antidosis
--d:--h:--m:--s
Lock in free Pro →
$ cd ~/

$ cat /etc/antidosis/privacy-policy.md

Privacy Policy

Last updated: 17 May 2026 · Applies to the antidosis website and mobile application

1. Introduction

Antidosis Pty Ltd ("we", "us", "our") operates the antidosis platform (the "Service"), accessible via www.antidosis.com and the antidosis mobile application.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you use our Service. We are committed to protecting your privacy in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and other applicable privacy laws.

By using the Service, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

We collect information that you provide directly to us, information generated automatically through your use of the Service, and information from third-party services.

2.1 Account and Authentication Information

  • Email address — required for account creation and authentication
  • Password — hashed and stored by our authentication provider (Supabase); we never store or access your plain-text password
  • Full name — optional, displayed on your public profile
  • Mobile phone number — optional, used for account verification and optional two-factor authentication
  • Email verification status — whether you have confirmed your email address
  • Mobile verification status — whether you have verified your mobile number via SMS OTP

2.2 Profile Information

  • Bio / description — optional text you provide about yourself
  • Profile avatar / photo — optional image uploaded by you
  • Location — suburb name (e.g., "Terrigal") and optional precise latitude/longitude coordinates
  • Public phone number — optional, visible to other users on your profile
  • Private phone number — optional, stored for your records only, not visible to other users
  • Social links — platform name and URL (e.g., LinkedIn, Instagram); you control whether each is public or private
  • Skills — names and categories of skills you list
  • Credentials — certificates, licenses, or ID documents you upload for verification (e.g., title, issuer, document number, expiry date, scanned images)
  • Directory visibility preference — whether your profile appears in the public Pro directory

2.3 Activity and Transaction Data

  • Needs posted — titles, descriptions, categories, offer types, offer descriptions, estimated values, locations, deadlines, time estimates, required skills, and photos
  • Acceptances / expressions of interest — messages you send when expressing interest in a need
  • Contracts — terms, signatures, status updates, completion confirmations, cancellation requests and reasons, escalation records
  • Messages — content of messages sent through need discussions, contract discussions, terminal channels, and direct messages
  • Reviews and ratings — ratings (1-10), comments, and optional private feedback you submit about other users
  • Reactions — emoji reactions to messages in channels and direct messages
  • Blocks and friend connections — users you have blocked or friended

2.4 Payment Information

For Pro subscriptions, we use Stripe to process payments. We do not collect or store your credit card details, banking information, or other payment method details. Stripe provides us with:

  • Stripe customer ID
  • Stripe subscription ID
  • Subscription status (active, cancelled, expired)

2.5 Automatically Collected Information

  • IP address — collected in server logs and audit logs for security and fraud prevention
  • User agent string — browser/app version and operating system information
  • Request paths and timestamps — for audit logging and rate limiting
  • Push notification tokens — device tokens required to send push notifications to your mobile device (stored locally on the device; not stored on our servers)

2.6 Uploaded Media

You may upload images (JPEG, PNG, WebP, GIF) and audio files (WebM, OGG, WAV, MP3) up to 10MB per file. This includes need photos, offer photos, profile avatars, and credential documents. Files are scanned for valid type signatures (magic bytes) before storage.

The mobile app may access your device camera to capture photos for profile avatars, need listings, and credential documents. Camera access is optional — you may also select existing photos from your device gallery.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To operate the Service — matching users with complementary needs and offers, enabling messaging, facilitating contract formation, and calculating reputation scores
  • To authenticate and secure your account — verifying your identity, preventing unauthorized access, and detecting suspicious activity
  • To communicate with you — sending transactional emails and push notifications about your needs, acceptances, contracts, messages, and account activity
  • To maintain trust and safety — verifying credentials, investigating disputes, enforcing our Terms of Service, and preventing fraud
  • To improve the Service — analyzing usage patterns (using aggregated, de-identified data) to fix bugs and enhance features
  • To comply with legal obligations — responding to lawful requests, preserving records for legal proceedings, and meeting regulatory requirements
  • To process payments — managing Pro subscriptions through Stripe

4. Legal Basis for Processing

Under the Australian Privacy Principles, we collect and handle your personal information based on the following grounds:

  • Consent — where you voluntarily provide information such as your bio, profile photo, skills, and social links
  • Contractual necessity — information required to provide the Service, such as your email, need details, and contract data
  • Legitimate interests — security measures, fraud prevention, audit logging, and service improvement
  • Legal obligation — compliance with applicable laws, court orders, or regulatory requirements

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We share information only in the following circumstances:

5.1 With Other Users

By design, antidosis is a marketplace that connects people. The following information is visible to other users:

  • Your public profile: full name, avatar, bio, location (suburb), public phone number, skills, public social links, public credentials, reviews received, and open needs posted
  • Need details: everything you include in a need post (title, description, photos, offer details, location, required skills)
  • Messages: content of messages you send in need discussions, contract discussions, terminal channels, and direct messages
  • Contract information: terms, signatures, and status shared between the contract parties
  • Reviews: ratings and comments you leave about other users (private feedback is not shared)

5.2 With Service Providers

We engage trusted third-party service providers to perform functions on our behalf. These providers have access to personal information only to the extent necessary to perform their services and are contractually bound to protect it:

  • Supabase — cloud database, authentication, and file storage. Data is stored on Supabase's infrastructure. Supabase is SOC 2 Type II compliant.
  • Stripe — payment processing for Pro subscriptions. Stripe handles all payment card data. See Stripe's Privacy Policy.
  • Resend — transactional email delivery (e.g., contract notifications, interest alerts). Resend processes your email address and message content. See Resend's Privacy Policy.

5.3 For Legal and Safety Reasons

We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of our users or the public.

6. Data Storage and Security

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it.

  • Encryption in transit — all data transmitted between your device and our servers is protected using TLS 1.2+ (HTTPS)
  • Encryption at rest — database and file storage are encrypted by our cloud provider (Supabase)
  • Password security — passwords are hashed using bcrypt by Supabase Auth; we never store or access plain-text passwords
  • Access controls — Row Level Security (RLS) on the database ensures users can only access their own data unless explicitly shared
  • Rate limiting — API endpoints are rate-limited to prevent abuse and brute-force attacks
  • Audit logging — security-relevant events (logins, contract signings, data modifications) are logged for fraud detection and investigation
  • File validation — uploaded files are validated by content signature (magic bytes) before storage to prevent malicious uploads

Despite these measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention and Deletion

We retain your personal information for as long as your account is active or as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Active accounts — data is retained indefinitely while your account remains active
  • Deleted needs and contracts — when you delete a need, associated acceptances and messages are removed. Contract records may be retained in an anonymised form for dispute resolution and legal compliance
  • Account deletion — upon request, we will delete your account and associated personal data within 30 days. Some data may be retained longer where required by law or for legitimate business purposes (e.g., anonymised transaction records for fraud prevention)
  • Audit logs — retained for 12 months for security and compliance purposes

To request deletion of your account and personal data, contact us at [email protected].

8. Your Rights

Under the Australian Privacy Principles, you have the following rights regarding your personal information:

  • Access — you can request a copy of the personal information we hold about you
  • Correction — you can update or correct your profile information at any time through your dashboard or by contacting us
  • Deletion — you can request deletion of your account and personal data, subject to legal retention requirements
  • Complaint — if you believe we have breached the APPs, you can lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC)

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies and Tracking Technologies

We use essential cookies and similar technologies for the following purposes:

  • Authentication — maintaining your login session via Supabase Auth cookies
  • Security — preventing cross-site request forgery (CSRF) attacks

We do not use:

  • Third-party advertising cookies
  • Social media tracking pixels
  • Analytics tracking (Google Analytics, Mixpanel, etc.)
  • Cross-site tracking technologies

Your browsing activity on antidosis is not tracked across other websites.

10. Push Notifications

The antidosis mobile app may send push notifications to your device to alert you about:

  • New expressions of interest on your needs
  • Contract status updates and signature reminders
  • New messages in direct conversations
  • Account security alerts

Push notification device tokens are managed by the Capacitor Push Notifications plugin and stored locally on your device. We do not store these tokens on our servers. You can disable push notifications at any time through your device settings.

11. Children's Privacy

The Service is not intended for use by children under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected]. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

12. International Data Transfers

Our service providers (Supabase, Stripe, Resend) may store and process your information in countries outside of Australia, including the United States. By using the Service, you consent to the transfer of your information to these countries. We ensure that such transfers are protected by appropriate safeguards, including contractual commitments from our service providers to protect your data in accordance with this Privacy Policy and applicable laws.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or Service features. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date and, where appropriate, by email or in-app notification. Your continued use of the Service after any changes constitutes acceptance of the revised policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

Email: [email protected]

Entity: Antidosis Pty Ltd

Website: www.antidosis.com

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.

Last updated: 17 May 2026