Privacy Policy

Last Updated: March 28, 2025

uNepal Australia Pvt Ltd ("Company," "we," "us," "our"), a private limited company incorporated under the Corporations Act 2001 (Cth) with its principal office at Canberra, Australian Capital Territory, Australia, is committed to safeguarding your privacy. This Privacy Policy ("Policy") outlines how we collect, use, disclose, store, and protect your personal information when you use the uNepal mobile application ("App"), a social networking platform designed primarily for Nepalese individuals residing in Australia. By downloading, installing, accessing, or using the App, you consent to the data practices described herein, in compliance with the Privacy Act 1988 (Cth) and applicable Australian Privacy Principles (APPs). If you do not agree with this Policy, you must immediately cease using the App.

1. Scope and Application

1.1. Purpose: This Policy governs the handling of personal information collected through your use of the App, including all features such as profiles, posts, Circles, Pages, messaging, ratings, and notifications.

1.2. Definition of Personal Information: Under the Privacy Act 1988 (Cth), "personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not. This includes data such as your name, email address, and profile details.

1.3. Ancillary Policies: This Policy is incorporated into our Terms and Conditions, Community Guidelines, and Rewards Policy, accessible within the App or by request at unitednepalaustralia@gmail.com.

1.4. Updates: We may revise this Policy at our discretion. Material changes will be notified via in-app alerts, email to your registered address, or posting within the App. Your continued use after such notice constitutes acceptance of the revised Policy.

2. Information We Collect

We collect various types of information to provide and enhance the App’s services. This includes:

2.1. Personal Information Provided by You

  • Registration Data: Email address, phone number, first name, last name, required to create an account.
  • Profile Data: Profile image, optional biographical details (e.g., bio, interests), and any other information you voluntarily add to your profile.
  • Contact Preferences: Notification settings or communication preferences you configure.

2.2. User Content

  • Text, images, videos, or other materials you upload or create, including posts, messages, comments, and ratings submitted to profiles, Circles, or Pages.
  • Metadata associated with User Content (e.g., timestamps, privacy settings).

2.3. Automatically Collected Information

  • Device Information: Device type, operating system (e.g., iOS, Android), model, unique device identifiers (e.g., UDID, IMEI), and hardware specifications.
  • Network Data: IP address, mobile network information, and connection status.
  • Usage Data: Interactions with the App (e.g., pages viewed, buttons clicked, time spent), session duration, and feature usage statistics.

2.4. Firebase-Related Data

  • Authentication Data: Tokens or identifiers generated by Firebase Authentication to verify your identity.
  • Messaging Data: Push notification preferences and delivery logs managed by Firebase Cloud Messaging (FCM).
  • Analytics Data: Aggregated or anonymized data collected via Firebase Analytics (e.g., event tracking, crash reports).

2.5. Future Data Collection

  • If payments or subscriptions are introduced, we may collect billing information (e.g., credit card number, billing address, transaction history).
  • Additional data types will be specified in an updated Policy prior to collection.

3. How We Collect Information

3.1. Direct Collection: Provided by you during account registration, profile setup, content creation, or interactions with support (e.g., emails to unitednepalaustralia@gmail.com).

3.2. Automated Collection: Gathered via the App’s integration with Firebase services and device sensors during normal operation. Examples include logging your IP address upon login or tracking feature usage via Firebase Analytics.

3.3. Third-Party Sources: Received from Firebase (Google LLC) as part of authentication, messaging, or analytics processes. Potentially from other users (e.g., if they tag you in a post or message you), subject to your privacy settings.

3.4. Consent: By using the App, you consent to the collection methods described herein. Where required by the Privacy Act 1988 (Cth) (e.g., sensitive information), we will seek your express consent.

4. How We Use Your Information

We use your information for the following purposes, consistent with APP 6 (Use or Disclosure of Personal Information):

  • Service Delivery: To enable core functionalities, such as creating and displaying profiles, posting content, joining Circles or Pages, sending messages, and submitting ratings. To authenticate your identity and secure your account via Firebase Authentication.
  • Personalization: To tailor content, notifications, and recommendations to your preferences and the Nepalese Australian community’s interests. To adjust visibility of your profile or posts based on your privacy settings ("Only Me," "Friends," "Public").
  • Communication: To send you operational notices (e.g., account verification, password resets). To provide customer support responses or App updates via email or push notifications. To deliver promotional messages (e.g., about new features), with an opt-out option where required by the Spam Act 2003 (Cth).
  • Security and Compliance: To prevent fraud, abuse, or unauthorized access using Firebase App Check and other security measures. To comply with legal obligations (e.g., responding to law enforcement requests under the Privacy Act 1988).
  • Analytics and Improvement: To analyze usage patterns, troubleshoot technical issues, and enhance App performance using Firebase Analytics. To conduct research and development for new features or services.
  • Future Uses: If payments or subscriptions are implemented, to process transactions, manage billing, and provide premium features. Additional uses will be disclosed and consented to as required by law.

5. How We Disclose Your Information

We may disclose your information under the following circumstances, per APP 6:

5.1. With Other Users

  • Profile and Content: Your name, profile image, posts, ratings, and comments are visible to other users based on your privacy settings.
  • Messages: Private messages are shared with intended recipients and stored in Firebase.
  • Public Interactions: Content in public Circles, Pages, or posts marked "Public" is accessible to all users.

5.2. Service Providers

  • Firebase (Google LLC): Processes data for authentication, storage, messaging, and analytics, subject to Google’s privacy policy (available at firebase.google.com/terms).
  • Future Providers: Payment processors (e.g., Stripe, PayPal) or additional analytics services may access data under their own terms, disclosed prior to implementation.

5.3. Legal and Safety Purposes

  • To comply with Australian law, court orders, subpoenas, or warrants (e.g., under the Telecommunications (Interception and Access) Act 1979).
  • To protect our rights, property, or safety, or that of our users or the public (e.g., reporting threats to authorities).
  • To enforce our Terms and Conditions or Community Guidelines (e.g., investigating abuse).

5.4. Business Transfers

In the event of a merger, acquisition, restructuring, or sale of uNepal Australia Pvt Ltd, your information may be transferred to a successor entity, with notice provided via email or in-app notification.

5.5. Aggregated Data

We may share anonymized or aggregated data (e.g., usage statistics) with third parties for research, marketing, or operational purposes, ensuring it cannot identify you.

5.6. Consent

We will not disclose your personal information beyond these purposes without your express consent, except where permitted by law.

6. Cookies and Tracking Technologies

6.1. Current Practices: As a mobile app, we do not use traditional browser cookies. However, Firebase Analytics collects equivalent tracking data, including device identifiers (e.g., UDID, advertising ID), usage events (e.g., feature clicks, session duration), and crash logs and performance metrics. This data serves purposes akin to cookies (e.g., personalization, analytics) but is native to mobile environments.

6.2. Purpose: To monitor App performance, diagnose errors, and optimize user experience. To deliver targeted notifications via Firebase Cloud Messaging.

6.3. Future Use: If we introduce a web version or cookies, we will comply with the Australian Privacy Act 1988 and Spam Act 2003 (Cth), providing notice and consent options (e.g., a cookie banner). Any such change will be detailed in an updated Policy.

6.4. Control: You may limit tracking by disabling Firebase Analytics in App settings (where available) or device privacy controls (e.g., resetting advertising ID). Opting out of push notifications via device settings. Note: Disabling tracking may reduce functionality (e.g., personalized content).

6.5. Transparency: We do not currently support "Do Not Track" signals, as they are not applicable to mobile apps, but we will evaluate this for future web integrations.

7. Data Storage and Security

7.1. Storage Location: Your data is stored in Firebase’s cloud infrastructure, primarily hosted in data centers in the United States, with potential replication to other regions per Google’s operational policies. Local caching may occur on your device for offline functionality, subject to device security.

7.2. Security Measures: We implement industry-standard safeguards, including encryption in transit (e.g., HTTPS/TLS) and at rest (where supported by Firebase), Firebase Authentication and App Check to verify identity and prevent unauthorized access, and access controls restricting data to authorized personnel only. Despite these measures, no system is entirely secure, and we cannot guarantee absolute protection against breaches, hacking, or data loss.

7.3. Retention: Personal information and User Content are retained as long as your account remains active or is necessary to provide services. Upon account deletion, data is removed from active systems within 30 days, though backups may persist for up to 90 days for recovery or compliance purposes. We may retain data longer if required by Australian law (e.g., tax records under the Taxation Administration Act 1953).

7.4. Risk Acknowledgment: You accept inherent risks in data transmission over the internet and storage in cloud systems, releasing us from liability for breaches not caused by our negligence.

7.5. Incident Response: In the event of a data breach involving personal information, we will assess the breach per the Notifiable Data Breaches scheme under the Privacy Act 1988. Notify you and the Office of the Australian Information Commissioner (OAIC) if there is a risk of serious harm, as required by law.

8. Your Rights and Choices

Under the Privacy Act 1988 (Cth) and APPs, you have certain rights regarding your personal information:

  • Access: You may request access to the personal information we hold about you by emailing unitednepalaustralia@gmail.com with “Privacy Access Request” in the subject line. We will respond within 30 days, providing a copy or summary unless an exemption applies (e.g., unreasonable impact on others’ privacy).
  • Correction: If your information is inaccurate, incomplete, or outdated, request correction via the same email process. We will update it within 30 days unless we reasonably refuse (e.g., if unverifiable), notifying you of the decision.
  • Privacy Settings: Adjust visibility of your profile, posts, and ratings within the App (e.g., "Only Me," "Friends," "Public"). Changes take effect immediately but may not retroactively alter data already shared.
  • Notifications: Opt out of push notifications via device settings or App preferences, though critical alerts (e.g., security warnings) may persist. Promotional emails include an unsubscribe option per the Spam Act 2003 (Cth).
  • Account Deletion: Request deletion of your account and associated data by emailing unitednepalaustralia@gmail.com with “Account Deletion Request.” Deletion occurs within 30 days, though residual data (e.g., messages sent to others, logs required by law) may remain.
  • Complaints: If you believe we have mishandled your information, submit a complaint to unitednepalaustralia@gmail.com. We will investigate and respond within 30 days. If unsatisfied, you may escalate to the OAIC (www.oaic.gov.au).
  • Anonymity and Pseudonymity: Per APP 2, you may interact anonymously or pseudonymously where practicable (e.g., browsing public content), but account creation requires identifiable information.

9. Children’s Privacy

9.1. Age Restriction: The App is not intended for users under 13 years of age, per our Terms and Conditions.

9.2. Parental Consent: Users aged 13-17 require verifiable parental consent, submitted to unitednepalaustralia@gmail.com, to comply with the Privacy Act 1988.

9.3. Protection: We do not knowingly collect personal information from children under 13 without consent. If we discover such data, we will delete it promptly and terminate the account, notifying the parent/guardian where possible.

9.4. Reporting: Contact us if you suspect unauthorized use by a minor.

10. International Data Transfers

10.1. Transfer Locations: Your data is transferred to and processed in the United States via Firebase servers, and potentially other jurisdictions depending on Google’s infrastructure. Local device storage may occur within Australia or your country of residence.

10.2. Legal Framework: Transfers comply with APP 8 (Cross-Border Disclosure), ensuring reasonable steps are taken to protect your data (e.g., contractual safeguards with Google). You consent to this transfer as a condition of App use, acknowledging that overseas recipients may not be subject to identical privacy laws.

10.3. Risk: You accept that data stored outside Australia may be subject to foreign legal access (e.g., U.S. law enforcement), beyond our control.

11. Future Payments and Subscriptions

11.1. Current Status: As of March 28, 2025, we do not collect payment or billing information, as the App is free.

11.2. Anticipated Collection: If payments or subscriptions are introduced (e.g., for premium features), we may collect credit/debit card details, billing address, and transaction history, and payment processor tokens (e.g., from Stripe). This data will be secured per the Payment Card Industry Data Security Standard (PCI-DSS) and the Australian Consumer Law.

11.3. Notice and Consent: We will update this Policy and obtain your express consent before collecting payment data, detailing its use and disclosure. Opting into paid features will be voluntary, with clear terms provided.

12. Data Breach Notification

12.1. Obligation: Under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988), we will notify you and the OAIC if a breach is likely to result in serious harm (e.g., identity theft, financial loss).

12.2. Process: We will assess breaches within 30 days of discovery. Notification will include the nature of the breach, affected data, and recommended actions (e.g., changing passwords). Contact will be via email or in-app alert unless impractical.

12.3. Mitigation: We will take reasonable steps to contain and remediate breaches, though we are not liable for harm not caused by our negligence.

13. Changes to This Policy

13.1. Revision Process: We may update this Policy to reflect changes in law, technology, or our practices. Minor changes (e.g., clarifications) will be posted in the App without direct notice. Material changes (e.g., new data uses) will be communicated via email to your registered address and in-app notification at least 7 days before taking effect.

13.2. Acceptance: Continued use of the App after notification constitutes acceptance of the revised Policy. If you reject changes, you must delete your account and cease use.

13.3. Historical Versions: Previous versions are available upon request for comparison.

14. Contact Us

For privacy inquiries, requests, or complaints:

Email: unitednepalaustralia@gmail.com (include “Privacy Request” in the subject line for priority handling)
Address: uNepal Australia Pvt Ltd, Canberra, Australian Capital Territory, Australia
Response Time: We aim to respond within 30 days, per APP 1.5, though complex matters may require additional time.
External Oversight: If unresolved, contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992.

15. Additional Information

15.1. Legal Compliance: This Policy adheres to the Privacy Act 1988 (Cth), APPs, Spam Act 2003 (Cth), and other relevant Australian laws.

15.2. Transparency: We strive for openness in our data practices, per APP 1, and welcome your feedback on improving this Policy.

15.3. Language: This Policy is provided in English, which is the authoritative version. Translations, if offered, are for convenience only.