For Brands

Privacy Policy

INTRODUCTION

Your privacy and the protection of your personal information is important to Shping. This public privacy policy (or privacy statement) explains what personal data we process, how we collect it and why. We take the security of your data very seriously and this privacy policy tells you what we do to ensure its protection. In this policy we also outline the rights we think you have with your personal data, and how you can exercise them.

WHO WE ARE

Shping is the world’s first fully integrated ecosystem combining shopper marketing, brand protection, product safety, and a global product database — all in a single platform that rewards consumers for both engaging with and contributing to it.

Shping operates a mobile application (the App) that allows consumers to earn rewards, known as Shping Coins, by uploading receipts, writing product reviews, joining brand loyalty programs, and interacting with product-related content. Users can access detailed product information by scanning barcodes or browsing within the App. In doing so, they may voluntarily share shopping habits, preferences, and transactional data, which help personalise the in-app experience and enable brands to better understand and engage their customers.

Depending on brand participation and product availability, the App may also offer additional features such as authenticity verification, product recall alerts, receipt storage, warranty activation, product ratings, and social media integration. Users can contribute content to Shping’s product database, and new features may be introduced over time to enhance the overall experience.

To facilitate the earning, transfer, or redemption of Shping Coins, we collect certain personal data, including financial and digital wallet information. If users wish to buy or sell Shping Coins, we may also collect additional data required to comply with relevant financial and regulatory obligations.

Shping’s headquarters are located in Melbourne, Australia.

OUR APPROACH TO PRIVACY

We take your privacy seriously. We do not sell your personal data to third parties for marketing or promotional purposes without your express consent. We do not abuse or misuse your personal data or let it fall into the wrong hands. We only collect and process your information for purposes clearly explained to you.

As a user of the Shping App or services, we collect personal information that you provide directly (e.g. during registration or support inquiries), as well as data generated from your interactions with the App. This includes:

  • Purchase receipts and transaction details
  • Information about your loyalty program memberships (e.g. Flybuys, Everyday Rewards)
  • Partial payment method metadata for verification (e.g. masked card digits)
  • Your preferences, venue selection, product interactions, and review activity
  • Inferred or derived insights from your usage patterns, such as reward redemptions, scan behaviour, and product engagement

We may use your data to personalise your experience, operate and maintain the proper functioning of our services, enhance performance, and improve how we serve you and our brand partners. Where appropriate, we limit the collection of personal data to what is strictly necessary and take steps to de-identify or anonymise it when full retention is not required or when used for analytics and reporting purposes.

We may also share certain personal information with carefully selected and trusted business partners who support the delivery of our services, including marketing, analytics, customer support, and technical operations. These partners are contractually bound to process your data securely and only for authorised purposes, in compliance with applicable privacy laws and industry best practices.

In all cases, we apply reasonable safeguards to protect your personal information and ensure it is not used for unauthorised purposes.

DATA BREACH NOTIFICATION

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under Australia’s Notifiable Data Breaches scheme.

As technologies and privacy regulations evolve, we will update this policy to ensure ongoing compliance and transparency. When changes occur, we will always publish the most current version on our website.

We conduct Privacy Impact Assessments for all new features involving personal data to ensure that privacy by design principles are met and continually reviewed.

YOUR CONSENT

When you download the App or use our services, or provide information using our technology, you will be asked to indicate that you have read and agreed to this privacy policy. Your use of this website is also subject to this privacy policy. In giving your consent, you agree to:

  • The collection and use of your personal information by us and the third parties described in this privacy policy;
  • The disclosure of your personal information to the third parties described in this privacy policy; and
  • The transfer of your personal information to other countries outside Australia.

If you do not want your personal information to be used in any of the ways listed above, then please do not use our App, website or services.

WHERE AND WHY WE COLLECT AND PROCESS YOUR PERSONAL INFORMATION

Where we collect your personal information from:

  • When you visit our website
  • When you register for or use the Shping App
  • When you contact us for help, support, or general inquiries
  • From participating third parties (e.g. retailers, payment and loyalty platforms) to improve and verify services
  • From the receipts you upload, which include purchase data, store information, loyalty and payment identifiers
  • From your activity within the App (e.g. scans, reviews, uploads, redemptions, or settings)

Why we process your personal information:

  • To enable your use of the App and its features (e.g. receipt uploads, product reviews, reward redemptions)
  • To personalise your experience and tailor relevant brand content or offers
  • To build a shopping profile that reflects your preferences and engagement
  • To provide support and respond to your requests
  • To evaluate the performance and security of the App and related infrastructure
  • To comply with our legal obligations and enforce our terms of service
  • To share insights with participating brands for campaign effectiveness
  • To deliver marketing and loyalty communications from partner brands you have joined, via email or SMS, without disclosing your contact details.

USE OF DATA FOR CUSTOM AUDIENCES:

With your explicit consent, we may share behavioural data — such as scan history, receipt uploads, and product reviews — with our brand partners to help them create custom audience segments for advertising purposes on platforms like Facebook, Instagram, or X (formerly Twitter). As part of this process, limited personal identifiers (such as your device’s advertising ID, name, email address, or phone number) may also be securely shared to enable accurate audience matching, in accordance with applicable privacy laws and the policies of those platforms.

OUR LEGAL BASIS FOR PROCESSING YOUR DATA

By using our App, website or service we assume you have provided consent for us to collect, process and store your data. Further, if you have come to our App, website or contacted us for help or information we also assume you have provided us with consent to collect, possess and store your data.

If you do not provide consent for us to process your personal data as described in this privacy policy then please do not use our App, website or services.

WHAT INFORMATION WE COLLECT

Our App and services collect and analyse a range of information. This may include:

  • Biographical/profile information that you have supplied to us voluntarily;
  • Your physical and email address;
  • Your date of birth;
  • Your gender (optional) to help personalise product recommendations;
  • Location information – meaning data which reveals an approximate or precise geographical location of you and your mobile device, depending on your device and App permissions. We only collect this information where you have agreed to us doing so and by enabling location access on your mobile device;
  • Information about your mobile device – including device type, operating system, device identifiers, and browser information;
  • Technical data such as Internet Protocol (IP) address, time zone, language preferences, device model, operating system and browser type;
  • Usage data and App ‘metadata’ – such as how you interact with the App (e.g. pages viewed, session duration, features used), performance diagnostics, and error logs. Metadata does not include personal content and is used to help us improve usability, security and performance;
  • We may use both session and persistent cookies. You can disable cookies through your browser settings, but some features of the App or website may not function properly without them.
  • We may use cookies, pixels, SDKs, and similar tracking technologies to enhance your experience, monitor usage patterns, and deliver targeted advertising. You can manage cookie preferences in your browser or device settings. Some tracking may also occur through third-party platforms (e.g. Google, Facebook, Branch) in accordance with their respective privacy policies.
  • Product reviews, comments, photos, and other content you upload or submit within the App voluntarily;
  • Uploaded purchase receipts, including receipt images and data extracted from those receipts (e.g. store name, date, items purchased, prices);
  • Your digital wallet details, including your Shping Coin balance and wallet activity;
  • Financial information such as bank account details or cryptocurrency wallet addresses provided for redemption purposes;
  • Information from third parties, such as marketing partners, analytics providers, or social login integrations, in accordance with their privacy policies and your permissions;
  • KYC (Know Your Customer) and identity verification data when required for compliance purposes;
  • Any information provided to us through support queries, feedback forms, surveys or marketing campaigns.

If you are visiting our website, App, or contacting us for information or technical support, we may also collect:

  • Your name;
  • Your contact details, such as a phone number and/or email address;
  • Your approximate location (depending on your browser/device settings);
  • Device and browser diagnostics to help us resolve technical issues.

SHARING INFORMATION WITH THIRD PARTIES

We may share your personal information with third parties in the following circumstances:

  • With product brand owners who have partnered with us or are listed in our brand database and have asked us to collect, process, or analyse data on their behalf;
    • With product brand owners and retailers who have partnered with us or are listed in our brand or partner database. If you submit a product review (including text, photos, or videos), we may share this content along with your display name, avatar photo, age group, and general location and other meta data  to help brands and retailers understand and showcase authentic shopper feedback. Your full contact details (such as email or phone number) will not be shared without your explicit consent.
    • With partners, vendors, and subprocessors that provide IT, cloud storage, analytics, customer support, marketing, or other operational services necessary to help us deliver the App and services. These third parties may process personal information strictly under our instructions and in accordance with contractual obligations and data protection laws;
  • With other companies within the Shping corporate group who support or enhance our services;
  • With marketing and advertising partners, analytics providers, or affiliate networks to help promote our services, subject to applicable laws and user preferences;
  • With payment processors and identity verification providers where necessary to fulfil a redemption request, comply with KYC obligations, or prevent fraud;
  • With government authorities, regulators, courts, law enforcement agencies, or other authorised parties where we believe disclosure is reasonably necessary to comply with a legal obligation, protect public interest, or respond to a lawful request;
  • In the event of a merger, acquisition, restructuring, or sale of our assets, where personal data may be transferred to a successor entity. We will endeavour to provide prior notice where possible;
  • To complete any transaction or service you have authorised or requested through the App;
  • To detect, prevent, or otherwise address security, fraud, or technical issues;
  • To protect the rights, property, or safety of Shping, our users, or our partners.
  • When you join a brand’s loyalty program within the App, we may enable that brand to send you marketing communications, including emails or SMS messages, about their products, services, and loyalty benefits. These messages are sent through Shping’s secure system, and we do not disclose your actual email address or phone number to the brand.

Some of the third parties we share data with may be located outside your country, including in countries that may not have the same data protection laws. In such cases, we take reasonable steps to ensure that your personal information remains protected through appropriate safeguards, including standard contractual clauses and data processing agreements.

We do not sell your personal information.

SECURITY

We have what we believe are robust, appropriate and sufficient security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our Information security management system. Although even with that, we have no control over what happens between your smartphone device and our information infrastructure. You should be aware of the many cyber security risks that exist and take appropriate steps to safeguard your own information.

We accept no liability in respect of breaches that occur beyond our sphere of control. However, we take the privacy and protection of your personal information very seriously and use a number of methods to try to keep your personal information secure from loss or unauthorised use or access when it is in our possession or control. These methods include reasonable physical, technical and organisational measures to restrict access to your personal information. Access to your data (for example amongst our employees and our product partners) is strictly controlled by a combination of secure passwords, permissions-based user roles, tried and tested processes, multi factor authentication and more.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website and/or Apps, you are responsible for keeping this password confidential. You should never share a password with anyone and you should ensure that you do not reuse or recycle passwords.

Where required by applicable law, we will notify you of any loss of or unauthorised access to your personal information, and we will cooperate with the appropriate authorities to investigate such incidents in a timely fashion.

INTERNATIONAL TRANSFERS OF INFORMATION

Shping is an Australian-based global company providing services internationally. While all user data is currently stored on servers located in Australia, in the course of providing our services, we may transfer certain personal information to trusted service providers and product partners located in countries outside Australia, including but not limited to Singapore, the United States, New Zealand, and the United Kingdom. Some of these jurisdictions may not offer the same level of data protection as under Australian privacy laws.

Where we transfer personal information overseas, we take reasonable steps to ensure it is handled in accordance with the Australian Privacy Principles (APPs). This includes entering into binding agreements with overseas recipients that impose obligations substantially similar to the APPs or verifying that they are subject to laws that offer comparable protection.

By using our services and submitting your personal information, you consent to this transfer, storage, and processing of your information outside Australia in accordance with this Privacy Policy.

RETENTION OF YOUR INFORMATION

We retain your personal information for as long as is necessary to fulfil the purposes for which it was collected. This typically includes helping you access rewards, providing support, fulfilling our contractual obligations, or enabling product partners to run targeted campaigns and programs.

In most cases, this means we retain your personal data for the duration of your active account. You may request account deletion at any time via the Shping App.

Upon deletion:

  • Any information that could personally identify you (such as name, email, phone number, or linked accounts) will be removed or securely de-identified.
  • We may continue to retain anonymised or aggregated data (including location, demographics, and survey results) for analytics, reporting, and product improvement. This data cannot be used to identify you.
  • We regularly review the information we hold to ensure it remains relevant to our operational requirements and those of our product partners.
  • In cases where we collect and process personal data at the instruction of a product partner, we act according to their direction — including retention or deletion timelines where applicable.

MINORS

We do not knowingly collect personal information or data of minors under 18 years of age. We have no control over who contacts us but we do not conduct business with anyone under 18 years of age. For our product partners, if they are using our products and services to collect or process data of children, then they must comply with the data protection laws applicable to them. In those circumstances, our product partners may be obliged to obtain express consent from the children’s parents or legal guardians prior to the use of our service.

YOUR RIGHTS

As a data subject whose personal information we collect and process, you have certain rights. If you wish to exercise any of these rights, then please email privacy@shping.com or use the contact details supplied below. In order to process your requests, we will ask you to provide two valid forms of identification for verification purposes.

Your rights are as follows:

Your Rights

As a user whose personal information we collect and process, you have specific rights under applicable privacy laws. You may exercise these rights at any time by emailing privacy@shping.com or using the contact details provided below. To protect your data, we may request two forms of valid identification to verify your identity before fulfilling your request.

Your rights include:

Right to be informed

You have the right to receive clear, transparent information about how we use your personal data. This Privacy Policy, along with any related notices or communications we may provide, is designed to keep you informed.

Right of access

You can request a copy of the personal data we hold about you at any time, free of charge. Upon verifying your identity (and the authority of any third-party requestor), we will provide:

  • The categories of personal data concerned
  • The purposes of processing
  • Any third parties with whom the data has been shared
  • The retention period for that data (where possible)
  • The source of the data if it was not collected directly from you

Right to rectification

If your personal data is inaccurate or incomplete, you may request that we correct or update it. This right can be combined with the right to restrict processing while we verify and correct the data.

Right to erasure (“right to be forgotten”)

You can request deletion of your personal information where no lawful basis or legitimate reason for continued processing exists. If your account is deleted through the App or upon your request, we will remove any association between your identity and the data we hold, although we may retain de-identified data for analytical or compliance purposes.

Right to restrict processing

You may ask us to restrict processing of your personal data in the following situations:

  • You contest the accuracy of the data and we are verifying it
  • The data has been unlawfully processed
  • We no longer need the data but you require it to establish, exercise, or defend a legal claim
  • You have objected to processing and a decision is pending

In such cases, we will store your data but not process it until the restriction is lifted.

Right to object

You may object to our processing of your personal data when it is:

  • Based on our legitimate interests (or those of a third party)
  • Used for direct marketing purposes
  • Processed for research or statistical purposes
  • Performed under a public task or legal authority

Right to delete your account via the App

You can delete your Shping account at any time directly within the App. Doing so will deactivate your account and trigger removal of any personally identifiable data, unless retention is required by law. We will retain non-personal, anonymised data for analytical or reporting purposes.

We aim to respond to all requests within 30 days, unless legal or operational constraints prevent us from doing so. If that happens, we will inform you promptly.

CHILDREN’S DATA

The Shping App is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under this age. If we become aware that we have collected personal information from a person under 18, we will take reasonable steps to delete that information promptly and securely.

DATA PROTECTION OFFICER

We have nominated a Data Protection Officer to take overall responsibility for matters of data protection and privacy. This is our Head of Information Security and you can contact them with any questions or concerns about your data by emailing privacy@shping.com (for more contact details see below).

We are not responsible for the content or privacy practices of third-party websites or services linked from our App or website.

CONTACT US

Should you have any questions, comments or concerns about this policy or how we handle and process your data then please email privacy@shping.com.

Our address is:

Authenticateit Pty Ltd (ABN 30 155 162 253) trading as Shping

Shping customer service teams may be contacted on 03 9924 4405 for Australia and +61 3 9924 4405 for overseas callers.

OPTING OUT OF BRAND TARGETING

You can opt out of receiving targeted content or being included in anonymised custom audience lists used for brand engagement by adjusting your preferences in the App or by contacting us at privacy@shping.com.

AUTOMATED PROFILING AND DECISION MAKING

We may use automated tools to analyse your activity and provide personalised experiences, offers, or content. This may include assigning you to consumer segments or recommending products based on your activity. You have the right to request human intervention or object to profiling by contacting us.

RIGHT TO DATA PORTABILITY

You may request a copy of your personal data in a structured, commonly used, and machine-readable format by contacting privacy@shping.com.

Our services are not intended for children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently received personal data from a child, we will delete it.

Effective Date: 1 August, 2025
Version: 10825_PP

Get Boss updates

Stay in the loop to get new news, boss rewards & offers.