Version: 1.2
Last updated: 12 May 2026
This Privacy Policy explains how RIFY PTY LTD ("Rify®", "we", "us", or "our") collects, uses, stores, and protects your information when you use the Rify® mobile application ("App").
By using the App, you confirm that you meet the minimum age requirement applicable to your jurisdiction (see Section 12) and you consent to the practices described in this Privacy Policy. When we make material changes to this Policy, we will notify you within the App and may require your re-acceptance before you can continue using the App.
We collect the following categories of information when you use the App:
| Data | How It Is Collected | Purpose |
|---|---|---|
| Email address | Provided by you at sign-up | Account authentication; account recovery |
| Username | Auto-generated by Rify at sign-up — not your real name | In-app identity; displayed on your profile |
| Profile picture | Optionally uploaded by you | Displayed on your profile |
| Date of birth | Provided by you at sign-up | Age verification only (see Section 5.2) |
| Device UUID | Collected automatically from your device at sign-up (iOS identifierForVendor) | Account integrity and fraud prevention |
| Legal consent records | Recorded automatically when you accept our Terms or this Policy | Compliance with legal record-keeping obligations; evidence of consent |
Each time you open the App, we automatically record the following to your account:
| Data | Purpose |
|---|---|
| Last active timestamp | Session activity tracking; user engagement analytics |
| App version | Compatibility checks; support and debugging |
| Device model and operating system version | Compatibility and crash analysis |
| Push notification token (FCM token) | Delivery of push notifications to your device (see Section 4) |
| Timezone | Computed once at sign-up from your GPS location using time zone lookup. Stored to ensure content and timestamps are displayed in your local time. |
Precise GPS coordinates are collected during your active use of the App via iOS CoreLocation, subject to your permission. Location data is used to:
Your precise GPS coordinates are not persistently stored in your user profile beyond the timezone computation at sign-up. We do not sell or rent your location data.
For the map search feature, your search query and approximate location are transmitted to Apple's servers via MKLocalSearchCompleter and CLGeocoder (Apple's mapping and geocoding services). This transmission is governed by Apple's Privacy Policy.
When you submit content to the App, we collect and store:
The App does not access your device's photo library. All photo submissions must be captured in real time using your device camera.
We store in-app activity and engagement data, including:
This data has no monetary value and is used solely to operate the gamification features of the App. See Section 8 of our Terms and Conditions.
We collect the following for app performance and stability purposes:
Rify only permits photo uploads captured directly via your device camera in real time. The App does not access, scan, or upload images from your personal photo library.
Photos you submit are compressed, stored in Firebase Storage (operated by Google LLC), and associated with your content submissions. Photos submitted in response to a user request are visible to the user who posted that request.
Precise GPS location is required for the core features of the App, including displaying nearby content, computing your push notification zones, and attaching location metadata to content you submit.
You can choose to use the App without granting location permission, but core location-based features will not be available.
We do not collect background location (location while the App is not in use). Location is only accessed when you are actively using the App.
We do not sell or rent your location data to any third party.
The App uses Firebase Cloud Messaging (FCM) (a service provided by Google LLC) to send push notifications to your device. To enable this, your device's FCM token is stored in your account record in our database.
Your device subscribes to location-based notification topics derived from your approximate geohash location (a grid reference, not your exact coordinates). These subscriptions are stored on your device only and are used solely to determine which nearby-activity notifications are relevant to you.
You will be asked to grant notification permission when you first open the App. You can withdraw this permission at any time in two ways:
Withdrawing permission does not affect your ability to use the App.
Push notifications sent to your device may include the address and subject of nearby user requests or PSAs. Your precise location is never disclosed in notifications sent to other users.
We use your information to:
Your date of birth is collected at sign-up for the sole purpose of confirming you meet the minimum age requirement for your jurisdiction. It is stored securely and is not used for advertising, profiling, or any other purpose. It is not shared with third parties except where required by law.
The App displays advertisements via Google Mobile Ads (AdMob) (Google LLC). All ads are non-personalised and are not targeted using your personal data or browsing behaviour. Contextual information such as device type and general app context may be used by AdMob to serve relevant non-personalised ads.
Rify does not enable cross-app or cross-website tracking for advertising purposes. No advertising identifiers are shared with advertisers in connection with your identity or behaviour.
Apple's App Tracking Transparency (ATT) consent is not requested because we do not track you across apps or websites owned by other companies.
We use Firebase Analytics to understand how users engage with the App at an aggregate level, in order to improve features and performance. We use Firebase Crashlytics to identify and fix technical issues. Neither service is used for advertising or to profile you as an individual.
We do not send marketing emails. We may send transactional communications relating to your account (such as email verification or password reset) via Firebase Authentication.
We may use and disclose your information to comply with applicable law, respond to lawful requests from authorities, protect the safety of our users, enforce our Terms and Conditions, and protect the rights and property of Rify.
If you are located in the European Economic Area or the United Kingdom, the following legal bases apply to our processing of your personal data under the General Data Protection Regulation (GDPR) and UK GDPR:
| Processing Activity | Legal Basis |
|---|---|
| Creating and managing your account; providing App functionality | Performance of a contract (Art. 6(1)(b)) |
| Age verification using date of birth | Legal obligation (Art. 6(1)(c)); compliance with GDPR Art. 8 and applicable national age laws |
| Analytics and crash reporting | Legitimate interests (Art. 6(1)(f)) — to maintain, secure, and improve the App. We have assessed that this processing does not override your privacy interests. |
| Push notifications | Consent (Art. 6(1)(a)) — obtained via your device notification permission at first launch. You may withdraw consent at any time via device Settings. |
| Non-personalised advertising | Legitimate interests (Art. 6(1)(f)) — to sustain a free service. All ads are non-personalised and no behavioural tracking is used. |
| Fraud prevention, abuse detection, and content moderation | Legitimate interests (Art. 6(1)(f)) — to protect the safety and integrity of the App and its users. |
| Retaining legal consent records | Legal obligation (Art. 6(1)(c)) — to demonstrate compliance with applicable privacy law. |
| Responding to legal requests from authorities | Legal obligation (Art. 6(1)(c)) |
We engage third-party service providers to operate the App. These providers process your data on our behalf or as independent data controllers in accordance with their own privacy policies.
| Provider | Service | Data Processed | Privacy Policy |
|---|---|---|---|
| Google LLC | Firebase Authentication | Email address, authentication tokens | firebase.google.com/support/privacy |
| Google LLC | Firebase Firestore | User profiles, content, activity data | |
| Google LLC | Firebase Storage | Photos, profile pictures | |
| Google LLC | Firebase Cloud Functions | Request parameters, user ID | |
| Google LLC | Firebase Analytics | Anonymised in-app events (no PII) | |
| Google LLC | Firebase Crashlytics | User ID, device info, crash stack traces | |
| Google LLC | Firebase Cloud Messaging | FCM token, notification payloads | |
| Google LLC | Firebase App Check | App attestation token (no personal data) | |
| Google LLC | Google Mobile Ads (AdMob) | Device type, app context (NPA mode — no user tracking or behavioural targeting) | policies.google.com/privacy |
| Apple Inc. | CLGeocoder (reverse geocoding) | GPS coordinates transmitted to Apple servers for address lookup during PSA submission | apple.com/legal/privacy |
| Apple Inc. | MKLocalSearchCompleter (map search) | Search queries transmitted to Apple servers for location suggestions | |
| Apple Inc. | App Attest | Device attestation token (no personal data) | |
| MapLibre (open source) | MapLibre GL Native (map rendering) | No data transmitted externally | N/A |
| SDWebImage (open source) | Image loading and caching | No data transmitted externally | N/A |
We do not sell your personal information to any third party.
Rify may share anonymised, aggregated data derived from user location and interaction activity with commercial partners, including government bodies, tourism organisations, destination marketing organisations, research institutions, and other businesses. This sharing is for purposes including research, service improvement, and community intelligence.
Such data is aggregated and de-identified before sharing. No personally identifiable information — including your name, email address, account identifier, or precise location — is included in any data shared under these arrangements. You cannot be identified from such shared data.
Rify's backend Cloud Functions operate in the australia-southeast1 region (Sydney, Australia). However, other Firebase services — including Firestore, Storage, Analytics, Crashlytics, and Cloud Messaging — and Google AdMob may store or process your data on servers located in the United States and other countries, in accordance with Google's data processing terms.
Searches made using the App's map search feature are transmitted to Apple's servers, which may be located outside Australia.
Where your data is transferred outside Australia, we rely on Google's and Apple's own data transfer safeguards, including standard contractual clauses where applicable. For more information, please refer to Google's Firebase data processing terms and Apple's Privacy Policy.
Your data is stored using Firebase services operated by Google LLC. We implement reasonable technical and organisational measures to protect your information against unauthorised access, loss, destruction, or alteration. These measures include:
No method of transmission over the internet, and no method of electronic storage, is completely secure. We cannot guarantee absolute security of your data.
We retain your information for as long as is necessary to provide the App and comply with our legal obligations. The following periods apply:
| Data Category | Retention Period |
|---|---|
| Account data (email, username, profile picture) | Until account deletion, plus a reasonable processing period (typically up to 30 days) for the deletion to complete |
| Date of birth | For the duration of your account. Deleted or de-identified upon verified account deletion, unless retention is required by applicable law |
| Points ledger and tier history | Until account deletion, plus the processing period |
| User-submitted photos and content | Until removed by Rify or until account deletion, subject to moderation, safety, and legal hold requirements. Photos forming part of another user's request record may be retained until that request record is deleted. |
| Device and session data (last active, app version, device model) | Until account deletion |
| FCM push notification token | Maintained while your account is active; refreshed periodically by the FCM service |
| Analytics event data (Firebase Analytics) | Governed by Firebase Analytics retention settings (typically up to 14 months); anonymised and cannot be linked back to an individual after deletion |
| Crash report data (Firebase Crashlytics) | Typically 90 days (Firebase Crashlytics default); governed by Firebase's data retention policy |
| Legal consent records (timestamps and accepted versions) | Retained for a minimum of 7 years from the date of acceptance, to meet Australian record-keeping requirements |
You may request deletion of your account and associated data by using the in-app data deletion feature in the Settings tab, or by contacting us at support@rify.com.au. Once a deletion request is processed, a scheduled automated process will permanently remove your account data from our systems within a reasonable period. Certain data may be retained beyond this period where required by law or for legitimate safety or moderation purposes.
Where data has previously been shared with commercial partners in anonymised, aggregated form under the arrangements described in Section 8, such shared data is de-identified and does not constitute personal information. Individual deletion requests do not affect data that has already been shared in this form.
In accordance with the Online Safety Amendment (Social Media Minimum Age) Act 2024 (Cth), which came into force on 10 December 2025, users must be 16 years of age or older to create and hold an account on Rify in Australia.
We take reasonable steps to prevent users under 16 from creating or maintaining accounts, including:
We do not knowingly collect personal information from users under 16 in Australia. If you believe a person under 16 has created an account, please contact us at support@rify.com.au.
As Rify expands globally, we apply the minimum age requirement applicable in each country or region. The table below sets out the minimum age we apply in key jurisdictions.
| Country / Region | Minimum Age | Legal Basis |
|---|---|---|
| Australia | 16 | Online Safety Amendment (Social Media Minimum Age) Act 2024 (Cth) |
| European Union | 16 (or lower if member state has set 13–15) | GDPR Art. 8; member state implementation may vary |
| United Kingdom | 13 (with enhanced protections up to age 18) | UK GDPR Art. 8; Age Appropriate Design Code (Children's Code) |
| United States | 13 | COPPA; state laws may impose higher thresholds |
| Canada | 13 | PIPEDA and provincial equivalents |
| New Zealand | 13 | Privacy Act 2020 (NZ) |
| Singapore | 13 | Personal Data Protection Act 2012 (PDPA) |
| Malaysia | 18 | Personal Data Protection Act 2010; consent requires legal capacity |
| All other countries | 13 (default) | International baseline; local legal advice obtained prior to launch in each new market |
Regardless of jurisdiction, users who have not yet reached the age of majority in their country are not targeted with personalised or behavioural advertising. All advertising served within the App is non-personalised.
Your privacy rights depend on your jurisdiction. We will respond to rights requests within a reasonable timeframe. To exercise any of the rights below, contact us at support@rify.com.au.
Regardless of your location, you have the right to:
Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), you have the right to access and correct your personal information. To lodge a complaint:
If you are in the EEA or UK, you have the right to:
You also have the right to lodge a complaint with your national data protection authority.
If you are a California resident, you have the right to:
We may update this Privacy Policy from time to time to reflect changes in our practices, the App, or applicable law.
For minor or non-material changes, we will update the "Last updated" date at the top of this Policy. For material changes — those that significantly affect how we handle your personal information — we will notify you within the App and may require your express re-acceptance before you can continue using the App.
We encourage you to review this Policy periodically.
This Privacy Policy is governed by and construed in accordance with the laws of the Commonwealth of Australia. For disputes arising out of or relating to this Policy, you agree to submit to the jurisdiction of Australian courts, to the extent permitted by applicable local law in your jurisdiction.
If you have questions, concerns, or complaints regarding this Privacy Policy — including any matter relating to age verification, the handling of your date of birth, or the exercise of your privacy rights — contact us at:
Email: support@rify.com.au