WatchSales

Privacy Policy

About this Privacy Policy

This Privacy Policy explains how WATCHSALES PTY LTD (ABN to be displayed in-app), trading as watchsales (“watchsales”, “we”, “us”, “our”), handles personal information when you use watchsales.com.au, our mobile apps, emails and related services (the “Platform”). We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using the Platform, you agree to the practices described here. If you do not agree, please do not use the Platform.

Personal information we collect

We only collect information that is reasonably necessary to provide and improve the Platform. Categories include:

  • Account & identity Email, password (hashed), display name, username, profile photo, date you confirmed you are 18+, account type (individual or dealer).
  • Dealer information For dealer accounts: Australian Business Number (ABN), trading name, entity name, business address, GST status and ABR verification result.
  • Listing content Watch details, photos, prices, location (state/region), descriptions and any voluntary information you add to a listing.
  • Communications Messages and offers exchanged with other users on the Platform, attachments you send, and support enquiries.
  • Verification & contact Phone number (if you choose to verify), verification status, and SMS/push notification tokens.
  • Payment information For listing fees and add-ons, Stripe collects your card details directly. We only receive a payment reference, last 4 digits, brand and status — we never see or store full card numbers.
  • Device & usage data IP address (hashed where practical), device type, operating system, app version, browser, language, pages and listings viewed, search queries, referring URL, crash logs and approximate location derived from IP.
  • Cookies & similar technologies See “Cookies and similar technologies” below.
  • Information from third parties Australian Business Register (for ABN validation), authentication providers (e.g. Apple, Google) if you sign in with them, and information you choose to share via social sharing features.

You are not required to give us most of this information, but if you do not, certain features (such as creating a listing, messaging or paying for a listing tier) will not be available.

How we use your information

We use personal information for the following purposes:

  • Create and manage your account, verify your age (18+) and, for dealers, verify your ABN.
  • Display your listings, profile and ratings to other users on the Platform and on search engines.
  • Enable messaging, offers and offline meet-ups between buyers and sellers.
  • Process listing fees, add-on purchases and dealer bundles via Stripe.
  • Send transactional notifications (offers, messages, listing status, receipts) by email, push and — if you opt in — SMS.
  • Send marketing emails about new features, similar listings and saved searches. You can opt out at any time from any email or in your account settings.
  • Detect and prevent fraud, scams, counterfeit listings, harassment, underage use and other breaches of our Terms of Service.
  • Improve, secure and analyse the Platform, including aggregated and de-identified analytics.
  • Comply with our legal obligations and respond to lawful requests from regulators and law enforcement.

Photos, serial numbers and image processing

Photos you upload are processed on our servers to optimise quality, generate thumbnails and automatically blur visible serial numbers before they are shown publicly. Original (unblurred) images are stored in a private bucket that is never publicly accessible and is automatically deleted shortly after a listing is sold or expires (typically within 30 days). Processed images are served via short-lived signed URLs and are deleted between 30 and 90 days after the listing is sold, expires or is removed. Do not upload photos that contain other people, identity documents or other sensitive content.

When we share information

watchsales does not sell your personal information. We share it only as described below:

  • Other users Your username, display name (or trading name for dealers), avatar, profile bio, listings, ratings, reviews and the messages/offers you send are visible to relevant other users of the Platform.
  • Service providers (sub-processors) We use trusted vendors to operate the Platform — see the sub-processors list below.
  • Payment partners Stripe processes all card payments. Stripe handles your payment information under its own privacy policy.
  • Professional advisers Lawyers, accountants and auditors bound by confidentiality.
  • Authorities Police, regulators, the Australian Information Commissioner or courts where required by law, where we believe in good faith it is necessary to prevent harm or fraud, or to enforce our Terms.
  • Business transfers If watchsales is sold, merged or restructured, your information may be transferred to the new owner under equivalent privacy obligations.

International transfers

watchsales is operated from Australia, but some of our sub-processors store or process data overseas, including the United States and the European Union. By using the Platform you consent to your information being transferred to and processed in those countries. We take reasonable steps to ensure overseas recipients handle your information in line with the Australian Privacy Principles, including via contractual safeguards.

Sub-processors we currently use

The main service providers that process personal information on our behalf are:

  • Supabase Database, authentication, file storage and realtime messaging (data hosted in Sydney/Singapore).
  • Stripe Payment processing for listing fees and add-ons (United States / Australia).
  • Resend Transactional and marketing email delivery (United States / European Union).
  • Customer.io Lifecycle email and notification orchestration (United States).
  • OneSignal Mobile and web push notification delivery (United States).
  • Twilio SMS delivery and phone number verification, where you opt in (United States / Australia).
  • Google (Gemini) On-demand AI assistance for listing copy and image enhancements you request (United States).
  • Cloudflare Content delivery, DDoS protection and DNS.
  • Apple & Google App distribution, sign-in, and crash reporting on iOS and Android.
  • Sentry Error and performance monitoring (United States / European Union). Stack traces, device metadata and a hashed user identifier are sent so we can diagnose crashes and broken flows.

This list may change over time. We will update this page when we add or remove material sub-processors.

Marketing, notifications and your choices

You control how we contact you:

  • Marketing emails Opt out via the unsubscribe link in any email or in Account Settings → Notifications.
  • Push notifications Turn off in your device settings or in Account Settings.
  • SMS Opt in only; reply STOP to any SMS to opt out.
  • Transactional messages Security alerts, offer activity, listing status, receipts and legal notices cannot be turned off while you have an account, as they are necessary to operate the Platform.

Cookies and similar technologies

We use a small number of cookies and local storage entries to keep you signed in, remember your preferences (such as dismissed safety banners and saved searches), measure how the Platform is used, and protect against fraud and abuse. We do not use third-party advertising or cross-site tracking cookies. You can clear cookies and local storage at any time from your browser or by reinstalling the app, but doing so will sign you out and may reset preferences.

How long we keep your information

We keep personal information only as long as we need it for the purposes set out above, then delete or de-identify it. Indicative retention periods:

  • Account profile For as long as your account is active, then up to 12 months after deletion to handle disputes, fraud and legal obligations.
  • Active listings For the life of the listing.
  • Sold or expired listings Original images deleted within ~30 days; processed images and listing metadata kept for 30–90 days for buyer/seller reference, then deleted or de-identified.
  • Inactive drafts Deleted after 90 days of inactivity.
  • Messages & offers Kept for the life of the conversation. We may retain copies for a reasonable period after deletion to investigate reports and disputes.
  • Payment & tax records Up to 7 years to comply with Australian tax and consumer-law record-keeping requirements.
  • Moderation & safety logs Reports, blocks and audit events kept for up to 7 years to detect repeat offenders and respond to law-enforcement requests.

How we protect your information

We take security seriously and use multiple layers of protection, including:

  • Encryption in transit (HTTPS/TLS) for all communication with the Platform.
  • Encryption at rest for our managed database and file storage.
  • Row-Level Security policies so users can only access their own data.
  • Role-based access controls and audit logging for our administrators.
  • Automatic blurring of visible serial numbers in listing photos.
  • AI-assisted moderation of new images for prohibited content.
  • Time-limited signed URLs for image access; original images stored in a private bucket.

No system is perfectly secure. If we become aware of a data breach likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

Your rights under the Australian Privacy Principles

Subject to limited exceptions, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or out-of-date information.
  • Request deletion of your account and associated personal information.
  • Withdraw consent to optional processing (e.g. marketing, SMS, push).
  • Export the personal data you have provided in a portable format.
  • Make a complaint about how we have handled your information.

To exercise any of these rights, email privacy@watchsales.com.au from the address linked to your account. We will respond within 30 days. If you are not satisfied with our response, you can contact the OAIC at oaic.gov.au or 1300 363 992.

Children and minors

watchsales is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, contact safety@watchsales.com.au and we will investigate and, where appropriate, delete the account and associated personal information.

Off-platform meet-ups and transactions

All transactions on watchsales are completed offline between buyer and seller. When you choose to meet another user or share contact details, you do so at your own risk. We strongly recommend meeting in a busy public place, never sending money before inspecting the watch in person, and using the in-app Report and Block tools for any unsafe behaviour. watchsales is not a party to any sale and is not responsible for the conduct of users off the Platform.

Third-party links and integrations

The Platform may contain links to third-party websites (for example, Stripe checkout, brand reference pages or social networks). Those sites have their own privacy policies and we are not responsible for them. Please review their policies before providing personal information.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will always reflect the latest version. If changes are material — for example, new categories of personal information or new sub-processors — we will let you know by email or in-app notification before they take effect. Continued use of the Platform after the effective date means you accept the updated policy.

Contact us

For privacy questions, requests, complaints or to report a suspected data breach, contact our Privacy Officer:

  • Email privacy@watchsales.com.au
  • Safety reports safety@watchsales.com.au
  • Postal WATCHSALES PTY LTD, Privacy Officer, Australia

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.