Last updated 25 June 2026 · plain-English summary, written to the Australian Privacy Act 1988 (Cth)

1. Who we are & our commitment

YouSpotted lets you report suspected parking and vehicle offences to the relevant council or authority. We handle personal information in line with the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). YouSpotted is built privacy-by-design together with our technology partner meldCX, whose anonymisation and edge-processing framework underpins how we keep data collection to the minimum the law and the council actually need.

2. The information we collect

About you (the Spotter): your mobile number, your name and email, your bank details for payouts, and which device permissions you have granted.

In your reports: photos of the vehicle, its number plate and nearby signage; the number plate itself; the GPS location and time; your written notes; and genuine device and photo metadata (EXIF) that supports the report’s authenticity.

Reports are about a vehicle and an alleged offence — not the people nearby. Because a report necessarily includes details of a third party (the vehicle and its plate), only ever report what you personally witnessed.

3. How we use your information

We use your information only to: (1) create your report and submit it to the relevant council or authority; (2) calculate and pay any reward; and (3) keep the service secure and prevent fraud or misuse. We do not sell your information, and we do not use it for advertising or profiling.

4. Privacy by design — built with meldCX

We minimise the identifying information we keep. Where reports are processed using meldCX technology, identifying details that are not needed as evidence — such as the faces of passers-by — are blurred or abstracted so that no unnecessary personal or biometric information is retained. We are rolling this on-device blurring out across the app; until it is active on your device, we minimise and tightly secure any incidental imagery and never use it for anything beyond your report.

We never run facial recognition and we never try to identify the people in your photos. The number plate is the one identifier we must keep, because it is the essential detail the council needs to act — we treat it as personal information, secure it, and disclose it only to the relevant authority.

meldCX is independently certified under TRUSTe, ISO 27001 and PCI DSS, and its Viana platform is engineered to globally recognised frameworks including the EU GDPR, OECD Privacy Guidelines, the APEC Privacy Framework and UNESCO’s ethical-AI standards. Where YouSpotted relies on meldCX technology, that processing inherits these protections.

5. Who we share it with

We share your report — including the photos, plate, location and your identity — with the relevant council or authority so they can decide whether to act on it. We use trusted service providers (for secure hosting and for processing payouts) who are bound to keep your information confidential and use it only on our instructions. We may disclose information where we are required or authorised to do so by law. We do not share your personal information with anyone else.

6. Storage, security & where your data lives

Your information is held on secured servers located in Australia and is encrypted in transit. Access is restricted to the people and systems that need it to run reports and rewards, and especially sensitive details — such as your bank account — are additionally encrypted at rest. No system is perfectly secure, but we take reasonable steps, consistent with APP 11, to protect your information from misuse, loss and unauthorised access.

7. Overseas disclosure

We aim to keep your information in Australia. If any of our service providers store or process information outside Australia, we take reasonable steps to ensure they handle it consistently with the APPs before any such disclosure.

8. How long we keep it

We keep your reports so you can see them in your history and so the relevant authority can act on or audit them. A report stays until you delete it or close your account, or until the relevant authority asks us to remove it — whichever comes first — unless the law requires us to keep it for longer. You can delete any individual submission, or your whole account, at any time from within the app or by emailing [email protected], and we then delete or de-identify the associated information.

9. Your rights: access, correction & deletion

You can ask us for a copy of the personal information we hold about you, ask us to correct it, or ask us to delete it and close your account (APP 12 and APP 13). You can manage your profile in the app, or contact us using the details below. We will respond within a reasonable time; occasionally the law allows or requires us to keep certain information, and we will explain if that applies.

10. Children

YouSpotted is not intended for anyone under 16. We do not knowingly collect information from children. If you believe a child has used the app, contact us and we will remove their information.

11. Changes to this policy

We may update this policy as the app, our partners, or the law evolve — the Australian privacy framework is itself being reformed. When we make a material change we will update the date below and, where appropriate, notify you in the app.

12. Contact & complaints

Questions, requests or complaints about your privacy? Contact us and we will work to resolve it. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC).