Login
Login
Login

Privacy Policy

Effective date: 2 October 2025

1. Introduction

This Privacy Policy explains how ODDR Group Pty Ltd ABN 71 672 666 232, of Level 1 83 Greenhill Road, Wayville, SA 5034, Australia, and our applications and services, including ODDR (the App), handle personal information in Australia in line with the Privacy Act 1988, the Australian Privacy Principles (APPs) and the Privacy and Other Legislation Amendment Act 2024. It also explains our handling of Google user data obtained via Google OAuth and Google APIs.

By using our sites and the App, you agree to this Policy.

2. Key definitions

  • Personal information has the meaning in the Privacy Act 1988.
  • Google user data means data accessed via Google OAuth and Google APIs under the scopes you approve.
  • We, us, or ODDR means ODDR Group Pty Ltd.

3. What we collect and how we collect it

We collect personal information directly from you, automatically, and from third parties as permitted by law.

Directly from you
Contact details, account details, payment information, preferences, feedback, support requests, survey responses, competition entries.

Automatically
Device and usage information, logs, cookies and similar technologies. See Cookies below.

From third parties
Service providers that help us operate the App, analytics tools, and platforms you connect, including Google if you choose to link your account.

We do not collect more than is reasonably necessary for the purposes below.

4. How we use personal information

We use personal information to:

  • provide and improve the App and our services
  • set up and manage your account, process payments and orders
  • communicate with you and respond to enquiries
  • personalise features you use
  • secure and monitor our systems
  • run analytics and product research
  • send marketing where permitted with an opt out in every message
  • comply with laws and enforce our terms.

5. Google user data

This section explains how we handle data obtained through Google OAuth and Google APIs and is designed to satisfy Google’s OAuth verification and API User Data requirements.

5.1 Scopes we may request

The exact scopes are shown on the Google consent screen and may vary by feature. We currently use or may use:

  • Basic identity: openid, email, profile
  • YouTube: https://www.googleapis.com/auth/youtube.upload, https://www.googleapis.com/auth/yt-analytics.readonly, https://www.googleapis.com/auth/youtube.readonly

We do not request Gmail read scopes. Note that some restricted Gmail scopes, if ever added, may require a third party security assessment.

5.2 How we use Google user data

Only to provide and improve user facing features you choose to use, for example: sign in and profile display, publishing and managing videos on your YouTube channel, and displaying channel and video analytics in the App. We do not use Google user data for advertising or unrelated purposes.

5.3 Sharing of Google user data

We do not sell Google user data. We only share it with service providers acting on our instructions to operate the App, or where required by law, and subject to confidentiality and data protection obligations.

5.4 Prohibited uses

We do not use or share Google user data for targeted advertising, sale to data brokers, credit decisions, creating independent databases, training AI models, or any use beyond providing and improving the App features you use.

5.5 Storage, security and retention of Google user data

Access tokens are encrypted at rest and are short lived. Refresh tokens, if issued, are encrypted, access controlled, rotated where supported, and deleted if you disconnect or after 90 days of inactivity. Content retrieved from Google is stored only where needed to deliver the feature, processed in memory where feasible, and removed when no longer required. Backups are encrypted and retained up to 35 days.

5.6 Your choices and control

You can disconnect your Google account in the App at any time, or revoke access via your Google Account settings. You can also request deletion of Google originating data we hold.
You can also revoke our access at any time in your Google Account at myaccount.google.com under Security > Third-party access. When you disconnect or revoke access we stop collecting Google data, delete refresh tokens, and delete stored Google-originating content as described in 5.5.

5.7 YouTube API Services notices

If you use YouTube features, you agree to the YouTube Terms of Service and the YouTube API Services Developer Policies. Google’s general Privacy Policy also applies.

5.8 Google API Services User Data Policy compliance (Limited Use)

We comply with Google’s API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide or improve user facing features, do not transfer it except to service providers to operate the App or where required by law, do not use it for advertising, and do not sell it.

6. Cookies and similar technologies

We use cookies and similar technologies to operate the site, remember preferences, prevent fraud, and understand product use. You can manage cookies in your browser settings. Essential cookies may be required for the site to function. See our Cookie Notice for details.

7. Disclosure to third parties and cross border disclosures

We disclose personal information to service providers that help us deliver the App (including payment processing, hosting, analytics, support and security). Some recipients may be located overseas. If we disclose personal information outside Australia, we will take reasonable steps to ensure the overseas recipient handles it in accordance with the APPs (including APP 8). We will publish the countries or regions of any overseas recipients on our website privacy page if this changes. At this time, we do not make any overseas disclosures.

8. Data security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. Controls include encryption in transit and at rest, least privilege access, multi factor authentication for administrative access, audit logging, vulnerability management and regular security reviews.

9. Data retention

We retain personal information only for as long as needed for the purposes in this Policy or as required by law. When no longer needed, we take reasonable steps to destroy or de identify it. For Google user data, see section 5.5.

10. Access, correction and deletion requests

You can request access to, or correction of, the personal information we hold about you. We will respond within a reasonable time and give reasons if we refuse any part of a request, along with how to complain. Where appropriate and subject to legal obligations, you can also request deletion. Contact us using the details below.

11. Automated decisions

If we use automated decision making that has a legal or similarly significant effect, we will tell you and provide a simple way to request human review where required by law.

12. Marketing communications

We may send you product updates and marketing where permitted. You can opt out at any time using the unsubscribe link or by contacting us.

13. Notifiable Data Breaches scheme

If an eligible data breach occurs, we will notify affected individuals and the Office of the Australian Information Commissioner as required, including recommendations to help you protect yourself. We keep a data breach response plan consistent with OAIC guidance.

14. Children

Our services are not directed to children under 16 and we do not knowingly collect personal information from them.

15. Changes to this Policy

We may update this Policy from time to time. The new version will be posted on our website with a new effective date. If changes are material, we will provide an in product notice or email where appropriate.

16. How to contact us or make a complaint

If you have questions, or wish to make a privacy complaint or exercise your rights, contact our Privacy Officer:
Email: privacy@oddr.org

We will acknowledge and respond within a reasonable time. If you are not satisfied, you can lodge a complaint with the Office of the Australian Information Commissioner using its complaint pathway.

OAIC contact and guidance are available at https://www.oaic.gov.au/contact-us.