Privacy Policy

1. About this policy

Vantage Bathrooms (“we”, “us”, “our”) operates vantagebathrooms.com.au. This policy describes how we collect, use, and handle your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This website is intended for customers located in Australia. All orders are for in-store pickup at our Victorian showrooms (Cranbourne, Hallam, Sale). We do not target individuals in the European Union or other international jurisdictions.

2. What we collect and store

Account information

When you create an account, we store your email, a password (hashed — we never see the plain text), and your name. Optionally, you can save a phone number on your profile. You can also sign in with Google, in which case Google provides us only your email, name, and avatar.

Orders

When you place an order, we store:

• Name, email, phone number
• Selected pickup location (Cranbourne, Hallam, or Sale)
• Billing address
• Your order contents (products, colours, sizes, quantities, prices)
• Your order status (paid, confirmed, processing, ready, collected, refunded)
• An order number (e.g. VB-A1B2C3)
• A generated PDF receipt

Payment data

Payments are processed by Stripe. We never see or store your full card number or CVC. After checkout, Stripe returns to us only these non-sensitive payment metadata fields, which we store to help you identify the order later:

• Card brand (e.g. Visa)
• Last 4 digits of the card
• Card funding type (credit/debit)
• A Stripe payment identifier (not a card number)
• A fraud risk score, generated by Stripe

Shopping cart and wishlist

Your cart is stored in your browser’s local storage while you shop anonymously. If you sign in, we also save it to our database so you can resume shopping on another device. Your wishlist (saved products) is stored in our database and linked to your account.

Abandoned checkout

If you start a checkout but don’t complete it, we temporarily keep the cart contents and your email for up to 7 days. We use this only to send you a single recovery email with a link to return to your cart. After the email is sent (or the record expires), the entry is discarded.

Email verification codes

For email signup and password resets, we send a 6-digit code to your email and store it for 10 minutes. After use or expiry, it’s marked invalid and deleted during routine cleanup.

Automatically collected

• IP address and approximate location
• Browser type, device type, operating system
• Pages visited, time on page, navigation patterns
• Referring site or search terms
• Products viewed, added to cart, purchased
• Click patterns and interactions with site features
• Session recordings of your browsing activity. All form inputs are masked (we do not record what you typed into checkout, signup, or any other form)
• Stack traces and surrounding context if the site throws an error (to diagnose bugs)

3. How we use this information

• To process and fulfil your orders, including sending purchase orders to product suppliers
• To email order confirmations, pickup-ready notifications, and receipts
• To restore an abandoned cart if you ask us to
• To respond to enquiries and provide support
• To verify your email address during signup or password reset
• To improve the website, products, and services based on usage patterns
• To detect and prevent fraud, abuse, or security issues

4. Third-party services we use

We share your data only with the providers we need to run the site. We do not sell, rent, or trade your personal information.

• Stripe — payment processing. Receives name, email, phone, billing address, and card details (processed on their servers, not ours).
• Resend — transactional email delivery. Receives name, email, and order details to render and send confirmations and receipts.
• Supabase — our database and authentication provider. Stores account, order, cart, and wishlist data.
• Cloudflare R2 — product image and receipt PDF storage.
• Vercel — website hosting and a scheduled job that sends abandoned-cart recovery emails.
• PostHog — privacy-aware website analytics and session recordings (with all inputs masked).
• Sentry — error monitoring. Receives stack traces and anonymised technical context when the site encounters an error.
• Google — optional sign-in (only if you choose Google sign-in), address autocomplete at checkout, and fonts.
• Product suppliers — the manufacturer of each product you order receives a purchase order with the items, your name, and your phone (for fulfilment coordination only).

5. Data storage and security

Data is stored in secure cloud services with industry-standard encryption in transit (HTTPS) and at rest. Passwords are one-way hashed; we cannot see them. Card numbers never touch our servers. Admin access to customer data requires a separate admin login and is restricted to Vantage staff.

Some of our providers (Stripe, Supabase, PostHog, Sentry, Vercel, Cloudflare, Resend) store data outside Australia — typically in the United States or European data centres. By using this site, you consent to the transfer of your data to these providers for the purposes described above.

6. How long we keep data

• Order records: kept indefinitely for tax, accounting, and warranty purposes.
• Account data: kept until you delete your account.
• Abandoned checkouts: up to 7 days, then deleted.
• Email verification codes: 10 minutes, then invalidated.
• Analytics and session recordings: retained by PostHog per their default retention (rolling 7-year window) — we do not fetch or keep additional copies.
• Error traces: retained by Sentry per their default retention (typically 90 days).

7. Your rights

Under the Australian Privacy Act 1988, you can:

• Request a copy of the personal information we hold about you
• Ask us to correct inaccurate information
• Ask us to delete your account and associated data (orders may be retained for legal/tax reasons)
• Opt out of analytics collection — email us and we’ll add you to the exclusion list
• Lodge a complaint about how we handle your personal information

To exercise any of these rights, email info@vantagebathrooms.com.au.

8. Cookies and local storage

We use the following cookies and browser storage:

• Cart — keeps your cart contents between visits while you’re signed out.
• Auth session — keeps you signed in after you log in.
• PostHog session — identifies you across pages for analytics.
• Admin session — only set if you log in to the admin area at /manage.

These are essential for the site to work. You can disable or clear them in your browser at any time, but some features (like staying signed in or keeping items in your cart) will stop working.

9. Children’s privacy

This site is not directed at children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with information, contact us and we’ll remove it.

10. Changes to this policy

We may update this policy from time to time. Material changes will be posted here with a new “Last updated” date. Continued use of the site after changes means you accept the updated policy.

11. Contact

For any privacy questions, corrections, or deletion requests:

If you’re not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.