Privacy Policy

Last updated: 25.11.2025

This Privacy Policy describes how Growth Bomb Pty Ltd (ABN 93 642 435 041) (“Growth Bomb”, “we”, “us” or “our”) collect, use, store and disclose your personal information when you visit or make a purchase from our website and related online properties (together, the “Website”), or otherwise interact with us.

Our registered business address is: Level 2, 627 Chapel Street, South Yarra, VIC 3141 Australia

By accessing or using the Website, purchasing our products, or otherwise providing your personal information to us, you acknowledge that you have read and understood this Privacy Policy.

 

1. Openness and Transparency

We are committed to protecting your privacy and respecting your rights under applicable privacy laws, including:

• the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs);
• the New Zealand Privacy Act 2020;
• where applicable, the EU General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR.

For the purposes of the GDPR, Growth Bomb is a data controller in relation to your personal information. We will take reasonable steps to comply with relevant privacy laws and to handle any inquiries or complaints in a fair and timely way.

 

2. What Is Personal Information?

In this Privacy Policy, “personal information” (or “personal data” under the GDPR) means any information about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in a material form or not. This can include, for example, a name, email address, postal address, telephone number, online identifiers, or a combination of information which allows you to be identified.

 

3. Personal Information We Collect

We may collect the following types of personal information about you:

• Identity and contact details - name, email address, telephone number, billing and shipping addresses.
• Order and transaction information - products purchased, order history, payment method (note: card details are processed by our payment providers and not stored in full by us), order value, delivery details.
• Account information - login details, preferences, saved addresses or settings if you create an account with us.
• Device and technical data - device ID, device type, operating system, browser type and version, language settings, IP address, approximate location (e.g. city and country), referral URLs, pages viewed, time spent on pages and other standard web log information.
• Usage and analytics data - information about how you use our Website and interact with our content, marketing emails and advertising, collected using tools such as Google Analytics, Shopify Analytics, Klaviyo and Atria.
• Marketing and communications data - your marketing preferences, subscription status, and information about your interactions with our email, SMS and other marketing communications.
• Competition, survey and feedback data - information you provide when you enter a competition, respond to a survey or submit feedback or product reviews.
• Support and correspondence - details you provide when you contact us (for example via email or social media), including enquiries, complaints or other communications.
• Other information you choose to provide - any other personal information you voluntarily provide to us in the course of your dealings with us.

We do not intentionally collect sensitive information (such as information about your health, racial or ethnic origin, religious beliefs, criminal history or trade union membership). We ask that you do not provide this information to us. If you do provide sensitive information for any reason, you consent to us collecting and handling that information in accordance with this Privacy Policy.

 

4. How We Collect Personal Information

We may collect personal information in a number of ways, including when you:

• visit or browse the Website;
• create an account on the Website;
• place an order or purchase products from us;
• sign up to receive marketing communications (such as email or SMS);
• enter a competition or promotion we run;
• complete a survey, form or questionnaire;
• submit a product review, testimonial or other user content;
• contact us with a query, comment or complaint; or
• interact with us via our social media channels.

We may also receive personal information about you from third parties where you have given them permission to share it with us (for example, from payment providers, marketing or analytics platforms, or social media platforms).If you choose not to provide certain personal information, we may not be able to provide you with some or all of our products or services (for example, we cannot fulfil an order without your name, address and payment details).

 

5. Legal Bases for Processing (EEA/UK GDPR)

Where the GDPR applies (for individuals in the European Economic Area or the United Kingdom), we must have a legal basis to process your personal information. Depending on the circumstances, we may rely on one or more of the following legal bases:

• Performance of a contract - where processing is necessary to enter into or perform a contract with you (for example, to fulfil your order).
• Consent - where you have clearly agreed to us processing your personal information for a specific purpose (for example, for marketing communications). You can withdraw your consent at any time.
• Legitimate interests - where processing is necessary for our legitimate business interests (such as operating and improving our Website and services, fraud prevention and analytics) and these interests are not overridden by your rights and freedoms.
• Legal obligations - where we are required to process personal information to comply with laws or regulatory requirements (e.g. tax, accounting and reporting obligations).
• Protection of vital interests or others - in rare situations where processing is necessary to protect someone’s life or vital interests.

 

6. How We Use Your Personal Information

We may use your personal information for the following purposes:

• to provide, operate and manage the Website;
• to process and fulfil your orders, including arranging shipping and providing order confirmations and updates;
• to process payments via our payment providers (such as Shopify Payments and other gateways available on our store);
• to create and manage your customer account, if you choose to register one;
• to respond to your enquiries, requests, feedback or complaints;
• to verify your identity and help prevent fraud or misuse of our services;
• to conduct analytics and research, monitor website performance and understand how customers use our Website and products;
• to improve and personalise your experience, including through relevant product recommendations and tailored content;
• to send you marketing communications where permitted or with your consent (see “Direct Marketing” below);
• to run promotions, competitions, surveys and events;
• to create aggregated, de-identified or anonymised data for reporting, analytics and business purposes;
• to comply with our legal and regulatory obligations; and
• for any other purpose for which you have provided your consent or which is reasonably necessary or directly related to the purposes above.

 

7. Direct Marketing

We may send you marketing communications (including emails, SMS and online advertising) about our products, services, promotions and news that we think may be of interest to you.We will only send you direct marketing communications where:

• you have given your consent (for example, by subscribing or ticking an opt-in box); or
• we are otherwise permitted by law to do so.

You can opt out of receiving marketing communications from us at any time by following the unsubscribe instructions in the message or by contacting us using the details in the “Contact Us” section below.Opting out of marketing communications will not affect our communications with you about your orders or other transactional or service-related messages which are necessary for us to provide our services to you.

 

8. Disclosure of Personal Information

We may disclose your personal information to:

• Service providers and partners who help us operate our business, such as:
  • Shopify (website hosting, ecommerce platform and payments);
  • payment processors and gateways;
  • email and SMS marketing providers (including Klaviyo);
  • website and personalisation tools (including Atria);
  • analytics providers (including Google Analytics and Shopify Analytics);
  • IT, hosting, data storage and support providers;
  • shipping, logistics and fulfilment partners; and
  • customer support and communication tools.
• Professional advisers such as auditors, accountants, lawyers, insurers and other professional advisers where reasonably necessary for our business.
• Regulators and law enforcement where required or authorised by law, or to protect our rights, property, customers or the public.
• Business transferees if we sell, transfer or merge parts of our business or assets, your personal information may be disclosed to the prospective or actual buyer or successor entity.
• Any other third parties where you have expressly authorised or requested us to disclose your personal information.

 

9. International Transfers of Personal Information

Some of our service providers and partners may be located outside Australia and New Zealand, including in the United States, Canada, the European Economic Area and other countries.Where your personal information is transferred across borders, we will take reasonable steps to ensure that an adequate level of protection is in place, consistent with the requirements of applicable privacy laws. This may include entering into contracts that include standard contractual clauses or equivalent protections, or ensuring that the recipient is subject to comparable privacy laws.

 

10. Cookies and Similar Technologies

We use cookies, pixels, web beacons and similar technologies (“Cookies”) on our Website to help it function effectively, to improve your experience and to understand how our Website is used.Cookies may be used to:

• enable key Website features and functionality (such as shopping cart and checkout);
• remember your preferences and settings;
• analyse Website traffic and usage through tools such as Google Analytics and Shopify Analytics;
• measure the performance of our marketing campaigns, including via Klaviyo and Atria; and
• help prevent fraud and maintain security.

You can usually configure your browser to refuse some or all Cookies, or to alert you when Cookies are being sent. If you choose to disable Cookies, some parts of our Website may not function properly or may be slower.

 

11. Data Retention

We keep your personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.In many cases, we are required to retain certain records (such as transaction records) for a minimum period (for example, up to 7 years under Australian tax law). After this period, or when personal information is no longer needed for the purposes for which it was collected, we will take reasonable steps to destroy it or de-identify it.

 

12. Data Storage and Security

We may store your personal information in electronic or hard copy form, or in both. We take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps may include:

• restricting access to personal information on a need-to-know basis;
• using secure servers and encryption where appropriate (including SSL encryption on our Website);
• keeping our systems, software and security measures under review; and
• requiring our service providers to have appropriate security safeguards in place.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You share information with us at your own risk.Where a data breach is likely to cause serious harm, we will comply with any applicable notification obligations, including under the Notifiable Data Breaches scheme in Australia.

 

13. Your Rights (Australia and New Zealand)

In Australia and New Zealand, you generally have the right to request access to the personal information we hold about you and to request correction of that information if it is inaccurate, out of date, incomplete, irrelevant or misleading.You can make an access or correction request using the contact details in the “Contact Us” section below. We may need to verify your identity before fulfilling your request. In some circumstances, we may charge a reasonable fee to cover the costs of providing access.

 

14. Additional Rights for EEA/UK Individuals (GDPR)

If you are located in the EEA or UK and the GDPR applies, you may have additional rights in relation to your personal data, including:

• Right of access - to request a copy of the personal data we hold about you.
• Right to rectification - to have inaccurate personal data corrected and incomplete data completed.
• Right to erasure - to request deletion of your personal data in certain circumstances.
• Right to restrict processing - to request that we limit the processing of your personal data in certain circumstances.
• Right to data portability - to receive your personal data in a structured, commonly used and machine-readable format and/or request that we transmit it to another controller, where technically feasible.
• Right to object - to object to our processing of your personal data where we are relying on legitimate interests or conducting direct marketing.
• Right not to be subject to automated decision-making - to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

To exercise any of these rights, please contact us using the details in the “Contact Us” section below. We may need to confirm your identity before responding to your request.You also have the right to lodge a complaint with your local data protection authority if you have concerns about how we handle your personal data.

 

15. Access, Correction and Deletion Requests

If you would like to access, correct or request deletion of the personal information we hold about you, please contact us using the details below. We will respond to your request within a reasonable time and in accordance with applicable privacy laws.

 

16. Complaints

If you have any questions or concerns about how we handle your personal information, or if you wish to make a complaint, please contact us first using the details below. We will do our best to investigate and respond to your complaint promptly.If you are not satisfied with our response, you may be able to contact:

• in Australia - the Office of the Australian Information Commissioner (OAIC);
• in New Zealand - the Office of the Privacy Commissioner;
• in the EEA/UK - your local data protection authority.

 

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. The updated policy will be posted on our Website with a revised “Last updated” date.We encourage you to review this Privacy Policy periodically to stay informed about how we handle your personal information.

 

18. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us via the contact form or:

Growth Bomb Pty Ltd

Email: hello@growthbomb.com

Address: Level 2, 627 Chapel Street, South Yarra, VIC 3141 Australia