Back to MyMAClub

App & Platform Data Protection

MyMAClub App and Platform Privacy Policy

Privacy practices for MyMAClub apps, dashboard, POS, KDS, kiosk, staff portal and AI-enabled platform features.

Version 2026.06.26.app-platform-privacy - Effective 2026-06-26

MyMAClub App and Platform Privacy Policy

Last updated: Friday 26 June 2026

This App and Platform Privacy Policy explains how Erick Jonathan Albarracin Mena, sole trader, trading as MyMAClub (ABN 60 310 347 544) (referred to in this policy as MyMAClub, we, us or our) collects, holds, uses and discloses personal information through the MyMAClub app, dashboard, POS tools, staff tools, loyalty tools, AI features and related hosted software services.

This policy applies to personal information collected when a customer organisation, account holder, authorised user, staff member or other permitted user accesses or uses the MyMAClub platform, mobile app, portal or related services.

This policy does not apply to information collected only through the public MyMAClub website, which is covered by a separate Website Privacy Policy.

1. Our approach to privacy

1.1 We respect privacy and aim to handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, where applicable.

1.2 Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

1.3 Because MyMAClub is a business platform, we may handle personal information relating to account owners, managers, staff members, venue personnel, loyalty members, end customers and other users whose information is entered into or generated within the platform.

2. The kinds of personal information we collect

2.1 Depending on the services used, we may collect and hold personal information such as:

a. account holder name;

b. business or trading name;

c. contact details, including email address, phone number and business address;

d. login credentials and account access details;

e. role, permissions and authorised user details;

f. venue profile information and business configuration details;

g. staff details, including names, roles, PINs, roster-related information, timesheet records and clock-in or clock-out records where those features are used;

h. customer or loyalty member details entered by the customer organisation, including names, contact details, loyalty activity and related records;

i. transaction and operational records entered into or generated through the platform, including sales records, menu and stock records, purchase records, supplier records, refund records and related audit logs;

j. device information, application logs, browser type, IP address, usage data, session activity and diagnostic data;

k. support enquiry records, onboarding records and implementation communications;

l. billing-related information, plan details, subscription status and payment history information made available to us through billing providers;

m. AI feature inputs, prompts, usage records and related outputs where AI tools are enabled; and

n. any other information provided to us through the platform, app, support channels or connected workflows.

2.2 We do not intend to collect full payment card details directly through the MyMAClub platform unless an express payment integration is introduced and separately disclosed.

2.3 Where Stripe or another third-party provider is used for subscription billing or top-ups, payment processing information may be collected and handled by that third party under its own terms and privacy practices.

3. How we collect personal information

3.1 We may collect personal information when:

a. an account is created;

b. subscription, onboarding or implementation details are submitted;

c. authorised users log in to or use the platform;

d. customer organisations upload, input, import or manage data within the platform;

e. staff, loyalty or operational records are entered into the system;

f. support requests, setup requests or technical issue reports are submitted;

g. AI tools are used within the platform;

h. billing or plan changes occur through third-party billing tools; or

i. platform usage data is generated automatically through normal use of the service.

3.2 We may collect information directly from you, from your organisation, from authorised users acting on your organisation's behalf, from integrations you enable, and from third-party service providers involved in hosting, analytics, communications or billing.

4. Why we collect, hold, use and disclose personal information

4.1 We may collect, hold, use and disclose personal information for purposes including:

a. providing access to the app, platform and subscribed services;

b. setting up customer accounts, venue profiles and authorised users;

c. delivering onboarding, implementation, support and troubleshooting;

d. operating POS, reporting, inventory, roster, loyalty, AI and related service functions;

e. maintaining records, logs, audit trails and security controls;

f. processing subscription billing, renewals, plan administration and AI credit top-ups;

g. improving, maintaining, testing, diagnosing and developing the platform and related services;

h. communicating service notices, updates, alerts and account-related information;

i. detecting misuse, fraud, security threats or unauthorised activity;

j. complying with legal obligations and responding to lawful requests; and

k. other related purposes reasonably expected in connection with use of the platform.

4.2 We may also use de-identified or aggregated information to analyse service performance, improve functionality, train internal systems, develop features and support product development, provided it does not reasonably identify an individual.

5. Customer responsibility for entered data

5.1 Where a customer organisation enters personal information into the platform relating to its staff, customers, loyalty members or other individuals, that customer organisation is responsible for ensuring it has the right to collect and use that information and to provide it to MyMAClub for the relevant platform purposes.

5.2 The customer organisation is also responsible for providing any required privacy notices and obtaining any required consents from those individuals.

6. AI features

6.1 Where AI-enabled features are available, user prompts, instructions, questions, inputs and related contextual data may be processed to generate outputs, assistance or operational guidance.

6.2 AI outputs may be incomplete, inaccurate or unsuitable for a particular purpose and must be reviewed by the user before reliance or implementation.

6.3 We may use AI usage records, prompts, technical logs and related service information for service delivery, quality control, diagnostics, safety, system improvement and feature development, subject to applicable law and this policy.

7. Disclosure of personal information

7.1 We may disclose personal information to third parties where reasonably necessary for the purposes described in this policy, including:

a. cloud hosting and infrastructure providers;

b. software, analytics and technical service providers;

c. communications, email and support service providers;

d. implementation, onboarding and operational support providers;

e. billing and subscription providers, including Stripe where used for subscription billing or credit top-ups;

f. AI model or AI infrastructure providers where AI features are enabled;

g. professional advisers, including legal, accounting and compliance advisers;

h. contractors and service providers assisting with system maintenance, support or development; and

i. government, regulatory, law enforcement or dispute resolution bodies where required or authorised by law.

7.2 We may also disclose personal information where part of the business or assets are restructured, transferred or sold, subject to appropriate safeguards.

8. Overseas disclosure

8.1 Some service providers used to host, analyse, support or power parts of the platform may store or process information outside Australia.

8.2 This may include providers involved in cloud hosting, AI services, infrastructure, communications, diagnostics, monitoring or billing.

8.3 Where personal information is disclosed overseas, we take reasonable steps to ensure it is handled in a manner consistent with applicable privacy requirements.

9. Data security

9.1 We take reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure.

9.2 These steps may include account authentication controls, access restrictions, role-based permissions, service provider due diligence, backups, logging, monitoring and other reasonable technical and organisational safeguards.

9.3 No method of electronic storage or transmission is completely secure. Because of this, we cannot guarantee absolute security.

10. Data retention and deletion

10.1 We retain personal information for as long as reasonably necessary to provide the services, maintain business and legal records, resolve disputes, enforce agreements and comply with legal obligations.

10.2 On termination of services, data may be retained for a limited period in accordance with applicable agreements, backup cycles, legal obligations and operational requirements.

10.3 Where information is no longer reasonably required, we may delete, destroy or de-identify it, subject to legal and operational constraints.

11. Access and correction

11.1 You may request access to personal information we hold about you and request correction if it is inaccurate, incomplete or out of date.

11.2 We may need to verify identity and authority before actioning a request.

11.3 Where a request relates to information controlled by a customer organisation, we may direct the individual to contact that organisation first where appropriate.

11.4 We may refuse access or correction where permitted by law, but if we do, we will explain why.

12. Cross-border, integrations and third-party services

12.1 The platform may connect with or rely on third-party services, integrations or infrastructure providers.

12.2 We are not responsible for the separate privacy practices of third-party services independently chosen or enabled by a customer, and those services may be governed by separate terms and privacy policies.

13. Complaints

13.1 If you have a privacy question, concern or complaint, you can contact us using the details below.

13.2 We will review the matter and respond within a reasonable time.

13.3 If you are not satisfied with our response, you may be able to make a complaint to the Office of the Australian Information Commissioner.

14. Changes to this policy

14.1 We may update this App and Platform Privacy Policy from time to time.

14.2 The latest version will be made available through the app, platform, website or another appropriate location.

15. Contact details

If you have questions about this policy or our privacy practices, contact:

Email: support@mymaclub.com