Privacy Policy

Last updated: May 17, 2026

1. Introduction

MyShop Enterprises Pty Ltd (ABN registered in Australia) ("we," "our," or "us") operates the Duoscape platform, including the duoscape.app website and the Duoscape mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Name and email address
  • Password (encrypted, never stored in plain text)
  • Partner invite code (to link couple accounts)
  • Apple ID or Google account identifiers (if using social sign-in)

Couple & Relationship Data:

  • Travel preferences (budget range, travel styles, interests, preferred climates, dream destinations)
  • Love Language quiz responses and results
  • Love Map question answers
  • Relationship pulse ratings
  • Conversation starter responses
  • Appreciation messages sent to your partner
  • Daily prompt responses and connection streaks
  • Couple challenge progress
  • Trip reflections

Trip & Booking Data:

  • Trip details (destinations, dates, budgets, notes)
  • Savings goals and contribution amounts
  • Booking details and special requests
  • Photos uploaded to trip memories

Payment Information:

  • Payment is processed by Stripe. We do not store complete credit card details.
  • Stripe handles all sensitive payment data in accordance with PCI DSS standards.
  • We store booking references, amounts, and payment confirmation status only.

2.2 Information Collected Automatically

  • Device information (browser type, operating system, device model)
  • IP address and general geographic location
  • App usage patterns and feature interactions
  • Error reports and performance diagnostics

2.3 Camera and Photo Library

The Duoscape mobile app may request access to your device camera and photo library. This is used exclusively for uploading trip photos and profile images. We do not access your camera or photos without your explicit permission, and you can revoke this permission at any time through your device settings.

3. How We Use Your Information

  • Provide the Service: Create and manage your account, link couple accounts, display personalised experience recommendations, process bookings.
  • Personalisation: Match experiences to your travel preferences, calculate compatibility scores, recommend destinations based on your stated interests.
  • Relationship Features: Deliver Love Maps questions, track connection streaks, facilitate couple challenges and appreciation messages between linked partners.
  • Payments: Process bookings through Stripe, manage savings goal contributions, send booking confirmations.
  • Communication: Send transactional emails (booking confirmations, partner application updates, waitlist welcome messages).
  • Improvement: Analyse usage patterns to improve the platform, fix bugs, and develop new features.
  • Security: Protect against fraud, enforce our terms, and maintain platform integrity.

4. Information Sharing and Disclosure

4.1 We Do Not Sell Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2 Your Partner

When you link accounts with a partner via invite code, certain information is shared between you: appreciation messages, daily prompt responses, Love Map answers, trip details, and savings goals. This sharing is the core function of the Service and only occurs between linked partners.

4.3 Partner Properties (Hotels & Resorts)

When you book an experience, the hosting property receives your booking details (names, dates, special requests) necessary to fulfil the reservation. Properties do not receive your relationship data, quiz results, or financial details beyond the booking amount.

4.4 Service Providers

  • Supabase (database hosting and authentication, Sydney region)
  • Stripe (payment processing)
  • Resend (transactional email delivery)
  • Vercel (web application hosting)
  • Apple (Sign-in with Apple authentication)

4.5 Legal Requirements

We may disclose information when required by law, including court orders, government investigations, or to protect rights and safety.

4.6 Business Transfers

In the event of a merger, acquisition, or asset sale, personal information may be transferred. You will be notified of any ownership change.

5. Data Security

  • All data transmitted via HTTPS/TLS encryption
  • Authentication tokens stored in iOS Keychain (mobile) or secure HTTP-only sessions (web)
  • Row Level Security (RLS) on all database tables ensuring users can only access their own couple's data
  • Passwords hashed via Supabase Auth (bcrypt)
  • Stripe webhook signature verification on all payment events
  • HTML escaping on all user-supplied data in emails
  • Admin operations require authenticated admin JWT

6. Data Retention

  • Account data: Maintained while your account is active. Retained for up to 2 years after account closure.
  • Relationship data (quiz results, reflections, appreciations): Deleted when you delete your account.
  • Booking and payment records: Retained for 7 years for tax and accounting compliance.
  • Usage analytics: Aggregated and anonymised data may be retained indefinitely. Personal identifiers removed after 3 years.

7. Your Privacy Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Update or correct inaccurate information via your Profile settings.
  • Deletion: Request deletion of your account and associated data.
  • Portability: Request your data in a machine-readable format.
  • Restriction: Limit how we process your information.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Opt out of marketing communications at any time.

To exercise any of these rights, contact us at privacy@myshopenterprises.com. We will respond within 30 days.

8. International Data Transfers

Our primary database is hosted in Sydney, Australia via Supabase. Some service providers (Stripe, Vercel, Resend) may process data in other jurisdictions. All transfers are protected by appropriate safeguards including encryption in transit and at rest.

9. Regional Privacy Laws

Australian Privacy Principles (APPs)

We comply with the Privacy Act 1988 (Cth). Australian users have rights under the APPs. Complaints can be made to the Office of the Australian Information Commissioner (OAIC).

General Data Protection Regulation (GDPR)

EU residents have enhanced rights under GDPR, including the right to lodge complaints with supervisory authorities. Our legal bases for processing include contract performance, legitimate interests, and consent.

California Consumer Privacy Act (CCPA)

California residents have specific rights including the right to know about personal information collected, the right to delete, and the right to opt out of sale (though we do not sell personal data).

10. Children's Privacy

Duoscape is not directed to individuals under 18. We do not knowingly collect information from minors. If we learn that we have collected data from a child, we will delete it immediately.

11. Updates to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

MyShop Enterprises Pty Ltd
Email: privacy@myshopenterprises.com
Website: duoscape.app

We aim to respond to privacy inquiries within 30 days.