Last updated: February 2026 · Black Mars ABN pending · Sydney, NSW
Black Mars operates a digital coffee loyalty platform for independent Australian cafés. We are based in Sydney, New South Wales, Australia, and are bound by the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
We collect: your name and email address when you register; payment event data from Square (amount, timestamp — no card data); location data only for geofence-based attribution (retained max 30 days); device identifiers for single-device binding security. We do not collect payment card numbers or CVVs.
We use your information to: operate the loyalty platform; attribute coffee purchases to your account; send reward notifications; comply with legal obligations. We do not sell your data to third parties.
We obtain your explicit consent before: using your location for geofence attribution; linking your Apple Pay email to your account; sending marketing communications. You can withdraw consent at any time by contacting us.
Location data is automatically deleted after 30 days. Account deletion requests are processed within 30 days. Transaction records are retained for 7 years for legal compliance. You can request access to, correction of, or deletion of your personal information.
All sensitive data (OAuth tokens, 2FA secrets) is encrypted using AES-256-GCM. Sessions expire after 8 hours of inactivity. We use TLS for all data in transit.
For privacy inquiries, data access requests, or complaints: privacy@blackmars.com.au. We will respond within 30 days. You also have the right to complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.