Legal
Privacy Policy
How we collect, use, store, and protect personal information on BFGFE.
Last updated: 14 July 2026 · ABN 48 125 462 102 · bfgfe.com
This document is provided for transparency and platform rules. It is not legal advice. If you operate as a provider or rely on these policies for compliance in your jurisdiction, consult a qualified lawyer.
1. Introduction
BFGFE (BFGFE, bfgfe.com) respects your privacy. This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and your rights. It applies to visitors, registered providers, and anyone who contacts us.
We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and, where applicable, the New Zealand Privacy Act 2020.
2. Roles: controller and processor
For account, billing, and platform operation data, BFGFE is the entity responsible for personal information we collect. For payment card data, Stripe acts as an independent payment processor under its own privacy policy.
Providers who publish profiles are separate controllers of the contact and business information they choose to display publicly. Visitors who submit profile reports may provide optional contact details processed by us for moderation.
3. Information we collect
Account and authentication
- Email address, username, display name, password (stored as a secure hash via Supabase Auth)
- Account creation date, last sign-in, and session cookies
- Age confirmation at signup and age-gate cookie for visitors
Profile and provider content
- Photos, bio, rates, location fields, services, policies, availability, and contact methods you choose to publish
- Social links, tour dates, and marketing categories
- Verification documents (government ID and selfie) when you submit verification, stored privately
- Internal admin notes and moderation records where applicable
Billing
- Stripe customer ID, subscription ID, plan tier, and billing status
- Checkout session metadata (we do not store full payment card numbers)
- Bookkeeping entries you create in the dashboard (income/expense records)
Analytics and usage
- Profile view events and contact-click events with hashed visitor identifiers
- Referrer URL, UTM parameters, and coarse traffic source labels
- Provider dashboard analytics derived from the above
Reports, safety, and communications
- Profile reports (reason, optional details, optional reporter email)
- Emails and support messages you send us
- Audit logs for admin actions on the platform
Technical and security data
- IP address, user agent, request logs, and error diagnostics
- Rate-limiting and abuse-prevention signals
- Results of automated content safety scans on uploaded images (where enabled)
4. How we use information
- Operate, maintain, and improve the platform and its features
- Display public profiles on browse and search
- Process subscriptions and one-time promotion purchases
- Provide analytics, calendar, bookkeeping, and dashboard tools to providers
- Verify provider identity and display trust badges where approved
- Detect, prevent, and respond to fraud, abuse, and security incidents
- Moderate content, investigate reports, and enforce our policies
- Comply with legal obligations and respond to lawful requests
- Send transactional emails (account, billing, verification decisions)
- Send operational notices about policy or feature changes where appropriate
We do not sell your personal information. We do not use profile photos for unrelated advertising. We do not publish verification documents on public profiles.
5. Legal bases (international users)
Where GDPR or similar laws apply, we rely on: performance of a contract (providing the service you signed up for); legitimate interests (security, analytics, improvement, fraud prevention); consent (where required, e.g. optional marketing); and legal obligation.
6. Sharing and subprocessors
We share personal information only as needed to run BFGFE, including with:
- Supabase: authentication, database, file storage (profile images, private verification documents)
- Stripe: payment processing and subscription management
- Infrastructure and email providers: hosting, CDN, transactional email (e.g. Resend when configured)
- Content safety providers: automated image scanning where PhotoDNA or similar services are enabled
- Professional advisers, insurers, or auditors under confidentiality obligations
- Law enforcement or regulators when required by law or to protect rights and safety
Public profile fields you publish are visible to anyone who visits bfgfe.com or your public profile URL.
7. International transfers
Our subprocessors may process data in Australia, the United States, the European Union, or other countries. Where we transfer personal information overseas, we take reasonable steps to ensure appropriate safeguards consistent with applicable privacy law.
8. Retention
- Active account data is retained while your account exists.
- Deleted accounts: profile content and photos are removed; some billing and security logs may be retained as required by law or legitimate business needs.
- Verification documents may be retained for a period after review for audit and dispute resolution, then deleted or archived securely.
- Analytics events are retained in aggregated form for reporting; raw events may be purged on a rolling schedule.
- Reports and moderation records may be retained to prevent repeat abuse.
9. Security
We use industry-standard measures including encryption in transit (HTTPS), access controls, row-level security policies, service-role isolation for privileged operations, and restricted access to verification documents. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
10. Cookies and similar technologies
See our Cookie Policy for details. We use essential cookies for authentication and age confirmation. We do not use third-party advertising cookies on the core platform at launch.
11. Your rights
Depending on your location, you may have the right to:
- Access personal information we hold about you
- Correct inaccurate information (many fields editable in Settings)
- Delete your account and associated profile data
- Withdraw consent where processing is consent-based
- Complain to a privacy regulator (e.g. OAIC in Australia, OPC in New Zealand)
To exercise rights, contact privacy@bfgfe.com. We may need to verify your identity before responding. We aim to respond within 30 days.
12. Sensitive information
Some information on BFGFE may be sensitive, including sexual orientation, gender identity, images of an adult sexual nature, government identity documents submitted for verification, and health-related preferences you choose to publish (e.g. safe sex requirements). We collect this only where you provide it for platform functionality, with your consent where required, and handle verification documents privately as described above.
13. Direct marketing
We may send transactional and service-related emails (account, billing, verification, security). We do not sell personal information to advertisers. If we introduce optional marketing emails in future, you will be able to opt out via unsubscribe links or by contacting privacy@bfgfe.com.
14. Data breaches
We maintain procedures to detect, assess, and respond to data breaches. Where a breach is likely to result in serious harm and we are required to notify under the Notifiable Data Breaches scheme or other applicable law, we will notify affected individuals and the OAIC (or relevant regulator) as required. Report suspected security issues to support@bfgfe.com immediately.
15. Children
BFGFE is strictly 18+. We do not knowingly collect personal information from anyone under 18. If we learn a user is under 18, we will terminate the account and delete associated data where practicable. Report concerns to abuse@bfgfe.com.
16. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top will change. Material updates may be communicated by email or prominent notice on the site.
17. Contact
Privacy officer / enquiries: privacy@bfgfe.com
Postal address: available on request to privacy@bfgfe.com