Privacy Policy

Last updated: 26 April 2026

Coverly is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we collect, use, disclose, store, and protect your personal information, and your rights to access and correct it. By using our services, you consent to the practices described in this policy.

1. About This Policy

This policy applies to personal information collected by Coverly (ABN 40 818 719 590) through our website at coverly.au, our mobile applications, our customer service channels, and any related services (together, the Services).

We are bound by the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), the Spam Act 2003 (Cth), and the Notifiable Data Breaches (NDB) scheme. We also have regard to guidance issued by the Office of the Australian Information Commissioner (OAIC).

2. Personal Information We Collect

We only collect personal information that is reasonably necessary for our functions and activities. The types of information we may collect include:

2.1 Information you provide

  • Full name, email address, and phone number
  • Shipping and billing addresses
  • Account credentials (email and hashed password)
  • Order history and purchase preferences
  • Communications with our customer experience team
  • Product reviews, feedback, and survey responses

2.2 Information collected automatically

  • IP address, browser type, device identifiers, and operating system
  • Pages visited, time spent, and navigation patterns on our site
  • Referral source and search terms used to find us
  • Approximate location derived from your IP address

2.3 Sensitive information

We do not collect sensitive information (as defined in the Privacy Act) unless it is necessary and you have provided explicit consent. Payment card details are not stored by us — they are processed and tokenised securely by our PCI-DSS compliant payment providers.

3. How We Collect Personal Information

We collect information through:

  • Forms you complete (account registration, checkout, newsletter sign-up, contact form)
  • Cookies, pixels, and similar tracking technologies (see section 6)
  • Third-party service providers that assist with analytics, payments, and shipping
  • Communications you initiate with us (email, chat, phone)

Wherever lawful and practicable, you may interact with us anonymously or using a pseudonym. However, we will need to know who you are to process an order or provide certain account-linked services.

4. Why We Collect, Hold, Use, and Disclose

We collect, hold, use, and disclose your personal information for the following purposes:

  • Order processing: to fulfil and deliver your orders, process payments, and send transactional communications
  • Customer support: to respond to your enquiries, handle returns, and resolve disputes
  • Account management: to create and maintain your customer account, including saved addresses and preferences
  • Marketing (with consent): to send promotional emails, product updates, and offers you have opted into
  • Analytics and improvement: to understand how you use our site and improve your experience
  • Legal compliance: to meet our obligations under Australian law, including tax and consumer law
  • Fraud prevention: to detect and prevent fraudulent transactions and protect the security of our Services

We will not use or disclose your personal information for a secondary purpose unrelated to the primary purpose of collection unless you have consented or an exception under the Privacy Act applies.

5. Disclosure to Third Parties

We do not sell, rent, or trade your personal information. We may disclose information to:

  • Payment processors (e.g., Stripe) to process transactions securely
  • Shipping and fulfilment partners to deliver your orders
  • Cloud infrastructure providers who host our platform and database
  • Analytics providers who help us understand site usage (aggregated or de-identified data)
  • Email and marketing service providers who send communications on our behalf
  • Professional advisers (legal, accounting) where required
  • Regulatory and law enforcement bodies where disclosure is required or authorised by law

All third parties we engage are subject to confidentiality obligations and data processing agreements that align with the APPs.

6. Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to operate our site, remember your preferences, analyse traffic, and personalise your experience. The types we use:

  • Essential cookies: required for core site functionality — session handling, shopping cart, checkout, and security
  • Functional cookies: remember your preferences and settings between visits
  • Analytics cookies: help us understand how visitors interact with our site (e.g., page views, time on site)
  • Marketing cookies: used to show relevant advertisements and measure campaign performance

You can manage or disable cookies through your browser settings at any time. Please note that disabling essential cookies may affect the functionality of our checkout and account features. We do not respond to browser “Do Not Track” signals in a uniform way at this stage; however, we provide opt-out mechanisms for marketing communications and analytics tracking where applicable.

7. Cross-Border Disclosure of Personal Information

Some of our third-party service providers operate infrastructure or have personnel located outside Australia. This means your personal information may be stored, accessed, or processed in other countries, including the United States, the European Union, and Singapore.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient complies with the APPs (or equivalent protections) and that the disclosure is permitted under APP 8. Where appropriate, we enter into data processing agreements that include contractual privacy safeguards.

By providing your personal information to us, you acknowledge that your information may be transferred to, stored, and processed outside Australia. You also acknowledge that overseas recipients may be subject to foreign laws that could require disclosure to authorities in those countries.

8. Security of Your Personal Information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure, as required by APP 11. Our measures include:

  • Encryption of data in transit using TLS 1.3
  • Encryption of data at rest where supported by our infrastructure providers
  • Role-based access controls and least-privilege principles for internal data access
  • Regular security assessments and monitoring
  • PCI-DSS compliant payment processing (card data is never stored on our servers)
  • Multi-factor authentication for administrative access

While we employ industry-standard security practices, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.

9. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Account information: retained while your account is active, and for a reasonable period after closure
  • Order records: retained for at least 7 years to comply with Australian tax and record-keeping obligations
  • Marketing consent records: retained while you remain subscribed
  • Analytics data: retained in de-identified or aggregated form where possible

When information is no longer required, we take reasonable steps to securely destroy or permanently de-identify it.

10. Notifiable Data Breaches

Under the Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act, if we have reasonable grounds to believe an eligible data breach has occurred — that is, unauthorised access, disclosure, or loss of personal information that is likely to result in serious harm to individuals — we will:

  • Promptly investigate and assess the suspected breach
  • Notify affected individuals as soon as reasonably practicable if the breach is likely to result in serious harm
  • Notify the OAIC using the Notifiable Data Breach Statement

11. Marketing Communications

We comply with the Spam Act 2003 (Cth). We only send commercial electronic messages where:

  • You have given express or inferred consent to receive them
  • The message clearly identifies us as the sender
  • The message includes a functional unsubscribe facility

You can withdraw your consent at any time by clicking the “Unsubscribe” link in any marketing email, updating your communication preferences in your account settings, or contacting us directly. We will process your request within 5 business days. Transactional communications (order confirmations, shipping updates, account notifications) are not marketing messages and will continue regardless of your marketing preferences.

12. Automated Decision-Making

We do not currently use automated decision-making that produces legal effects or similarly significant effects concerning you. If we introduce such systems in the future, we will update this policy, provide meaningful information about the logic involved, and offer an opportunity for human review where required by law.

13. Your Rights: Access and Correction

Under the APPs, you have the right to:

  • Access the personal information we hold about you (APP 12), subject to exceptions in the Privacy Act
  • Correction of your personal information if it is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13)
  • Complaint: lodge a complaint with us if you believe we have breached the APPs, and with the OAIC if you are not satisfied with our response

To request access or correction, please contact us using the details in section 15. We will respond within a reasonable period — generally within 30 days. We may need to verify your identity before processing your request. Access is free in most cases, but we may charge a reasonable fee for extensive requests.

14. Complaints and the OAIC

If you have a concern about how we have handled your personal information, please contact our Privacy Officer first so we can investigate and respond.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner:

Website: www.oaic.gov.au

Phone: 1300 363 992

Post: GPO Box 5288, Sydney NSW 2001

15. Contact Our Privacy Officer

For privacy-related enquiries, access or correction requests, or complaints, please contact:

Coverly — Privacy Officer

Email: hiya@coverly.au

We will acknowledge receipt of your enquiry within 2 business days and aim to resolve the matter within 30 days.

16. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal obligations, or other factors. When we make material changes, we will post the revised policy on this page, update the “Last updated” date, and notify you by email or via a notice on our website where appropriate. Your continued use of our Services after changes take effect constitutes acceptance of the updated policy. We encourage you to review this policy periodically.