Last updated: May 2026
Privacy Policy
This policy explains what data VenueIQ collects, how we use it, who else touches it, and what rights you have over it. We try to be specific rather than vague.
VenueIQ is operated from Australia and complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
1. What we collect
When you apply for the pilot
- Your name, email, phone number, and the venue you're applying on behalf of.
- Free-text answers about what you want to know better about your business.
- Country code (auto-detected from your IP), source URL, and user-agent string for triage.
When you use the platform
- Venue profile data you enter: trading hours, capacity, average spend, breakeven, opening hours, licensing details.
- Daily revenue actuals you submit, plus optional manager notes about each shift.
- Booking events, private functions, and any other operational context you log.
- Login metadata: IP address, browser fingerprint, login timestamps.
- Crash and performance data when something breaks (we use Sentry; see below).
- Cookieless product analytics events such as login, forecast run, actual submission, settings opened, and forecast rating. We use these to understand whether the pilot is useful, not for advertising.
What we don't collect
- Customer-level transaction data from your POS that identifies individuals.
- Payment card numbers (we don't process payments yet).
- Anything from sources you haven't connected.
2. How we use your data
- To produce revenue forecasts and operational suggestions for your venue.
- To improve forecast accuracy by learning from your submitted actuals.
- To debug errors and improve the product. Anonymised, aggregated patterns may inform model updates that benefit all venues.
- To contact you about the pilot, product changes, and (with your consent) occasional product updates.
- To meet our legal and tax obligations.
3. Who we share data with
We use a small number of third-party services to run VenueIQ. Your data flows through some of them. We do not sell or rent your data to anyone, ever.
| Service | What it does | Where |
|---|---|---|
| Supabase | Authentication, database, file storage | EU / US regions |
| Anthropic | AI prediction model (Claude) | US |
| Vercel | Frontend hosting | Global edge (Sydney for AU traffic) |
| Railway | Backend API hosting | US |
| Sentry | Error and performance monitoring | US |
| PostHog | Cookieless product analytics for pilot usage patterns | US / EU regions |
| Hostinger | Email delivery for transactional notifications | EU |
| Open-Meteo, Ticketmaster, VicRoads | External signals for forecasts | Global |
We send Anthropic the context needed to make a forecast, including your venue profile, weather, nearby events, and daily notes. We do not send your actual revenue figures unless they're needed for the bias-correction step. Anthropic processes prompts under their own data privacy policy and does not retain prompts for model training without consent.
4. Cookies and similar technologies
We use essential cookies and local storage, plus cookieless product analytics:
- Authentication cookies — set by Supabase to keep you logged in. Required for the dashboard to work.
- Local storage — used to remember your most recent forecast so it survives tab navigation, and to remember your cookie consent decision.
- Crash diagnostics — Sentry sets a session ID to group related errors. Disabled if you have a browser content blocker.
- Product analytics — PostHog records selected product events such as running a forecast or submitting actual revenue. We do not send manager emails to PostHog and we do not use it for ads.
We do not use Google Analytics, Facebook Pixel, or any third-party advertising or marketing trackers.
5. Data security
We use industry-standard practices: encrypted connections (HTTPS/TLS), password-hashing via Supabase, role-based access controls in the database, environment-isolated API keys. No system is perfectly secure, but we treat security as a first-class concern.
If we ever experience a data breach affecting your personal information we will notify you and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.
6. Data retention
- Active accounts: data is retained while you use VenueIQ.
- Deleted accounts: your venue profile and account data are deleted within 30 days of account deletion. Anonymised aggregate metrics may be retained indefinitely as they cannot be traced back to you.
- Pilot applicant records: retained for up to 24 months after submission so we can re-contact you if a future pilot opens. You can request earlier deletion at any time.
7. Your rights
Under Australian privacy law, you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate personal information.
- Have your personal information deleted (subject to legal obligations).
- Withdraw consent for any processing that depends on consent.
- Lodge a complaint with the Office of the Australian Information Commissioner if you believe we've mishandled your data.
To exercise any of these rights, email hello@venueiq.xyz. We'll respond within a reasonable time, normally within 30 days.
8. International data transfers
Some of our subprocessors (Anthropic, Vercel, Railway, Sentry) operate infrastructure in the United States. By using VenueIQ you consent to the transfer of your data to these jurisdictions for the purpose of providing the service.
9. Children
VenueIQ is for businesses, not individuals under 18. We do not knowingly collect personal information from children.
10. Changes to this policy
We may update this policy as the product evolves or as our subprocessors change. We'll let active users know about material changes by email and update the 'Last updated' date above.
Contact
Privacy questions or concerns? hello@venueiq.xyz.