Privacy Policy

Last Updated: September 3, 2025

1. INTRODUCTION

This Privacy Policy explains how Search Ventures Pty Ltd (ACN 639906353) ("we", "us", "our", or "Company") collects, uses, shares, and protects personal information when you use Exchange Rates API and our website at www.exchangeratesapi.com.au ("Service").

By using our Service, you consent to the collection and use of information as described in this Privacy Policy. If you do not agree with our practices, please do not use our Service.

Data Controller:
Search Ventures Pty Ltd
ACN: 639906353
Email: privacy@exchangeratesapi.com.au

2. INFORMATION WE COLLECT

2.1 Information You Provide

Account Information:

  • Email address (required)
  • Full name (optional)
  • Company name (optional)
  • Phone number (optional for most plans, required for Enterprise)
  • Business address (Enterprise customers)
  • Australian Business Number (ABN) for business accounts

Payment Information:

  • Credit/debit card details (processed by Stripe)
  • Billing address
  • Tax identification numbers where required

Communications:

  • Support tickets and email correspondence
  • Feedback and survey responses
  • Phone call logs (Enterprise support)

2.2 Information Automatically Collected

Usage Data:

  • API request logs (endpoint, timestamp, response code)
  • IP addresses (hashed for privacy after 24 hours)
  • Request frequency and patterns
  • Error logs and debugging information
  • Browser type and version
  • Device information
  • Geographic location (country/city level from IP)

API Analytics:

  • Endpoints accessed
  • Response times
  • Error rates
  • Quota usage
  • Currency pairs requested

2.3 Cookies and Tracking Technologies

Essential Cookies:

  • Session management and authentication
  • Security tokens
  • User preferences
  • Rate limiting

Analytics Cookies (Optional):

  • Service improvement insights
  • Usage patterns
  • Performance monitoring

You can control cookies through your browser settings. Disabling essential cookies may limit Service functionality.

3. HOW WE USE YOUR INFORMATION

3.1 Primary Purposes

Service Delivery:

  • Create and manage your account
  • Authenticate API requests
  • Process payments and subscriptions
  • Monitor and enforce rate limits
  • Provide customer support
  • Send service-related communications

Service Improvement:

  • Analyze usage patterns
  • Identify and fix bugs
  • Develop new features
  • Optimize performance
  • Conduct research

We process your personal information based on:

  • Contract Performance: To provide the Service you've requested
  • Legitimate Interests: For business operations and improvement
  • Legal Obligations: To comply with laws and regulations
  • Consent: For marketing communications and optional features

3.3 Communications

Transactional Emails (Required):

  • Account verification
  • Password resets
  • Billing notifications
  • Service updates and maintenance
  • Security alerts
  • API limit warnings

Marketing Emails (Optional):

  • Feature announcements
  • Industry insights
  • Promotional offers
  • You can opt-out at any time

4. INFORMATION SHARING

4.1 Our Commitment

WE DO NOT SELL, RENT, OR TRADE YOUR PERSONAL INFORMATION.

4.2 Service Providers

We share information with trusted third parties who assist in operating our Service:

Payment Processing:

  • Stripe Inc. (payment processing)
  • Located: United States
  • Purpose: Secure payment handling
  • Stripe Privacy Policy

Infrastructure:

  • Cloudflare Inc. (CDN and security)
  • Located: Global network
  • Purpose: API delivery and DDoS protection
  • Cloudflare Privacy Policy

Communications:

We may disclose information when required by:

  • Court orders or subpoenas
  • Government investigations
  • Law enforcement requests
  • National security requirements
  • Protection of legal rights
  • Prevention of fraud or illegal activities

4.4 Business Transfers

In the event of merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and prominent website notice before any transfer affecting your privacy rights.

4.5 Aggregated Data

We may share non-personal, aggregated statistics about Service usage publicly or with partners. This data cannot identify individual users.

5. DATA SECURITY

5.1 Security Measures

Technical Safeguards:

  • TLS/SSL encryption for data in transit
  • Encryption at rest for sensitive data
  • API keys hashed using bcrypt
  • Regular security audits
  • Vulnerability scanning
  • DDoS protection via Cloudflare
  • Secure coding practices
  • Multi-factor authentication available

Organizational Safeguards:

  • Limited employee access
  • Confidentiality agreements
  • Security training
  • Access logs and monitoring
  • Incident response procedures
  • Regular security reviews

5.2 Data Breach Response

In the event of a data breach:

  • We will notify affected users within 72 hours
  • Provide details of what occurred
  • Explain potential impacts
  • Describe mitigation steps taken
  • Offer guidance on protective measures
  • Notify relevant authorities as required

6. DATA RETENTION

6.1 Retention Periods

Data CategoryRetention PeriodJustification
Account informationActive + 7 yearsTax and legal requirements
Payment records7 yearsAustralian tax law
API logs (detailed)90 daysSecurity and debugging
API logs (aggregated)2 yearsAnalytics and improvement
Support tickets24 monthsService improvement
Marketing consentUntil withdrawnUser preference
IP addresses24 hours (then hashed)Privacy protection

6.2 Account Deletion

When you delete your account:

  • Personal data removed within 30 days
  • Legal/tax records retained as required
  • Aggregated analytics data retained
  • Backup deletion within 90 days

7. YOUR PRIVACY RIGHTS

7.1 Access and Control

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion (subject to legal obligations)
  • Portability: Receive data in machine-readable format
  • Restriction: Limit processing in certain circumstances
  • Objection: Object to specific processing activities
  • Withdraw Consent: For consent-based processing

7.2 Exercising Your Rights

To exercise these rights:

7.3 Australian Privacy Principles

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including:

  • Open and transparent management
  • Anonymity and pseudonymity options where feasible
  • Collection of solicited information only
  • Notification of collection
  • Use and disclosure limitations
  • Data quality standards
  • Data security requirements
  • Access and correction rights

7.4 International Users

EU Residents (GDPR):

  • All rights under GDPR Articles 15-22
  • Data Protection Officer available
  • Right to lodge complaints with supervisory authorities

California Residents (CCPA):

  • Right to know what information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we don't sell data)
  • Right to non-discrimination

8. INTERNATIONAL DATA TRANSFERS

8.1 Data Location

Primary Storage: Australia (compliance with data sovereignty)
Processing Locations: Australia, United States (for third-party services)

8.2 Transfer Safeguards

When transferring data internationally:

  • Standard Contractual Clauses where applicable
  • Adequacy decisions compliance
  • Appropriate technical safeguards
  • Encryption during transfer
  • Limited access controls

9. CHILDREN'S PRIVACY

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we've collected information from a child under 18, we will delete it immediately.

Parents who believe we may have collected information from their child should contact: privacy@exchangeratesapi.com.au

10. MARKETING AND COMMUNICATIONS

10.1 Marketing Preferences

Opt-in Communications:

  • Product updates and features
  • Industry newsletters
  • Promotional offers
  • Educational content

Managing Preferences:

  • Unsubscribe link in every email
  • Dashboard preference center

10.2 Do Not Track

Our Service does not currently respond to Do Not Track browser signals. However, you can control tracking through cookie settings and marketing preferences.

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

12. PRIVACY POLICY UPDATES

12.1 Changes

We may update this Privacy Policy to reflect:

  • Legal or regulatory changes
  • New features or services
  • Changed business practices
  • User feedback

12.2 Notification

Material changes will be notified via:

  • Email to registered users
  • Dashboard notifications
  • Website banner for 30 days

12.3 Review

We review this policy quarterly and update as necessary.

13. DATA PROTECTION OFFICER

For privacy-related inquiries:

Data Protection Officer
Email: dpo@exchangeratesapi.com.au
Response time: Within 30 days

Privacy Inquiries
Email: privacy@exchangeratesapi.com.au
Response time: 5 business days typical

14. COMPLAINTS AND DISPUTES

14.1 Internal Resolution

If you have privacy concerns:

  1. Contact our Privacy team
  2. We'll acknowledge within 48 hours
  3. Investigation within 30 days
  4. Written response with resolution

14.2 External Resolution

Australian Residents:
Office of the Australian Information Commissioner (OAIC)
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au

EU Residents:
Your local Data Protection Authority

Other Jurisdictions:
Relevant privacy regulator in your country

15. SPECIFIC PROVISIONS BY JURISDICTION

15.1 Australian Users

Under the Australian Privacy Principles, you have additional rights including:

  • Accessing Commonwealth government contracts
  • Notification of eligible data breaches
  • Cross-border disclosure restrictions

15.2 European Union Users

Under GDPR, EU users have enhanced rights including:

  • Right to be forgotten
  • Data minimization principles
  • Privacy by design protections
  • Data Protection Impact Assessments for high-risk processing

15.3 California Users

Under CCPA/CPRA, California residents can:

  • Request specific pieces of personal information
  • Know categories of sources
  • Understand business/commercial purposes
  • Request deletion with exceptions

16. CONTACT INFORMATION

Privacy Inquiries:
Email: privacy@exchangeratesapi.com.au
Response time: 5 business days

Data Protection Officer:
Email: dpo@exchangeratesapi.com.au
Response time: 30 days maximum

Mailing Address:
Search Ventures Pty Ltd
ACN: 639906353
PO Box 255. Bli Bli, QLD 4560 Australia

Office Hours:
Monday-Friday, 9 AM - 5 PM AEST
Excluding Australian public holidays

Languages: This Privacy Policy is provided in English. In case of any translations, the English version prevails.

Australian Consumer Law: Nothing in this Privacy Policy excludes, restricts or modifies any rights under the Privacy Act 1988 (Cth) or Australian Consumer Law that cannot be excluded, restricted or modified by agreement.