and that brand has a Club on InClub that you have not yet joined, we will send you one push notification, ever, letting you know the Club exists. You will receive at most one such notification per Club.

You can turn this off in your notification settings (Profile → Notifications → "Notify me when a brand I've purchased from has a Club") or by tapping the in-notification opt-out link.

We send this on the basis of inferred consent under the Spam Act 2003 (Cth) given your existing purchase relationship with the brand.

13. Deletion

When you confirm an account deletion request, your data is removed from our active database immediately. There is no grace period.

Posts and comments you have made are retained as anonymous content for thread integrity, with your name replaced by "[Deleted] User" and your media removed. Everything else linked to your account — profile data, avatar, push tokens, purchase records on our side, your identity-service account — is deleted.

The deletion propagates through our backup systems within 14 days.

14. Backups

We retain encrypted backups of our database for operational continuity. Backup retention is tiered:

• Hourly snapshots: 7 days
• Daily snapshots: 14 days
• Continuous point-in-time restore: 7 days

The maximum age of any backup is 14 days. Backups are stored within our managed cloud database provider's infrastructure.

15. Access right

You can see most of the data we hold about you inside the InClub app at any time — your profile, posts, comments, badges, Club memberships, notification preferences, and so on.

If you require a copy of any data we hold about you that is not visible in the app, please email [email protected]. We will respond within the legal timeframe applicable to your jurisdiction.

16. Contact us

For privacy questions, data requests, or to lodge a complaint:

• General privacy: [email protected]
• Legal notices: [email protected]
• Online-safety / urgent escalation: [email protected]

If you are unhappy with our response, you may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

17. Changes to this Policy

We may update this Policy from time to time. The current version is always available at /privacy, and each prior version is preserved at its own dated URL. You agree to this Policy when you create your account; your continued use of InClub after an updated version takes effect constitutes your acceptance of it.

Previous versions remain accessible at their respective versioned URLs so you can always see exactly what you originally agreed to.