Australian Privacy Collection Notice
Effective Date: 10 February 2026 Last Updated: 10 February 2026
This Privacy Collection Notice is provided in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). It explains how DiscoverWorthy collects, uses, and discloses personal information of Australian users.
This notice supplements our general Privacy Policy.
1. Our Identity and Contact Details
DiscoverWorthy
- Email: dpo@discoverworthy.com
- Address: 140 Keller Road, ESSENDON NORTH, VIC 3041
2. Personal Information We Collect
We collect the following kinds of personal information from Australian users:
2.1. Account Information
| Information | How Collected |
|---|---|
| Email address | Provided by you at registration |
| Full name | Provided by you (optional) |
| Avatar URL | Provided by you (optional) |
| Organization name and type | Provided by you |
| Website domain | Provided by you |
2.2. Billing Information
| Information | How Collected |
|---|---|
| Billing email | Provided by you |
| Card last 4 digits, brand, expiry | From Stripe (payment processor) |
| Subscription tier (Found $0/Known $19/Basic $99/Pro $189 AUD) | Selected by you |
| Billing history | Generated from payment processing |
2.3. Content and AI Data
| Information | How Collected |
|---|---|
| Blog post content | Created by you and AI |
| Brand voice guidelines | Provided by you / analyzed from your website |
| Products and services information | Provided by you |
| Team member details (name, role, specialties, email, photo) | Provided by you |
| Customer story data (name, email, company, conversation transcript) | Provided by story participants |
| Referral data (name, email, title, company, LinkedIn, photo) | Provided by referral participants |
2.4. Technical and Analytics Data
| Information | How Collected |
|---|---|
| IP address | Automatically collected |
| Device type, browser, OS | Automatically collected |
| Page views and engagement | Self-hosted analytics |
| Country and region | Derived from IP address |
3. Why We Collect This Information
We collect personal information for the following purposes:
| Purpose | Information Used |
|---|---|
| Providing our service | Account info, content, integrations |
| AI content generation | Content, brand voice, team info, customer stories |
| Payment processing | Billing info via Stripe |
| Communications | Email address for notifications, invitations, reminders |
| Analytics and improvement | Technical data, page views, engagement |
| Security | IP address, session data, rate limiting |
| Legal compliance | Billing records (7-year retention) |
4. Consequences of Not Providing Information
If you choose not to provide certain personal information:
| Information Withheld | Consequence |
|---|---|
| Email address | Cannot create an account or use the Service |
| Billing information | Cannot subscribe to paid plans |
| Website domain | Cannot use blog publishing, crawler, or SEO features |
| Team member details | Cannot attribute content to specific authors |
| Brand voice data | AI-generated content will use generic tone |
5. Who We Disclose Information To
We disclose personal information to the following categories of recipients:
| Recipient | Purpose | What We Share |
|---|---|---|
| Azure OpenAI (Microsoft) | AI content generation | Blog content, customer names, conversation transcripts, brand voice |
| Azure DALL-E 3 (Microsoft) | Cover photo generation | Blog titles, keywords |
| Stripe, Inc. | Payment processing | Email, payment details |
| Google LLC | Search Console, Business Profile | OAuth tokens, search data |
| Twilio, Inc. | SMS verification | Phone numbers |
| Brave Software, Inc. | Keyword tracking | Keywords, locale |
| Azure Communication Services (Microsoft) | Email delivery | Email addresses, message content |
6. Overseas Disclosure (APP 8)
Your personal information will be disclosed to recipients located outside Australia.
This is an important disclosure under APP 8. The following table details each overseas recipient:
| Recipient | Country | What Data | Why |
|---|---|---|---|
| Azure OpenAI (GPT-4o) | United States | Blog content, customer names, companies, conversation transcripts, brand voice, team info | AI content generation — core platform feature |
| Azure DALL-E 3 | United States | Blog titles, keywords, excerpts | Cover photo generation |
| Stripe, Inc. | United States | Payment methods, billing email, customer ID | Payment processing |
| Google LLC | United States | OAuth tokens, search performance data | Search Console and Business Profile integrations |
| Twilio, Inc. | United States | Phone numbers | SMS delivery for team member verification |
| Brave Software, Inc. | United States | Search keywords, locale | SERP keyword ranking tracking |
| Azure Communication Services | United States | Email addresses, message content | Email delivery (notifications, invitations) |
| Azure SQL Database | Australia East | All stored data (encrypted) | Primary data storage |
Summary: Your personal information is primarily disclosed to recipients in the United States. While our application hosting may use Azure Australia East, our AI processing, payment, and integration services are US-based.
We take reasonable steps to ensure overseas recipients handle your personal information in accordance with the Australian Privacy Principles, including:
- Contractual data processing agreements with all processors
- Encryption at rest and in transit
- Access controls and security measures
- Ensuring processors do not use data for their own purposes
Important: Under APP 8, if an overseas recipient handles your personal information in breach of the APPs, DiscoverWorthy remains accountable for that breach as if we had committed it ourselves.
7. How We Hold and Protect Information (APP 11)
We protect your personal information with:
7.1. Technical Measures
- Encryption at rest: Azure SQL Transparent Data Encryption (TDE)
- Encryption in transit: HTTPS/TLS for all communications
- Secure authentication: httpOnly, Secure session cookies; email-based magic links (no passwords stored)
- Rate limiting: On authentication, API, and analytics endpoints
- Input validation: Parameterized SQL queries, content sanitization
7.2. Organizational Measures
- Role-based access controls
- Regular security reviews
- Incident response procedures
8. Access and Correction (APPs 12–13)
8.1. Right to Access (APP 12)
You may request access to the personal information we hold about you. To make a request:
- Email dpo@discoverworthy.com with the subject "Privacy Access Request"
- We will verify your identity and respond within 30 days
- We may charge a reasonable fee for providing access (but not for making the request)
8.2. Right to Correction (APP 13)
You may request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading. To make a request:
- Email dpo@discoverworthy.com with the subject "Privacy Correction Request"
- We will respond within 30 days
- If we disagree that correction is needed, we will provide reasons and note your request
9. Direct Marketing (APP 7)
We may send you emails about service updates, new features, and tips. You can opt out at any time by:
- Using the unsubscribe link in any marketing email
- Updating your email preferences in account settings (performance_emails_enabled)
We will give effect to your opt-out request promptly.
10. Complaints
If you believe we have breached the Australian Privacy Principles, you may lodge a complaint:
10.1. With Us
- Email dpo@discoverworthy.com with the subject "Privacy Complaint"
- We will acknowledge your complaint within 7 days
- We will investigate and respond within 30 days
10.2. With the OAIC
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner:
- Website: oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au
- Address: GPO Box 5288, Sydney NSW 2001
11. Our Privacy Policy
This Collection Notice should be read together with our full Privacy Policy, which contains additional details about:
- How we manage personal information (APP 1)
- Data retention periods
- Cookies and tracking technologies
- Your rights under other jurisdictions
12. Changes to This Notice
We may update this notice from time to time. Material changes will be communicated via email. The "Last Updated" date will be revised accordingly.