Privacy

Last updated: 2026-07-06. This page describes how DealHive (dealhive.com.au) collects, uses, stores, and shares information. We aim to be honest and specific rather than legalistic.

Pre-launch heads up: a formal privacy policy will be issued after professional legal review (queued pre-public-launch). The current document is a good-faith factual description of what the site actually does today; it tries to be more accurate than typical privacy notices but isn't a legal contract. If you need anything in writing, contact us.

Who we are

DealHive is an Australian community deals site operated under preparation for commercial launch. Contact us via the contact form. We operate primarily under the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth).

What information we collect

  • Account details: email address, display name + chosen username, a securely hashed password (handled by Supabase Auth). Optional avatar URL if you upload one.
  • Content you submit: deals you post, comments you write, votes you cast, reports you file, alerts you set up.
  • Engagement signals: deals you save, retailers you follow, click-throughs (see “IP addresses” below for how clicks are tracked). For deals where DealHive has attached an affiliate URL, the click record additionally carries a was_affiliate=true flag so the affiliate program can be measured internally. See the affiliate disclosure for full detail.
  • Reputation + tier: a public reputation score derived from your contributions. See /rules for how it works.
  • Local-deals preferences (opt-in): the cities you select for the “Show me local deals” feature. Stored in a self-only access-controlled table (other users cannot see your home cities). The cities you pick may also be used to show you personalised local advertising for those cities.
  • Approximate-location consent (opt-in, IP-based, separate from precise GPS): if you opt in to the “Personalise my content based on where I am” feature, we use your IP address to approximate your city (~50km accuracy, never your precise address) at request time. The resolved city is used to personalise the deals, events, and content you see, and may inform personalised local advertising. We retain limited derived data (e.g. the resolved city code, and a non-recoverable derivative of your IP) for fraud-protection and security purposes. We do not retain your raw IP for this feature.
  • Commercial-data-use consent (opt-in): a flag indicating you have opted in to letting your activity be used for commercial data products (see “Commercial data use” below).
  • Email digest preferences (opt-in): your chosen frequency (off / daily / weekly / monthly).
  • Auth events (security): login attempts, password resets and changes, MFA enrolments, suspicious-login alerts. Each event includes user_id, event type, timestamp, IP address, user-agent, and event-specific metadata. See “IP addresses” for storage details.

How we use your information

We use the information collected above for:

  • Running the core deals site (showing you the feed, displaying your deals + comments, calculating reputation, sending notifications you opted in to).
  • Security (preventing account takeover, detecting suspicious login activity, rate-limiting spam, enforcing account restrictions).
  • Spam + abuse prevention (AI moderation of submissions, vote and click dedup via hashed IPs, report quorums for confirmed-bad deals).
  • Personalisation you opt in to (local-deals filter, approximate-location ad targeting, commercial-data-use insights).
  • Aggregated analytics about how the site is used (e.g. “Brisbane users save 3x more grocery deals than Sydney users”) - only includes users who have opted in to the “Help DealHive grow” commercial data use.

Who can see what

  • Public: your display name, username, reputation, tier badge, deals you submit, comments you post, votes you cast (anonymous - vote counts visible, individual voters not).
  • Your private settings: your home cities, approximate-location opt-in, commercial-data-use consent, email digest frequency, alerts you set, saved deals, and deal reminders are visible only to you and to site admins (when administering).
  • Email address: only you and admins can see your email. Never shown publicly.
  • Click data: only admins can see aggregated click totals. Hashed IPs are not human-readable.
  • Auth events (login history, MFA changes): visible to you on /profile/security and to admins. Not shared with anyone else.
  • Moderators: if we appoint someone to a moderator role, they can review and action flagged content, comments, deal reports, and contact-form submissions (which include the sender's email and message), view a member's public posts, comments and reports when moderating, and apply account restrictions (for example posting cooldowns or bans) to non-staff accounts. Moderators do not have access to your private settings, email, click data, or auth-event history (login/IP records); those stay admin-only. No moderators are currently appointed.

IP addresses (split-by-purpose)

We handle IP addresses differently depending on the context. Three patterns are in use:

  • Raw IPs stored on auth events (security forensics): when you sign up, log in, change your password, set up or check MFA, or trigger a suspicious-login alert, we store your IP in our auth_events table. This is essential for security: detecting account takeover attempts, enforcing per-IP failed-login lockouts, investigating compromise reports. You can see your own auth-event IPs on your security page. We don't share these with anyone other than law-enforcement on a valid request.
  • Stored in non-recoverable form for dedup (clicks, votes, contact form): when you click a deal, vote, or submit a contact form, your IP is converted to a non-recoverable derivative before storage. We cannot reverse this to recover the raw IP - only verify “same actor as before” for dedup and spam control. The same pattern will apply to the IP-approximate-location feature. The specific cryptographic method we use may evolve over time as standards improve; in all cases the stored form will be designed so the original IP cannot be reconstructed from what we hold.
  • Not stored at all (signup IP-geolocation): on your very first signup we may use the request IP for a one-time location suggestion. The IP itself is never stored against your account from that lookup - it's used and discarded immediately.

What we don't do: sell or share raw or hashed IPs with third parties for advertising, profiling, or any other use beyond the security + dedup purposes above. If this changes we'll ask for fresh, specific consent at the time.

Cookies and similar technologies

  • Session cookies: set by Supabase Auth (PKCE flow) to keep you logged in. HttpOnly + SameSite=Lax. Expire on logout or after extended inactivity.
  • No third-party analytics trackers: no Google Analytics, no Facebook Pixel, no LinkedIn Insight Tag, no Plausible / Mixpanel / Segment. Only first-party Supabase + DealHive cookies.
  • No advertising cookies (currently): we don't set any third-party advertising cookies. When we launch ads in the future, we'll disclose any ad-related cookies here and any cookies that require consent will be gated behind explicit opt-in.

Commercial data use (opt-in)

DealHive may use, share, license, or sell data about how members use the site to commercial partners (retailers, market researchers, press). This includes activity signals such as the deal categories you save, what you click, when you visit, and similar engagement patterns. Location information is handled separately - see the “Personalised local content” section below for that opt-in.

We may publish this data as aggregate insights reports, sell access via APIs, or include it in custom partner reports. We retain discretion to expand the scope of commercial use over time as the business grows. This data use only includes members who have explicitly opted in via the toggle on your local-deals settings. Default is OFF unless you actively turn it on.

Opting out at any time takes effect immediately for future activity; data already used in past published reports can't be retroactively withdrawn, but no further use happens once you opt out.

Personalised local content (opt-in, separate)

Separate from the commercial-data-use opt-in above, we offer two location-related opt-ins on the local-deals settings page: one for the cities you pick manually, and one for letting us approximate your location from your IP address. Both opt-ins, when enabled, may be used to show you personalised local advertising and to offer city-level ad-targeting capability to local advertisers as a way to fund the site - in addition to personalising the deals, events, and content you see.

The two opt-ins are independent and can be toggled separately. The IP-based opt-in uses your IP at request time to approximate your city (~50km accuracy); we never collect your precise GPS coordinates or street address through either feature. Toggle either off any time on the settings page and we stop using that signal for personalisation + advertising. The specific technologies we use for the IP lookup + storage may evolve over time; the user-facing commitments (approximate city only, never precise; revocable; not retained as raw IP) remain.

Personally identifying information (PII)

The commercial-data-use opt-in above does NOT authorise sharing of personally identifying information about you with third parties. PII for our purposes means: your email address, full name, login activity, deal history linked to your identity, or any other data that directly identifies you as an individual.

We don't currently share PII with third parties (other than service providers necessary to run the site - e.g. Supabase for the database, Resend for email delivery). If this ever changes - for example a future partnership that wants access to email lists or named user profiles - we'll ask for fresh, specific consent at that time. The general opt-in alone does not authorise it.

Data retention

  • Account + profile: retained while your account exists. Deletion via /profile/account removes your profile + anonymises your content (deals + comments stay visible but show “[deleted]” as the author).
  • Deals + comments + votes: retained as part of the public record of community activity, with author anonymised on account deletion.
  • Click tracking: hashed IPs retained for analytics. Cleanup cron planned.
  • Auth events (raw IPs): raw rows with your IP are kept for 180 days for security forensics, then the nightly retention cron rolls each day up into an aggregated daily summary (event counts plus distinct-user and distinct-IP counts, no per-event IP) kept indefinitely for security pattern analysis, and deletes the raw rows.
  • Notifications: read notifications retained 30 days, unread 90 days, then deleted by the nightly retention cron.
  • AI API call logs: retained 90 days (cost + audit), then rolled up to daily totals and deleted by the nightly retention cron.
  • Saved deals / retailer follows / user preferences: retained until you delete them or your account.
  • Deal reminders: the deal and remind-time you set are kept until the reminder is sent, you cancel it, or you delete your account. Reminders are delivered as an in-app notification plus an email to your account address.

Consent audit trail

Every consent action you take on DealHive - agreeing to these Terms and Privacy Policy at signup, opting in or out of commercial data use, opting in or out of location personalisation, setting up local cities - is recorded in a dedicated audit log with the timestamp, your IP address, your browser's user-agent string, and (for document agreements) the version of the document you accepted. This protects both you and us if a consent action is ever disputed.

You can request your own consent history at any time via the contact form (subject: “Consent history request”). Retained indefinitely - this information protects your rights as much as ours, so we keep it for the lifetime of your account.

Your rights

  • Access: view what we store about you via /profile, /profile/saved, /profile/regions, and /profile/security.
  • Edit: change your display name, email-digest frequency, local-deals preferences, and consents on the relevant settings pages.
  • Delete: permanent account deletion via /profile/account. Admin accounts are blocked from self-deletion for security reasons.
  • Export: request a data export via /contact (subject: “Data export request”). We aim to respond within 30 days per APP 12.
  • Withdraw consent: toggle off any opt-in on the relevant settings page. Reputation you earned via opt-in grants is NOT clawed back when you opt out.
  • Complain to the OAIC: if you believe we've mishandled your information, you can complain to the Office of the Australian Information Commissioner (OAIC). Their contact details are at oaic.gov.au.

Security

We follow standard security practices: HTTPS everywhere with HSTS preload eligibility, content-security-policy headers, CSRF protection via same-origin checks on every mutation route, row-level security on user-data tables, and secrets kept out of the codebase entirely. To report a vulnerability, use the contact form and mark it as a security report; we will respond promptly and ask that you give us a reasonable window to fix the issue before any public disclosure.

Children

DealHive is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has signed up, contact us and we'll remove the account.

International users

DealHive is Australian-focused. Our database (Supabase) is hosted in their default region (subject to confirmation pre-launch). If you're visiting from outside Australia, your information may be processed in another country with different data protection laws. By using the site you consent to this processing.

Changes to this policy

We may update this policy as the site evolves. Material changes will be announced via a banner on this page for at least 14 days. The “last updated” date at the top reflects the current version; earlier versions are retained internally and are available on request.

Contact

Questions, complaints, requests for data access/export/deletion, or vulnerability reports: use the contact form and we'll get back to you. Data-rights requests are actioned within 30 days.