Legal & Security

Privacy Policy

Last Updated: February 15, 2026

At Alphabet Dining (operated by Duncan Media), we regard the privacy and security of your discovery journey as our highest priority. This Privacy Policy outlines what information we collect, how we use it to provide you with unique dining insights, and the strict boundaries we place on sharing that information. By using our platform, you consent to the data practices described in this policy.

1 Information We Collect

We collect only the information strictly necessary to provide you with a functional dining discovery dashboard, secure authentication, and interactive tracking tools.

A. Personal & Account Information

  • Identity Data: First name, surname, and date of birth provided during registration (used to verify age requirements).
  • Security & Technical Data: Passwords (strictly hashed using Argon2id encryption), IP addresses, browser types, User-Agent strings, and login audit timestamps.
  • Financial Data: For premium or business users, payment processing is handled entirely by our secure third-party gateway (e.g., Square). Alphabet Dining does not collect or store full credit card numbers on our servers.

B. Discovery & Interaction Data

  • Location Data: Suburb, Postcode, and precise geospatial coordinates (latitude/longitude) to facilitate radius-based geographic matching.
  • User-Generated Content: Restaurant reviews (maximum 1,000 words), star ratings, custom tags, and up to 5 uploaded image files per review.
  • Interaction History: Favourite locations, platform progression (Alphabetical vs. Random), generated vouchers, and redemption logs.

2 How We Use Your Information

We do not use your data for external advertising profiling. Your data is used exclusively for:

  • Service Provision: Synchronising your 26-fortnight cycle and surfacing highly relevant, localised restaurant matches for your active letter.
  • Security & Integrity: Verifying identity, managing secure sessions, preventing fraudulent voucher claims, and detecting automated brute-force attacks.
  • Platform Analytics: We may aggregate and anonymise data (stripping all personally identifiable markers) to understand broader dining trends and improve our algorithms.

3 Information Sharing & Public Disclosure

Strict "No Sale" Policy

We will never sell, rent, trade, or lease your personal data to third parties, advertising networks, or data brokers.

We only share information under the following limited circumstances:

  • Publicly Shared Data: By design, any reviews, star ratings, and photos you submit to a venue's profile are public. Alphabet Dining is not liable for how third parties may view, capture, or use this publicly volunteered information.
  • Trusted Service Providers: We employ third-party services (e.g., Google Maps API for location parsing, secure hosting environments) to facilitate our platform. These providers are strictly bound to process data only on our behalf.
  • Legal Requirements: We will disclose data if compelled by a valid subpoena, court order, or formal legal process enforced by Australian jurisdictions.

4 Data Security & Limitation of Liability

We employ high-grade security practices to protect your data, including:

  • Encryption in Transit & At Rest: All web traffic is protected via TLS/SSL. Passwords are cryptographically hashed, and uploaded media is sanitized and stored in secure directories.
  • Defense-in-Depth: We implement proactive strategies to identify and block automated attacks, CSRF vulnerabilities, and brute-force abuse.
Limitation of Liability regarding Security: While we strive to use commercially acceptable means to protect your Personal Information, no method of transmission over the Internet or electronic storage is 100% secure. Alphabet Dining cannot guarantee absolute security and shall not be held liable for any unauthorised access, data breach, or data loss that occurs despite our standard security measures.

5 Cookies, Tracking & Third Parties

We use Strictly Necessary Cookies (such as encrypted Session Tokens and CSRF defense tokens) to maintain your secure login state. We do not use invasive third-party tracking pixels.

Third-Party Links: Our platform contains links to external restaurant websites and mapping services. We are not responsible for the privacy practices, content, or liabilities associated with those external sites.

6 Data Retention, Deletion & Age Restrictions

  • Access & Correction: You maintain the right to view, edit, or remove your profile data and reviews via your dashboard at any time.
  • Account Deletion: You may request full account deletion. Upon processing, your personal data is anonymised in our production databases using "soft delete" protocols to maintain the structural integrity of historical audits.
  • Age Restrictions: Alphabet Dining is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors.

Contact Us

If you have questions regarding this privacy policy or wish to exercise your data rights, please reach out to our privacy team.

enquiries@alphabetdining.com.au
55A McMahons Road,
Kurrajong, NSW 2758

7 Australian Privacy Rights & Procedures

To ensure full compliance with the Australian Privacy Principles (APPs) and the Privacy Act 1988 (Cth), we uphold the following additional procedures:

  • Cross-Border Data Transfers While Alphabet Dining is based in Australia, some of our trusted third-party service providers (such as cloud hosting, payment gateways, and mapping APIs) may route, process, or back up data on servers located outside of Australia. We ensure these providers operate under strict privacy frameworks comparable to the APPs.
  • Mandatory Data Breach Notification In accordance with the Notifiable Data Breaches (NDB) scheme, if we suspect or confirm a data breach that is likely to result in serious harm to any user, we will promptly notify the affected individuals and the Office of the Australian Information Commissioner (OAIC), outlining the steps we are taking to mitigate the breach.
  • Direct Marketing & Opt-Outs In compliance with the Spam Act 2003, we will only send promotional marketing communications if you have explicitly opted in. You maintain the right to unconditionally opt out of promotional emails at any time via the "unsubscribe" link provided in those emails, or via your account settings. (Note: You cannot opt out of critical system, security, or billing notifications).
  • Policy Updates & Notifications We reserve the right to modify this Privacy Policy at any time to reflect changes in our platform or legal obligations. For material changes that significantly affect your data rights, we will provide prominent notice via a platform banner or direct email notification prior to the change taking effect.
  • Dispute Resolution & OAIC Escalation If you believe we have breached the APPs, please lodge a formal complaint with us via the contact details below. We commit to acknowledging your complaint within 7 days and providing a formal response within 30 days. If you are unsatisfied with our resolution, you have the right to escalate your complaint directly to the OAIC (www.oaic.gov.au).