Red-Point Red-Point

Privacy Policy

Last Updated July 04, 2025

1.0 Scope & Overview

This Privacy Policy explains how Alpha Outdoors Pty Ltd (“Alpha Outdoors,” “we,” “our,” “us”) collects, uses, discloses and safeguards information in connection with the Red-Point mobile application, websites, APIs, and related services (collectively, the “Services”).

By using the Services you agree to the practices described here and in the Terms of Use. If you do not agree, please uninstall the app and discontinue use.

2.0 Personal Information We Collect

Category Examples Purpose Legal basis (GDPR) Retention
Account & Contact Name, email, phone Account creation, support, service notices Contract; Legitimate interests Until account deletion + 30 days backups
Profile Avatar, bio Feature enablement, social display Contract; Legitimate interests Until user removes or account deleted
User-Generated Content Scanned wall models, route data, beta videos Feature enablement, social display Contract; Legitimate interests Indefinite (copies may persist after account deletion in accordance with the Terms of Use)
Payment Card token, transaction ID (processed by Stripe/Apple/Google) Subscription billing, refunds Subscription billing, refunds 7 years (financial recordkeeping)
Device & Usage Device ID, IP, OS, language, feature interactions Analytics, crash reporting, fraud prevention, product improvement Consent (where required); Legitimate interests 24 months aggregated; 180 days raw logs; indefinite in fully anonymised/aggregated form
Precise Location (GPS) Latitude/longitude while the app is open Display nearby crags, navigation, safety heat-maps Consent; Contract 24 hours (session); aggregated thereafter
Marketing Preferences Push, email opt-in status Send newsletters, promotions Consent Until opt-out

3.0 How We Collect Information

  • Directly from you when you register, upload content, complete forms, make purchases or contact support.
  • Automatically via SDKs and cookies when you use the Services (see Section 8).
  • From third-party sign-in providers (e.g., Apple ID, Google Sign-In) with your permission.

4.0 Why We Use Your Information

  • Provide & operate the Services and contractual features you request.
  • Process payments and verify subscriptions.
  • Analyse usage to improve performance, features and safety content.
  • Communicate about updates, security alerts and support.
  • Market new products (with your opt-in consent where required).
  • Detect, investigate and prevent fraud, abuse or violations of the Terms.
  • Comply with legal obligations (tax, accounting, law-enforcement requests).

5.0 Legal Bases (EEA/UK)

We rely on one or more of the following lawful bases: (i) performance of a contract; (ii) your explicit consent (which you may withdraw at any time); (iii) legitimate interests that are not overridden by your rights (e.g., analytics, fraud prevention); and (iv) compliance with legal obligations.

6.0 Disclosure to Third Parties

We share information only as needed for the purposes above:

  1. Service providers / processors – AWS (hosting), Firebase (analytics & crash), Mapbox (maps), Stripe (payments), Apple & Google (in-app billing), Mailchimp (email). Each is bound by contract to process data solely on our instructions.
  2. Other users – If you post UGC your profile name/avatar and contributed content may be visible to other climbers.
  3. Legal & safety – To courts, regulators, law-enforcement or lawyers when required by law or to protect rights, safety or property.
  4. Business transfers – In merger, acquisition or asset sale, subject to confidentiality.

We do not “sell” or “share” personal data for monetary consideration as defined under the California Consumer Privacy Act (CCPA/CPRA).

7.0 International Data Transfers

We are based in Australia but use service providers worldwide. When we transfer personal data outside the country of origin we rely on:

  • Standard Contractual Clauses approved by the European Commission/UK ICO;
  • Adequacy decisions; or
  • Article 49 GDPR derogations (performance of contract, explicit consent).

You may request a copy of relevant transfer safeguards by emailing support@red-point.com.au.

8.0 Cookies, SDKs & Tracking Technologies

We use first-party cookies and mobile SDKs (Firebase, Mapbox, Appsflyer, RevenueCat) to remember preferences, measure performance and diagnose issues. You can disable cookies in your browser or limit ad tracking / reset IDFA/GAID in device settings. Some functionality may break if tracking is disabled.

For iOS users we request App Tracking Transparency (ATT) consent before accessing the advertising identifier. We honour the “Limit Ad Tracking” and Do Not Sell/Share preferences where applicable.We also use Google Ads/Analytics and Meta Pixel cookies to measure the effectiveness of our marketing campaigns and show Red-Point ads on other sites. These trackers are loaded only after you grant consent where required.

9.0 Location Data

We process your precise GPS location only while the app is in use and with device-level permission. You can revoke permission at any time in your OS settings. We do not share precise location with advertisers and do not retain raw GPS logs beyond 24 hours.

10.0 Children’s Privacy

The Services are not directed to children under 13. We do not knowingly collect personal data from children. Users aged 13–17 may use the Services only with parental or guardian consent. Parents can request deletion of a minor’s data via support@red-point.com.au.

11.0 Data Retention

We keep personal data only as long as necessary for the purposes described or as required by law. Copies of user-generated content (UGC) may be retained and used indefinitely under the licence or assignment you grant us in the Terms of Use, even if you delete your account. Criteria include account status, legal obligations, dispute-resolution needs and system backups. When data is no longer needed, we securely delete or anonymise it. Anonymised analytics may be kept indefinitely.

12.0 Security Measures

We take reasonable steps—consistent with our size and the nature of the Services—to protect personal information from misuse, interference and unauthorised access. Current controls include:

  • Encryption in transit – All network traffic between the app, our APIs and databases is protected with TLS 1.2 or higher.
  • Encryption at rest – Databases and backups are encrypted with AES-256.
  • Regular off-site backups – Encrypted backups are taken daily and retained for disaster-recovery purposes.

Note — We are a small startup; therefore not all enterprise-grade controls (e.g., dedicated SOC, 24×7 monitoring, annual penetration testing) are in place yet. We continuously review and improve our security posture as we grow.

No system is 100% secure; transmission of data is at your own risk. If we become aware of a data breach that is likely to result in serious harm, we will notify affected users and regulators as required by applicable law.

13.0 Your Privacy Rights

Depending on your jurisdiction you may have rights to:

  • Access a copy of the personal data we hold;
  • Correct inaccurate or incomplete data;
  • Delete (erase) your data;
  • Port data to another controller;
  • Restrict or object to certain processing;
  • Opt-out of marketing or “sale/share” (CCPA);
  • Lodge a complaint with a supervisory authority (see Section 14).

We respond within 30 days (or the timeframe required by law). Email privacy@red-point.com.au with your request. We may verify your identity before actioning.

14.0 Supervisory Authorities & Complaints

  • Australia: Office of the Australian Information Commissioner (OAIC) – oaic.gov.au
  • EU: Contact your local Data Protection Authority.
  • UK: Information Commissioner’s Office (ICO) – ico.org.uk

You have the right to lodge a complaint with the relevant authority. We encourage you to contact us first so we can resolve any issue.

15.0 Changes to This Policy

We may update this Policy from time to time. If we make material changes we will provide 30 days’ advance notice via the app or email. Continued use after the effective date constitutes acceptance.

16.0 Contact / Data Protection Officer

Questions or requests?
Email: support@red-point.com.au
Postal: Privacy Officer, Alpha Outdoors Pty Ltd, 21/19 Railway Terrace, Brisbane QLD 4064, Australia