Privacy Policy

PRIVACY POLICY – PNUTGO PTY LTD.

www.pnutgo.com.au

Effective date: 2nd December 2025

PNUTGO PTY LTD (ACN 689 632 273, ABN 15 689 632 273), a company registered in Victoria, Australia (“PNUTGO”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy (“Policy”) explains how we collect, use, disclose, and safeguard personal information in connection with the PnutGo mobile application (the “App”), the website www.pnutgo.com.au (the “Site”), and related services (collectively, the “Services”). The Services provide an augmented reality (AR) gaming experience involving real-world exploration, virtual character and animal collection, and future geocaching features.

We operate primarily under Australian law, including the Privacy Act 1988 (Cth) as amended by the Privacy and Other Legislation Amendment Act 2024 (“Privacy Act”) and the Australian Privacy Principles (“APPs”). This Policy is designed to comply with these requirements, as well as app store standards from Apple and Google, which mandate transparent data practices. 

For users in other jurisdictions, we incorporate elements of the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”) and other privacy laws if applicable, without over-committing to obligations beyond what is reasonably required.

If you do not agree with this Policy, please do not use the Services. By using the Services, you consent to our practices as described herein, subject to your rights under applicable law.

1. Scope and Application

This Policy applies to all personal information we collect through the Services, including from users aged 13 and above. It does not apply to anonymized or aggregated data that cannot identify you. For children under 13, we do not knowingly collect data (see Section 13). If you are a parent or guardian, you are responsible for supervising minors' use.

We may collect sensitive information (e.g., precise location) only where necessary for gameplay and with your consent. This Policy supplements our Terms of Service and any in-app notices.

2. Definitions

  • Personal Information: As defined under the Privacy Act, any information or opinion about an identified or reasonably identifiable individual (e.g., name, email, location data). Under GDPR, this is “personal data”; under CCPA, “personal information.”
  • Sensitive Information: Under the Privacy Act, includes health or biometric data; we do not collect this unless incidental to location (e.g., inferred activity levels).
  • Processing: Any operation on personal information, including collection, use, disclosure, or storage.
  • Controller: Under GDPR, PNUTGO is the data controller determining the purposes and means of processing.

3. Types of Personal Information We Collect

We collect the following categories, as required for the Services:

  • Account and Profile Data: Email address, username, age verification (to confirm 13+), and optional profile photo.
  • Location Data: Precise geolocation (GPS coordinates) to enable AR hunts and expeditions—essential for core functionality.
  • Device and Usage Data: Device ID, IP address, OS version, app interactions (e.g., collected items, session duration), crash logs.
  • Payment Data: Billing details for subscriptions (processed via Apple/Google; we do not store card numbers).
  • Gameplay Data: Progress, virtual items collected, social shares (e.g., friend invites).
  • Communications Data: Support queries or feedback submitted via email or in-app forms.
  • Analytics Data: Aggregated usage patterns via third-party tools (e.g., Firebase).

We do not collect sensitive categories like racial origin, political opinions, or health data, except where location implies physical activity (handled with care per APP 3).

4. How We Collect Personal Information

  • Directly from You: During account creation, subscriptions, or gameplay (e.g., granting location permissions).
  • Automatically: Via device sensors (location, motion) and app analytics when you interact with features.
  • From Third Parties: App stores for payment confirmation; analytics providers for aggregated insights.
  • Cookies and Similar Technologies: On the Site (see Section 16).

Collection is limited to what is reasonably necessary (APP 3). For location, we request “always” access but allow revocation, though this may disable features.

5. Purposes for Collecting, Using, and Disclosing Personal Information

We process personal information for:

  • Providing and improving the Services (e.g., enabling hunts, unlocking characters).
  • Personalizing experiences (e.g., tailored expeditions based on location history).
  • Processing payments and managing subscriptions.
  • Analytics and debugging (e.g., fixing crashes).
  • Communicating updates, promotions (with opt-out), or support responses.
  • Legal compliance (e.g., fraud prevention, breach reporting under APP 11A).
  • Marketing (aggregated only; direct with consent per APP 7).

Under GDPR, lawful bases include consent (location), contract performance (gameplay), and legitimate interests (analytics, balanced against your rights). We do not use data for unrelated purposes without notice.

6. Consent

We obtain consent where required (e.g., location via device prompts). Consent is voluntary and can be withdrawn via settings or email to contact@pnutgo.com.au, though this may limit Services. For sensitive information, explicit consent is sought. Under APP 6, we rely on implied consent for obvious purposes.

7. Sharing and Disclosure of Personal Information

We share data only as necessary:

  • Service Providers: Analytics (e.g., Google Analytics), hosting (e.g., AWS), payments (Apple/Google)—bound by contracts ensuring APP compliance.
  • Affiliates and Business Partners: None currently.
  • Legal Requirements: To regulators (e.g., OAIC for breaches), law enforcement, or in response to court orders.
  • Business Transfers: In mergers/acquisitions, with notice and safeguards.

No “sales” under CCPA (no monetary exchange for data). Disclosures are minimized (APP 6).


 | Category | Recipients | Purpose | Safeguards | Location/Gameplay | Analytics Providers (e.g., Firebase) | Improve features | Data processing agreements; pseudonymization
| Payments | App Stores | Billing | PCI DSS; no direct access by us
| Support Queries | Email Providers | Responses | Encryption

8. International Data Transfers

Data is stored in Australia primarily. Transfers to the US/EU (e.g., via Google) comply with APP 8: accountability measures like standard contractual clauses (SCCs). Australia’s GDPR adequacy supports EU flows, but we assess risks per Schrems II. For CCPA, transfers do not constitute sales.

9. Security of Personal Information

We take reasonable steps to protect data (APP 11, including new APP 11.3 from Dec 2024: enhanced security obligations). Measures include encryption (TLS 1.3), access controls, regular audits, and vulnerability testing. Breaches are notified to OAIC and affected individuals if eligible (Notifiable Data Breaches scheme). We cannot guarantee absolute security.

10. Data Retention and Destruction

Data is retained only as needed: gameplay data for 2 years post-account deletion; legal holds indefinitely. Deletion uses secure methods (e.g., overwriting). Requests for deletion are honored within 30 days, subject to backups (anonymized after 90 days).

11. Access, Correction, and Your Rights

Under the Privacy Act (APP 12-13), request access or correction via contact@pnutgo.com.au. We respond within 30 days, free unless unreasonable. Rights include complaint to OAIC.

12. Children's Privacy

We do not target children under 13 and delete any under-13 data discovered (COPPA compliant). For 13-16, enhanced protections per impending Children’s Online Privacy Code (2025). Parents: Contact us to review/delete minor data. No marketing to children.

13. Automated Decision-Making

Currently, no solely automated decisions with legal effects. If introduced (post-Dec 2026 per APP 1.7-1.9), we will provide transparency and human review options.

14. Third-Party Services and Links

Links to app stores or social media follow their policies. We are not responsible for third-party practices.

15. Cookies and Similar Technologies

The Site uses essential cookies for functionality and analytics (e.g., Google Analytics, anonymized IPs). Manage via browser settings. See our separate Cookie Policy for details.

16. Changes to This Privacy Policy

Material changes notified via email/in-app (30 days' advance). Continued use = acceptance.

17. Complaints and Enforcement

Complaints to contact@pnutgo.com.au; we investigate within 30 days. Escalate to OAIC (oaic.gov.au). Under 2024 amendments, statutory tort for serious invasions applies from June 2025— we aim to prevent such issues.

PNUTGO PTY LTD (ACN 689 632 273, ABN 15 689 632 273), a company registered in Victoria, Australia.

18. Jurisdiction-Specific Provisions

GDPR (EU/UK Users): We process as controller; rights include access, rectification, erasure, restriction, portability, objection (DSAR within 1 month). Lodge complaints with supervisory authority. Lawful basis: Consent for location; legitimate interests for analytics (DPIA conducted for high-risk processing). 

CCPA/CPRA (California Residents): Categories collected/disclosed as above. No sales/sharing for targeted ads. Rights: Know, delete, opt-out (via contact@pnutgo.com.au or “Do Not Sell My Personal Information” link). No financial incentives; non-discrimination. Verified requests within 45 days. Authorized agents accepted with proof.

Copyright © 2026 PnutGo