Legal

Privacy Policy

Last updated: 2 May 2026  ·  Effective: 2 May 2026

Summary: Epic Scout is an Australian business. We collect only the information we need to operate the platform, we do not sell your data, and we store it on Australian infrastructure. This policy explains what we collect, why, and your rights under the Privacy Act 1988 (Cth).

1. Who We Are

Epic Scout is operated by Epic Scout Pty Ltd (ACN pending), a company registered in Victoria, Australia. References to "we", "us", or "Epic Scout" in this policy mean Epic Scout Pty Ltd.

Contact: hello@theepic.shop

2. What Information We Collect

2.1 Account and Billing Information

When you create an account or start a free trial, we collect:

  • Name and email address
  • Organisation name
  • Password (stored as a bcrypt hash — we never store plain-text passwords)
  • Billing details (processed by Stripe — we do not store card numbers)
  • Subscription tier and status

2.2 Usage Data

We automatically collect information about how you use the platform:

  • Pages visited, features accessed, and actions taken in the dashboard
  • IP address and approximate location (city/country level)
  • Browser type, operating system, and device type
  • Referring URL
  • Date and time of access

2.3 Job Data You Configure

To deliver your job feed, we process configuration data you provide: keyword filters, location preferences, source board selections, scoring thresholds, and widget/digest settings. This configuration data is stored and used solely to operate your account.

2.4 White-Label Subscriber Data

If you use Epic Scout's embeddable widget or branded email digest feature, your end-users (subscribers) may provide their email address to receive alerts. This data is processed on your behalf as a data processor under the Privacy Act 1988. You are the data controller for your subscribers. You are responsible for obtaining appropriate consent from your subscribers before collecting their data.

2.5 Communications

If you contact us by email or through our support channels, we retain those communications to handle your inquiry.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your Epic Scout account
  • Process payments and manage your subscription via Stripe
  • Deliver the job feed, widget, and digest services you have configured
  • Send transactional emails (account confirmation, password reset, subscription receipts, trial expiry notices)
  • Respond to support requests
  • Monitor platform performance, detect errors, and prevent abuse
  • Comply with legal obligations

We do not use your information to run behavioural advertising or sell data to third parties.

4. Legal Basis for Processing

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), we rely on the following bases:

  • Contract: Processing necessary to provide the services you have subscribed to
  • Consent: Marketing communications (you can unsubscribe at any time)
  • Legitimate interests: Fraud prevention, platform security, and product improvement (balanced against your rights)
  • Legal obligation: Compliance with applicable Australian law

5. Cookies

We use a small number of cookies necessary to operate the platform:

  • Session cookie: Keeps you logged in. Expires when your browser closes or after 30 days of inactivity.
  • CSRF token cookie: Security token that prevents cross-site request forgery. Expires with your session.
  • Preference cookie: Stores UI settings such as your selected pricing toggle. Expires after 1 year.

We do not use advertising cookies, social tracking cookies, or third-party analytics cookies. Our internal analytics collect aggregate, anonymised metrics only.

Most browsers allow you to manage or delete cookies through their settings. Disabling session cookies will prevent you from logging in.

6. Data Sharing

We share your information only in the following limited circumstances:

6.1 Service Providers

We use trusted third-party providers who process data on our behalf:

  • Stripe: Payment processing. Stripe is PCI DSS compliant. Stripe Privacy Policy
  • Amazon Web Services (AWS) / Australian infrastructure providers: Hosting and database infrastructure located in Australia
  • Zoho Mail: Transactional email delivery

All providers are contractually bound to process your data only as instructed and to maintain appropriate security standards.

6.2 Legal Requirements

We may disclose your information if required by law, court order, or regulatory authority in Australia, or to protect the rights, property, or safety of Epic Scout, our users, or the public.

6.3 Business Transfers

If Epic Scout is acquired or merges with another entity, your information may be transferred as part of that transaction. We will notify you before any such transfer occurs and your data becomes subject to a different privacy policy.

7. International Transfers

Your data is stored and processed in Australia. If we use any service providers that process data outside Australia (for example, some email delivery infrastructure), we take steps to ensure equivalent privacy protections apply, consistent with Australian Privacy Principle 8.

8. Data Retention

  • Account data: Retained for the duration of your subscription and for 7 years after account closure (for tax and accounting purposes)
  • Usage logs: Retained for 12 months, then deleted or anonymised
  • Support communications: Retained for 2 years
  • Subscriber email addresses (white-label feature): Retained until you delete them from your account or close your account

You may request earlier deletion of your personal data — see Section 9 below.

9. Your Rights

Under the Privacy Act 1988 (Cth), you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Opt-out: Unsubscribe from marketing communications at any time
  • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, contact us at hello@theepic.shop. We will respond within 30 days. We may need to verify your identity before actioning a request.

10. Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • TLS encryption for all data in transit
  • Encrypted storage for sensitive fields
  • Bcrypt password hashing
  • Access controls limiting who can access production data
  • Regular security reviews

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we take our obligations seriously and will notify you promptly in the event of a data breach that is likely to result in serious harm, as required by the Notifiable Data Breaches scheme.

11. Children

Epic Scout is a B2B platform intended for business users aged 18 and over. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected such information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Your continued use of Epic Scout after a policy update constitutes acceptance of the revised terms.

13. Contact Us

For privacy-related enquiries, requests, or complaints:

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner: