Privacy Policy

ZimCollects is an Australian business and we handle personal information in line with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what we collect, what we do with it, who we share it with, and how you can access or correct it.

When you submit a card or place an order, we collect:

• Contact details — name, email address, phone number.
• Postal address (for return shipping or accessory orders).
• Payment details — handled by Stripe; we do not store full card numbers on our own servers.
• Bank or PayID details where you have asked to be paid for a buyback.
• Photos of the cards you submit, and any notes or messages you send us.
• Technical data — IP address, browser type, device, pages visited, and similar information automatically logged when you use the site.

• To generate quotes and process buyback submissions.
• To accept payment for shop orders and pay you for accepted submissions.
• To verify identity, prevent fraud, and authenticate cards.
• To respond to your questions and provide support.
• To send marketing emails — only if you have opted in. You can unsubscribe at any time.
• To meet our legal obligations (tax, anti-fraud, dispute records).

We use a small set of trusted third-party providers:

• Stripe — payment processing for shop orders.
• Resend — sending transactional and (opted-in) marketing emails.
• Vercel — website hosting and Vercel Blob for storing card photos.
• Supabase — our database and authentication backend.
• Australia Post — generating shipping labels and tracking parcels.
• OpenAI — used solely to read text (OCR) from card photos for identification. Photos sent for OCR are not used to train models.

We do not sell your personal information. We share it only as needed to deliver the service or where the law requires us to.

We keep transaction records for at least 7 years to meet Australian tax and consumer law requirements. Card photos are kept for the life of the submission and a reasonable period afterwards for dispute resolution. Marketing contact details are kept until you unsubscribe.

You have the right to:

• Request a copy of the personal information we hold about you.
• Ask us to correct anything that is inaccurate or out of date.
• Ask us to delete your personal information, subject to records we are required by law to keep.
• Withdraw marketing consent at any time.
• Make a privacy complaint to us first; if you are not satisfied with our response, you can escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

To exercise any of these rights, email us at hello@zimcollects.com.au. We aim to respond within 30 days.

We use HTTPS across the site, store data with reputable cloud providers, restrict internal access to those who need it, and review access regularly. No system is perfectly secure — if we ever become aware of a data breach that is likely to cause serious harm, we will notify affected people and the OAIC as required by the Notifiable Data Breaches scheme.

We use a small number of cookies to keep you signed in, remember basket contents, and measure aggregate usage. We don't run third-party advertising trackers. You can clear or block cookies in your browser, but parts of the site (sign-in, checkout) won't work without them.

Some of our service providers store data outside Australia (for example, Stripe and OpenAI in the United States, Vercel and Supabase in regions including the United States and the European Union). We rely on those providers' contractual and technical safeguards to protect your information.

Privacy queries: hello@zimcollects.com.au
ZimCollects, Melbourne, Australia.