Privacy Policy
Last updated 8 June 2026
This Privacy Policy describes how Sahajdeep Singh Narang trading as Airer (ABN 78 294 724 199) (“we”, “us”, or “our”) collects, uses, and shares your personal information when you use our mobile application and services. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
By using Airer you agree to the collection and use of information as described in this policy. If you have questions or complaints, contact us at airer.app@gmail.com.
1. Information We Collect
Information you provide directly:
- Name and email address
- Phone number (verified via OTP)
- Password (email/password accounts — stored as a secure hash, never in plaintext)
- Pickup and delivery addresses
- Special care instructions for garments
- Bag count submitted with an order
- Authentication data (when signing in with Google or Apple)
- Partners only: ABN, business name, bank account details (BSB and account number) for payout processing — encrypted at rest using Supabase Vault
Information collected automatically:
- GPS location and geolocation data (when you grant permission, used to find nearby partners and set pickup address). Your pickup coordinates are stored with the order record for operational purposes.
- Device information and push notification tokens (Apple APNs / Google FCM via Expo)
- Order history, order status logs, and service preferences
- Delivery fee and service fee metadata associated with each order
- App usage data for troubleshooting and service improvement
Information from third parties:
- If you sign in with Google or Apple, we receive your name and email address from those providers
- Payment confirmation metadata from Stripe (we do not receive or store raw card numbers)
2. How We Use Your Information
- To create and manage your account
- To process and fulfil your laundry orders
- To match you with nearby laundry partners
- To process payments via Stripe
- To process partner payouts to their nominated bank account
- To send order updates and service notifications via push notification
- To respond to support requests
- To improve our services and user experience
- To comply with legal and tax obligations (including ATO record-keeping requirements)
- To send marketing communications where you have provided separate consent (you can withdraw at any time)
3. Sharing Your Information
We share your information only as necessary to operate Airer:
- Stripe (USA) — payment processing. Raw card numbers and CVVs are handled directly by Stripe and are never stored on our servers. We may store a Stripe customer ID or payment method reference in our database solely to facilitate repeat orders — this is a token reference, not your card details. Stripe Privacy Policy
- Supabase (USA-incorporated; data hosted on AWS ap-southeast-2, Sydney) — secure cloud database and authentication. Your account, order, and encrypted bank detail data is stored in Australia on AWS infrastructure operated by Supabase, a US-based entity.
- Mapbox (USA) — address lookup and location services. Your address queries are sent to Mapbox to return results.
- Google (USA) — if you use Google Sign-In, authentication is handled via Google OAuth. Push notifications to Android devices are delivered via Google Firebase Cloud Messaging (FCM).
- Apple (USA) — if you use Apple Sign-In, authentication is handled via Apple OAuth. Push notifications to iOS devices are delivered via Apple Push Notification service (APNs).
- Expo / EAS (USA) — our mobile build and push notification delivery infrastructure is provided by Expo (Expo Application Services). Device push tokens may transit Expo’s servers to route notifications.
- Laundry Partners — your pickup address, name, phone number, special care instructions, bag count, and order details are shared with the partner assigned to your order so they can complete your service.
We do not sell your personal information to third parties. We do not share your data with advertisers.
4. Location Data
Airer requests access to your device’s location to help you set a pickup address and to find nearby laundry partners. Location access is optional — you can enter your address manually. You can revoke location permission at any time in your device settings. We do not share your precise GPS coordinates with third parties other than as needed to geocode your address (Mapbox).
5. Google API Services
Our use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
6. Overseas Disclosure of Personal Information
Under APP 8, we are required to tell you when we disclose personal information to overseas recipients. The following third-party service providers are incorporated or operate in the United States and may receive your personal information:
- Stripe, Inc. — payment processing
- Supabase, Inc. — cloud database and authentication (data stored in Sydney, AWS ap-southeast-2)
- Mapbox, Inc. — address geocoding
- Google LLC — authentication (OAuth) and push notifications (FCM)
- Apple Inc. — authentication (Sign in with Apple) and push notifications (APNs)
- Expo (650 Industries, Inc.) — mobile build and push notification infrastructure
Under APP 8.2, Airer remains accountable for the handling of your personal information by these overseas recipients as if the act or practice were our own. Before we disclose your information to an overseas recipient, we take reasonable steps to ensure that recipient will handle your information in a manner consistent with the APPs, including by relying on contractual protections (data processing agreements), certification to equivalent privacy frameworks (such as the EU-US Data Privacy Framework where applicable), and the recipients’ own published privacy policies and regulatory obligations. If you wish to raise a concern about an overseas transfer, contact us at airer.app@gmail.com.
7. Data Retention
We retain different categories of data for different periods:
- Account data — retained while your account is active and for 30 days after account deletion (to allow reactivation), then permanently deleted.
- Order and payment records — retained for 7 years from the date of the transaction to comply with ATO record-keeping requirements.
- Partner bank details — retained for 7 years from the date of the last payout to comply with financial record-keeping obligations, then permanently deleted from Supabase Vault.
- Push notification tokens — deleted immediately upon account deletion.
You may request deletion of your account at any time via the app’s profile settings or by contacting airer.app@gmail.com. Note that order and payment records required for legal compliance cannot be deleted before their retention period expires.
8. Data Security
We use industry-standard security measures including encrypted connections (HTTPS/TLS), secure authentication via Supabase, and tokenised payment processing via Stripe. Partner bank account details are encrypted at rest using Supabase Vault (libsodium). Row-level security policies restrict database access so that each user can only access their own data. No method of electronic transmission is 100% secure, but we take all reasonable steps to protect your information.
9. Data Breach Notification
We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). If we have reasonable grounds to believe an eligible data breach has occurred — meaning unauthorised access to or disclosure of personal information that is likely to result in serious harm to one or more individuals — we must:
- Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable after becoming aware of the breach;
- Notify affected individuals directly, providing a description of the breach, the kinds of information involved, and the steps we recommend they take in response.
Where it is not practicable to notify individuals directly (for example, because we do not have current contact details), we will publish a statement on our website and take other reasonable steps to bring it to the attention of the individuals concerned.
If you suspect your Airer account has been compromised, contact us immediately at airer.app@gmail.com. You may also report a privacy complaint directly to the OAIC at www.oaic.gov.au/privacy/privacy-complaints.
10. Children’s Privacy
Airer is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us at airer.app@gmail.com and we will delete the information promptly.
11. Your Rights
Under the Privacy Act 1988 (Cth) and the APPs, you have the right to:
- Access the personal information we hold about you (APP 12)
- Request correction of inaccurate or out-of-date information (APP 13)
- Request deletion of your account and data (subject to legal retention obligations)
- Opt out of marketing communications
- Not be identified or to use a pseudonym, where practicable
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au
To exercise any of these rights, contact us at airer.app@gmail.com or use the account settings in the app. We will respond to access and correction requests within 30 days of receipt, as required by APP 12.5. If we are unable to meet that timeframe, we will notify you and provide a revised estimate.
12. Marketing Communications
We will only send you commercial electronic messages (promotional emails or push notifications about new features and offers) if you have expressly opted in at account creation by ticking the separate marketing consent checkbox. Ticking the checkbox is entirely optional and will not affect your ability to use Airer. Your T&C and Privacy Policy acceptance does not constitute marketing consent.
You can withdraw your marketing consent at any time by adjusting your notification preferences in the app, clicking the unsubscribe link in any marketing email, or contacting us at airer.app@gmail.com. Withdrawal does not affect transactional notifications about orders you have placed.
13. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes — such as new categories of data collected, new overseas recipients, new purposes for using your data, or changes to your rights — we will provide at least 30 days’ notice by notifying you via the app or email before the change takes effect. We will seek fresh consent where the change relates to how we collect or use your personal information, rather than treating continued use of the app as consent. You may close your account if you do not accept a material change.
For minor, non-material changes (such as clarifications, corrections, or updated contact details), the updated date at the top of this page is sufficient notice.
14. Contact Us
For any privacy-related questions, requests, or complaints:
Sahajdeep Singh Narang trading as Airer
ABN 78 294 724 199
Brisbane, Queensland, Australia
Email: airer.app@gmail.com
If you are not satisfied with our response to a privacy complaint, you may contact the OAIC at www.oaic.gov.au/privacy/privacy-complaints.