Beta TestFlight

Privacy Policy

SWEET AS

PRIVACY POLICY

Version 1.0 — May 2026

Last Updated: May 2026

 

ConnectPath Ventures Pty Ltd trading as Sweet As

ACN: 672 220 932 | ABN: 35 672 220 932

Registered in New South Wales, Australia

 

1. About This Policy

This Privacy Policy explains how ConnectPath Ventures Pty Ltd (ACN 672 220 932, ABN 35 672 220 932), trading as Sweet As (“we”, “us”, “our”), collects, uses, stores, discloses, and protects personal information in connection with the Sweet As mobile application, website, and associated services (collectively, the “Platform”).

We are committed to protecting the privacy of all individuals who interact with our Platform, including venue operators (“Venues”), food enthusiasts (“Foodies”), content creators and influencers (“Influencers”), and visitors to our website.

This Policy is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”). Where we operate in jurisdictions outside Australia or where additional regulations apply (including the European Union General Data Protection Regulation or the California Consumer Privacy Act), we comply with the applicable requirements of those laws.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, you should discontinue use of the Platform.

2. What Personal Information We Collect

The types of personal information we collect depend on how you interact with the Platform.

2.1 From Venues

When a Venue onboards to the Platform, we collect:

  • Business name, trading name, ABN (where applicable), and registered address.
  • Contact details of the authorised representative, including name, email address, phone number, and job title.
  • Payment and billing information, including credit or debit card details processed through our third-party payment provider.
  • Social media account handles and publicly available content from linked social media platforms (including Instagram, TikTok, Facebook, and X).
  • Menu information, venue photographs, operating hours, cuisine type, and other venue profile data.
  • Booking and ordering platform URLs provided by the Venue for display on their profile.
  • Communications with us, including support requests, feedback, and correspondence.

2.2 From Foodies

When a Foodie creates an account or uses the Platform, we collect:

  • Name, email address, and profile information.
  • Location data (with consent), including precise or approximate geolocation to enable venue discovery.
  • Taste preferences, dietary requirements, and cuisine interests provided during onboarding or inferred from Platform usage.
  • Reviews, ratings, photographs, and other user-generated content posted on the Platform.
  • Engagement and behavioural data, including venues viewed, saved, shared, and visited; time spent on profiles; search queries; and interaction with deals and rewards.
  • Device information, including device type, operating system, app version, and unique device identifiers.
  • Social media account information where the Foodie connects a social media account to the Platform.

2.3 From Influencers

When an Influencer registers or participates in campaigns through the Platform, we collect:

  • Name, email address, phone number, and social media handles.
  • Social media performance metrics, including follower counts, engagement rates, and content reach, sourced from publicly available data or authorised API access.
  • Content created in connection with Platform campaigns, including photographs, videos, captions, and reviews.
  • Payment information for reward fulfilment where applicable.

2.4 Automatically Collected Information

When you use the Platform, we automatically collect:

  • Log data, including IP address, browser type, access times, pages or screens viewed, and referring URLs.
  • Analytics and usage data through third-party analytics tools (such as Google Analytics, Firebase, or Mixpanel).
  • Cookies and similar tracking technologies as described in clause 9.

3. How We Use Your Personal Information

We collect and use personal information for the following purposes:

3.1 To Operate and Improve the Platform

  • Creating and managing user accounts and venue profiles.
  • Providing personalised venue discovery and recommendations using our AI Engine.
  • Processing payments and managing subscriptions.
  • Facilitating deals, rewards, and influencer campaigns.
  • Linking users to third-party booking and ordering platforms as provided by Venues.
  • Providing customer support and responding to enquiries.
  • Monitoring, analysing, and improving Platform performance and user experience.

3.2 AI Processing and Content Analysis

We use artificial intelligence and machine learning to:

  • Analyse and tag venue content (including images, text, menus, and social media posts) to generate searchable attributes such as cuisine type, dish descriptions, ambiance tags, dietary suitability, and flavour profiles.
  • Match Foodies with Venues based on preferences, location, behavioural signals, and trending content.
  • Analyse social media content retrieved from Venue and Influencer accounts to assess content quality, relevance, and engagement potential.
  • Generate aggregated and anonymised insights for analytics dashboards, benchmarking, and product development.

By using the Platform, you consent to the processing of content and data by our AI Engine for these purposes. AI-generated tags and recommendations are derived algorithmically and are not manually reviewed unless flagged for quality assurance.

3.3 Marketing and Communications

  • Sending transactional communications (account confirmations, billing notifications, service updates).
  • Sending promotional communications where you have opted in or where permitted under applicable law. You may opt out of promotional communications at any time via the Platform settings or by following the unsubscribe link in any email.
  • Featuring venue content, foodie reviews, or influencer content in Sweet As marketing materials, social media, and press — in connection with promoting the Platform and the featured party’s presence on it.

3.4 Analytics and Aggregated Data

We create aggregated, anonymised, and de-identified datasets from information collected through the Platform. These datasets do not identify any individual user or Venue and are used for:

  • Product development and Platform improvement.
  • Industry benchmarking and trend analysis.
  • Investor reporting and business planning.
  • Research and statistical purposes.

We own all aggregated and anonymised data. This right is not affected by the closure of any individual account or the termination of any agreement with us.

3.5 Legal and Compliance

  • Complying with applicable laws, regulations, and legal processes.
  • Enforcing our Terms and Conditions and other agreements.
  • Protecting the rights, safety, and property of Sweet As, our users, and the public.
  • Detecting, investigating, and preventing fraud, abuse, or security incidents.

4. Lawful Basis for Processing

Under the Australian Privacy Principles, we collect personal information that is reasonably necessary for our functions and activities. Where we operate in jurisdictions that require a specific lawful basis (such as the EU GDPR), we rely on the following:

  • Consent: Where you have given clear consent for us to process your personal information for a specific purpose (e.g., location data, marketing communications, social media access).
  • Contractual Necessity: Where processing is necessary to perform our contract with you (e.g., managing your account, processing payments, providing Platform services).
  • Legitimate Interest: Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights (e.g., analytics, product improvement, fraud prevention).
  • Legal Obligation: Where processing is required to comply with a legal obligation (e.g., tax records, law enforcement requests).

5. How We Share Your Personal Information

We do not sell your personal information. We share personal information only in the following circumstances:

5.1 Within the Platform

  • Venue profile information (business name, location, cuisine, menu, social content, operating hours) is displayed publicly to Foodies and Influencers on the Platform.
  • Foodie reviews, ratings, and content are displayed on venue profiles and may be visible to other Platform users.
  • Influencer content created as part of campaigns is shared with the relevant Venue and displayed on the Platform.

5.2 Third-Party Service Providers

We share personal information with trusted third-party service providers who assist us in operating the Platform, including:

  • Cloud hosting and infrastructure providers (e.g., Amazon Web Services, Google Cloud).
  • Payment processors for subscription billing and reward fulfilment.
  • Analytics and performance monitoring tools.
  • Email and communication service providers.
  • Customer relationship management (CRM) platforms.
  • AI and machine learning service providers used in our content analysis pipeline.

All third-party service providers are contractually required to process personal information only on our instructions and in accordance with applicable privacy laws.

5.3 Social Media Platforms

Where you connect a social media account to the Platform, data may be exchanged between the Platform and the relevant social media platform in accordance with that platform’s terms and API policies. We access only publicly available content or content you have authorised us to access.

5.4 Legal and Regulatory Disclosure

We may disclose personal information where required or authorised by law, including to comply with a court order, subpoena, or government request; to enforce our Terms and Conditions; or to protect the rights, safety, or property of Sweet As, our users, or the public.

5.5 Business Transfers

In the event of a merger, acquisition, restructure, or sale of all or part of our business, personal information may be transferred to the successor entity. We will notify affected users of any such transfer and the successor’s obligations under this Policy.

6. Cross-Border Data Transfers

Sweet As is based in Australia. Some of our third-party service providers may store or process data in jurisdictions outside Australia, including the United States, the European Union, and the Asia-Pacific region.

Where personal information is transferred outside Australia, we take reasonable steps to ensure that the overseas recipient handles the information in accordance with the APPs and this Privacy Policy. This includes entering into contractual arrangements that require equivalent data protection standards, and conducting due diligence on the data handling practices of our providers.

By using the Platform, you consent to the transfer of your personal information to jurisdictions outside Australia as described in this clause.

7. Data Retention

We retain personal information for as long as it is reasonably necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements.

  • Active accounts: Personal information is retained for the duration of your account and subscription.
  • Closed accounts: Upon account closure or subscription termination, we retain personal information for a period of twelve (12) months to comply with legal obligations, resolve disputes, and enforce our agreements. After this period, personal information is securely deleted or anonymised.
  • Venue-specific data export: Venues may request an export of their venue-specific data within thirty (30) days of account termination, in accordance with the Venue Terms and Conditions.
  • Aggregated data: Aggregated and anonymised data that does not identify any individual is retained indefinitely for analytics, benchmarking, and product development.
  • Financial records: Transaction and billing records are retained for a minimum of seven (7) years as required by Australian taxation law.

8. Data Security

We take the security of your personal information seriously and implement reasonable technical and organisational measures to protect it from unauthorised access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Access controls limiting access to personal information to authorised personnel on a need-to-know basis.
  • Regular security reviews and vulnerability assessments of our systems.
  • Secure processing of payment information through PCI-DSS compliant third-party payment processors. We do not store full credit card numbers on our systems.
  • Incident response procedures for identifying, containing, and responding to data security incidents.

No method of electronic storage or transmission is completely secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect usage data, improve Platform functionality, and personalise your experience.

  • Essential Cookies: Required for the Platform to function (authentication, session management, security). These cannot be disabled.
  • Analytics Cookies: Used to understand how users interact with the Platform (page views, feature usage, error tracking). We use tools such as Google Analytics and Firebase Analytics.
  • Preference Cookies: Used to remember your settings and preferences (language, location, content filters).

We do not use advertising or retargeting cookies within the Platform. Where third-party analytics providers set cookies, those providers’ own privacy policies apply.

You can manage cookie preferences through your browser or device settings. Disabling essential cookies may affect Platform functionality.

10. Your Rights

Under the Australian Privacy Principles and applicable privacy laws, you have the following rights:

  • Access: You have the right to request access to the personal information we hold about you.
  • Correction: You have the right to request correction of inaccurate, out-of-date, incomplete, or misleading personal information.
  • Deletion: You may request deletion of your personal information, subject to our legal retention obligations. We will action deletion requests within thirty (30) days.
  • Opt-Out of Marketing: You may opt out of promotional communications at any time via Platform settings or by contacting us.
  • Withdraw Consent: Where processing is based on consent (e.g., location data, social media access), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.
  • Data Portability: Where technically feasible and required by applicable law, you may request a copy of your personal information in a structured, commonly used, and machine-readable format.

To exercise any of these rights, contact us at [email protected]. We will respond to all legitimate requests within thirty (30) days.

11. Children’s Privacy

The Platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

If you believe a child under 16 has provided us with personal information, please contact us at [email protected].

12. Notifiable Data Breaches

In the event of an eligible data breach as defined under Part IIIC of the Privacy Act 1988 (Cth), we will:

  • Take immediate steps to contain the breach and assess the risk of serious harm to affected individuals.
  • Notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable in accordance with the Notifiable Data Breaches (NDB) scheme.
  • Provide affected individuals with information about the breach, the type of information involved, and recommended steps to mitigate potential harm.

We maintain an internal data breach response plan and conduct regular reviews to ensure preparedness.

13. Social Media Content Collection

A core feature of the Platform is the aggregation and display of publicly available social media content. This clause explains how we collect and process social media data.

13.1 Venue Social Media Content

Where a Venue provides its social media handles during onboarding, we collect publicly available posts, images, videos, captions, hashtags, and engagement metadata from those accounts. This content is used to populate the Venue’s profile, generate AI tags, and power discovery. Venues consent to this collection through the Venue Terms and Conditions.

13.2 Foodie and Influencer Social Media Content

Where a Foodie or Influencer connects a social media account to the Platform, we may access content and engagement data from that account in accordance with the permissions granted during the connection process. We access only the data scopes you authorise.

13.3 Third-Party Platform Compliance

Our collection of social media content complies with the terms of service and API policies of the relevant third-party platforms. Where a platform changes its API access policies in a way that affects our data collection, we will adjust our practices accordingly. We do not access private or non-public content without explicit authorisation from the account holder.

14. Third-Party Links and Services

The Platform may contain links to third-party websites and services, including venue booking platforms, delivery services, and social media networks. These third-party services are not operated by Sweet As, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party service before providing personal information to them. The inclusion of a third-party link on the Platform does not imply endorsement of that service’s privacy practices.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be notified via:

  • In-app notification within the Platform.
  • Email to the address associated with your account.
  • Prominent notice on our website.

The “Last Updated” date at the top of this Policy indicates the most recent revision. Continued use of the Platform after a material change constitutes acceptance of the updated Policy.

16. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

ConnectPath Ventures Pty Ltd trading as Sweet As

Email: [email protected]

Registered Office: C/- Kelly + Partners, Level 2a, 120 Old Pittwater Road, Brookvale NSW 2100

ACN: 672 220 932 | ABN: 35 672 220 932

 

Complaints

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

For Foodies
For Venues