Legal

Privacy policy.

How Follow The Market Pty Ltd collects, uses, and protects your information under the Australian Privacy Act 1988.

01 — Overview

About this policy

Follow The Market Pty Ltd operates followthemarket.com.au and the price-intelligence SaaS at /app. We are an Australian company subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains, in plain English, what we collect, why we collect it, where it lives, and the rights you have over it.

This policy applies to the public marketing site, the authenticated application, and the supporting indexer that reads public competitor pages on your behalf. If you only use the marketing site (e.g. to read a blog post), most of this policy doesn’t apply — only the cookies section does.

02 — Inputs

What we collect

We collect the minimum needed to deliver the service. Concretely, that means:

  • Account information. Your name, work email address, and role or title. Set during sign-up or by an inviting tenant admin.
  • Catalogue data you upload. SKUs, your retail prices, your costs, brand, category, tags, images, and any notes you add to a product.
  • Competitor URLs you configure. The product pages on competitor sites you’ve told us to watch on your behalf.
  • Public competitor prices. Prices, sale prices, and stock signals our indexer reads from those public pages, with a timestamped screenshot as evidence.
  • Usage telemetry. Anonymised page views via Google Analytics 4, and error reports if something breaks inside the app.
  • Billing details. Handled by our payment provider — we never see or store full card numbers, only the last four digits and an opaque customer identifier.

03 — Purpose

How we use it

We use your information to operate the product you’re paying us for — nothing more. That covers:

  • Providing the service you signed up for.
  • Sending transactional emails — digests, invitations, password resets, billing receipts.
  • Responding to support requests you raise.
  • Improving the product (aggregated, anonymised usage patterns — not your individual catalogue).

We explicitly do not sell your data to third parties, use it to train third-party AI models, use it to build profile-based advertising audiences, or use it to construct shadow profiles of your business or your customers.

04 — Vendors

Sub-processors

We rely on a small, audited set of trusted vendors to operate the platform:

  • Anthropic — used selectively for AI matching and reasoning over catalogue data.
  • Resend / AWS SES — transactional email delivery.
  • A major cloud provider — hosting, compute, object storage, and managed Postgres.
  • Stripe — subscription billing and payment processing.

Each tenant’s catalogue, repositions, and history are isolated inside our database. There is no cross-tenant access mechanism exposed in the product — staff access is scoped, logged, and reserved for support tickets you raise.

05 — Location

Where it’s stored

We prefer Australian-region cloud infrastructure for primary storage and compute. Where a sub-processor operates only outside Australia (for example, Anthropic in the United States), data may transit or be processed offshore strictly to deliver the feature that requires it.

All data is encrypted in transit (TLS 1.2 or higher) and at rest. Backups are encrypted with separate keys and retained per the schedule in section 8.

06 — Tracking

Cookies and tracking

On the public marketing site we use Google Analytics 4 in a privacy-conscious configuration: anonymize_ip on, Google Signals off, ad personalization off, no remarketing audiences. We do not load advertising trackers, retargeting pixels, or third-party fingerprinting scripts.

Inside /app we set a first-party session cookie to keep you logged in. That cookie is essential to the service and is not used for analytics or advertising.

07 — Your rights

Your rights under the Privacy Act 1988

Under the APPs you can request access to the personal information we hold about you, ask us to correct it if it’s wrong, or ask us to delete it. Email privacy@followthemarket.com.au and we will respond within 30 days. If you’re not satisfied with our response, you can escalate to the Office of the Australian Information Commissioner (OAIC).

08 — Retention

Data retention

While your account is active we keep your data so the product works. After a paid subscription is cancelled we retain your catalogue and reposition history for 30 days in case you change your mind, then purge it from primary storage. Encrypted backups age out on a rolling 90-day window.

Google Analytics 4 retention is set to 14 months. We may retain fully anonymised aggregates (e.g. “X% of repositions were accepted”) indefinitely for product analytics and capacity planning.

09 — Security

Security

Passwords are hashed with argon2 — we never store them in plaintext and cannot recover them. API keys and stored credentials are encrypted with AES via our internal crypto module. Every authenticated API endpoint is auth-gated and rate-limited. Administrative actions are written to an immutable audit log.

If you become aware of a vulnerability, please email security@followthemarket.com.au rather than disclosing it publicly — we’ll respond promptly.

10 — Updates

Changes to this policy

We may update this policy as the product evolves. Where a change is material — for example, adding a new sub-processor that handles personal information, or broadening how we use data — we will email the address on your account at least 30 days before the change takes effect. Trivial wording fixes are made silently with a refreshed “last updated” date.

11 — Contact

Contact

Privacy questions: privacy@followthemarket.com.au.

General enquiries: hello@followthemarket.com.au.

By post: Follow The Market Pty Ltd, Australia (registered address available on request). See also our Terms of service.

Got a privacy question we haven’t answered?

We answer privacy enquiries within 30 days — usually within a couple of business days.

Email privacy@followthemarket.com.au →