ODDR Group Pty Ltd is committed to protecting the privacy and security of your personal information. These documents outline how we collect, use, disclose, and manage your data.
This Privacy Policy explains how ODDR Group Pty Ltd ABN 71 672 666 232, of 28 Leigh Street Adelaide, SA 5000, Australia, and our applications and services, including ODDR (the App), handle personal information in Australia in line with the Privacy Act 1988, the Australian Privacy Principles (APPs) and the Privacy and Other Legislation Amendment Act 2024. It also explains our handling of Google user data obtained via Google OAuth and Google APIs.
By using our sites and the App, you agree to this Policy.
We collect personal information directly from you, automatically, and from third parties as permitted by law.
Contact details, account details, payment information, preferences, feedback, support requests, survey responses, competition entries.
Device and usage information, logs, cookies and similar technologies. See Cookies below.
Service providers that help us operate the App, analytics tools, and platforms you connect, including Google if you choose to link your account.
We do not collect more than is reasonably necessary for the purposes below.
We use personal information to:
This section explains how we handle data obtained through Google OAuth and Google APIs and is designed to satisfy Google's OAuth verification and API User Data requirements.
The exact scopes are shown on the Google consent screen and may vary by feature. We currently use or may use:
We do not request Gmail read scopes. Note that some restricted Gmail scopes, if ever added, may require a third party security assessment.
Only to provide and improve user-facing features you choose to use, for example: sign in and profile display, publishing and managing videos on your YouTube channel, and displaying channel and video analytics in the App. We do not use Google user data for advertising or unrelated purposes.
We do not sell Google user data. We only share it with service providers acting on our instructions to operate the App, or where required by law, and subject to confidentiality and data protection obligations.
We do not use or share Google user data for targeted advertising, sale to data brokers, credit decisions, creating independent databases, training AI models, or any use beyond providing and improving the App features you use.
Access tokens are encrypted at rest and are short lived. Refresh tokens, if issued, are encrypted, access controlled, rotated where supported, and deleted if you disconnect or after 90 days of inactivity. Content retrieved from Google is stored only where needed to deliver the feature, processed in memory where feasible, and removed when no longer required. Backups are encrypted and retained up to 35 days.
You can disconnect your Google account in the App at any time, or revoke access via your Google Account settings. You can also request deletion of Google-originating data we hold.
You can also revoke our access at any time in your Google Account at myaccount.google.com under Security > Third-party access. When you disconnect or revoke access we stop collecting Google data, delete refresh tokens, and delete stored Google-originating content as described in 5.5.
If you use YouTube features, you agree to the YouTube Terms of Service and the YouTube API Services Developer Policies. Google's general Privacy Policy also applies.
We comply with Google's API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide or improve user-facing features, do not transfer it except to service providers to operate the App or where required by law, do not use it for advertising, and do not sell it.
We use cookies and similar technologies to operate the site, remember preferences, prevent fraud, and understand product use. You can manage cookies in your browser settings. Essential cookies may be required for the site to function. See our Cookie Notice for details.
We disclose personal information to service providers that help us deliver the App (including payment processing, hosting, analytics, support and security). Some recipients may be located overseas. If we disclose personal information outside Australia, we will take reasonable steps to ensure the overseas recipient handles it in accordance with the APPs (including APP 8). We will publish the countries or regions of any overseas recipients on our website privacy page if this changes. At this time, we do not make any overseas disclosures.
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. Controls include encryption in transit and at rest, least privilege access, multi-factor authentication for administrative access, audit logging, vulnerability management and regular security reviews.
We retain personal information only for as long as needed for the purposes in this Policy or as required by law. When no longer needed, we take reasonable steps to destroy or de-identify it. For Google user data, see section 5.5.
You can request access to, or correction of, the personal information we hold about you. We will respond within a reasonable time and give reasons if we refuse any part of a request, along with how to complain. Where appropriate and subject to legal obligations, you can also request deletion. Contact us using the details below.
If we use automated decision making that has a legal or similarly significant effect, we will tell you and provide a simple way to request human review where required by law.
We may send you product updates and marketing where permitted. You can opt out at any time using the unsubscribe link or by contacting us.
If an eligible data breach occurs, we will notify affected individuals and the Office of the Australian Information Commissioner as required, including recommendations to help you protect yourself. We keep a data breach response plan consistent with OAIC guidance.
Our services are not directed to children under 16 and we do not knowingly collect personal information from them.
We may update this Policy from time to time. The new version will be posted on our website with a new effective date. If changes are material, we will provide an in-product notice or email where appropriate.
If you have questions, or wish to make a privacy complaint or exercise your rights, contact our Privacy Officer:
Email: privacy@oddr.org
We will acknowledge and respond within a reasonable time. If you are not satisfied, you can lodge a complaint with the Office of the Australian Information Commissioner using its complaint pathway.
OAIC contact and guidance are available at https://www.oaic.gov.au/contact-us.
ODDR Group Pty Ltd is committed to protecting the privacy and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and manage your personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 and the Privacy and Other Legislation Act 2024.
We may collect personal information from you in various ways, including but not limited to:
The types of personal information we may collect include:
We may use your personal information for the following purposes:
We may disclose your personal information to third parties in the following circumstances:
We ensure that these third parties adhere to strict data protection standards.
We take reasonable steps to protect your personal information from unauthorised access, use, or disclosure. We implement appropriate technical and organisational measures to safeguard your personal information, including encryption, multi-factor authentication, and regular security audits.
You may request access to the personal information we hold about you and request corrections if necessary. To exercise these rights, please contact us using the details below. We will respond to your request within the required timeframe.
We use cookies and similar technologies to enhance your experience on our website. Cookies help us remember your preferences and track website usage. You can manage your cookie preferences through your browser settings, including disabling cookies if desired.
We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy or as required by law. When your data is no longer needed, we will securely delete or anonymise it.
We may update this Privacy Policy from time to time. Any changes will be effective immediately upon posting the revised policy on our website. We encourage you to review this Privacy Policy periodically for updates.
If you have any questions or concerns about our Privacy Policy or our handling of your personal information, please contact us at:
Email: privacy@oddr.org