Promise← Back

Privacy Policy

Last updated: April 21, 2026

This Privacy Policy is provided by APPADEMIC PTY LTD (ABN 43 696 262 227, ACN 696 262 227), the operator of the Promise platform ("we", "us", or "our"). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and safeguard your data when you use our website at getpromise.co and our web application (collectively, the "Service").

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, username, and password (stored securely using bcrypt hashing). We also collect your date of birth (to verify age eligibility — you must be at least 13 to create an account, and at least 18 to use financial features such as staking). You may also provide your country of residence for localisation purposes.

Verification Information

If you verify your phone number via SMS, we store your phone number and verification status. If you enable two-factor authentication (2FA), we store the encrypted secret required to generate and validate your one-time codes. We do not store the codes themselves.

Profile Information

You may optionally provide a profile photo, bio, and other details to personalise your experience.

Financial Information

If you use our payment features, your card details are processed directly by Stripe — we do not store your full card details on our servers. If you set up payouts, Promise creates a Stripe Connect Custom account on your behalf. To do so, we transmit your legal name, date of birth, residential address, Australian bank account details (BSB and account number), and the IP address from which you accepted Stripe's Connected Account Agreement directly to Stripe. Bank account details are not stored on our servers after the Connect account is created. Your name, date of birth, and address remain stored in your profile for verification, compliance, and to re-submit to Stripe if your payout details change.

Push Notification Subscriptions

If you opt in to push notifications, we store your browser push subscription endpoint and associated keys. This data is used solely to deliver notifications you have requested. You can unsubscribe at any time through your browser or device settings.

Usage Data

We collect non-personal information such as browser type, device information, IP address, pages visited, and interaction patterns to improve the Service and protect against abuse. We use Plausible Analytics, a privacy-friendly analytics tool that does not use cookies and does not track individuals.

Promise & Activity Data

We store information about promises and challenges you create, check-ins you submit (including photos and notes), stakes you place, override requests, votes you cast, circle memberships, and interactions with other users as part of the core functionality of the Service.

2. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process transactions and manage financial stakes via Stripe
  • To verify your identity and age eligibility for financial features
  • To send you account-related emails (verification, password resets, promise outcomes, daily reminders)
  • To send you SMS messages for phone number verification (if you opt in)
  • To deliver push notifications you have subscribed to
  • To personalise your experience and provide relevant in-app notifications
  • To detect and prevent fraud, abuse, or violations of our Terms of Service
  • To respond to your enquiries and provide customer support
  • To generate aggregated, anonymised analytics to improve the Service
  • To monitor errors and application performance

3. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information in the following limited circumstances:

  • Service providers: We use trusted third-party services to operate the platform. Each provider only receives the minimum data necessary to perform their function:
    • Stripe — payment processing, stake holding, and payouts via Stripe Connect (Australian users)
    • PayPal — international payouts to non-Australian users (we share your PayPal email address with PayPal to process payouts)
    • Appademic-Mail — transactional emails (verification, outcomes, reminders)
    • Twilio — SMS delivery for phone number verification
    • Plausible — privacy-friendly, cookie-free website analytics
    • Sentry — error monitoring and application performance tracking
    • Web Push (browser APIs) — push notification delivery
  • Other users: Your username, profile photo, and promise activity are visible to other users as part of the social features of the Service. You control the visibility of your promises when creating them (public or private). Circle members can see activity shared within that circle.
  • Legal requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.

4. Data Security

We take the security of your data seriously and employ industry-standard measures to protect it. Passwords are hashed using bcrypt; 2FA secrets, phone numbers, date of birth, and Stripe customer identifiers are stored encrypted at rest using AES-256-GCM; sessions are managed with HTTP-only cookies; and payment processing is handled by Stripe's PCI-compliant infrastructure. Bank details provided for Stripe Connect are transmitted directly to Stripe and are not stored on our servers. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

5. Cookies & Tracking

We use essential cookies only — specifically, a session cookie to keep you logged in. We do not use advertising cookies or third-party tracking cookies. Our analytics provider (Plausible) is cookie-free and does not track individual users across sites.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or financial record-keeping purposes (e.g., transaction records, stake history). Push notification subscriptions are deleted when you unsubscribe or when your account is removed.

7. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and personal data
  • Object to or restrict certain processing of your data
  • Export your data in a portable format
  • Withdraw consent for optional communications (SMS, push notifications) at any time

To exercise any of these rights, please contact us at the email address below.

8. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party services you access.

9. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. Users aged 13–17 may create an account and use the Service but are not permitted to use financial features (staking, payments, or payouts). If you believe we have inadvertently collected information from someone under 13, please contact us and we will promptly remove it.

10. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

APPADEMIC PTY LTD

ABN 43 696 262 227 · ACN 696 262 227

hello@getpromise.co