Privacy Policy
Bower Motorsport (ABN: 45 711 539 046) Last Updated: 20 March 2026 Applicable to: BowerMotorsport.com.au, BowerMotorsport.shop, and the OmniCAN mobile application
1. Definitions
| Term | Meaning |
|---|---|
| Personal Information | Information or an opinion about an identified individual, or an individual who is reasonably identifiable, as defined under the Privacy Act 1988 (Cth). |
| Sensitive Information | A subset of Personal Information including health, biometric, racial, political, religious, or criminal records. We do not collect Sensitive Information. |
| APPs | The Australian Privacy Principles under Schedule 1 of the Privacy Act 1988 (Cth). |
| We / Us / Our | Bower Motorsport (ABN: 45 711 539 046). |
| You / Your | Any individual who accesses our website(s) or uses the OmniCAN application. |
| Services | BowerMotorsport.com.au, BowerMotorsport.shop, any associated redirect domains (BowerMotorsport.com, BowerMotorsport.au), and the OmniCAN mobile application. |
| CAN Data | Controller Area Network data, including vehicle diagnostic and telemetry information read by the OmniCAN application via a CAN gateway device. |
2. What Personal Information We Collect
2A. Website and Online Store
We collect the following categories of Personal Information through our website and online store:
| Category | Data Items | Collection Point |
|---|---|---|
| Identity & Contact | Full name, email address, phone number, postal/shipping address | Checkout process; optional notification signup |
| Transaction | Order details, items, quantities, prices, payment references (handled by Stripe — we do not store card numbers), transaction IDs | Checkout process |
| User Account (optional) | Name, email, address, order history | Optional account creation at checkout |
| Cookies & Tracking (future) | Browser type, pages visited, session duration, scroll depth, outbound clicks, site search queries, video engagement | Website (upon deployment of analytics) |
Anonymity and Pseudonymity (APP 2): You may browse our website anonymously. We do not require you to identify yourself unless you are making a purchase or subscribing to notifications. Where practicable, you may use a pseudonym; however, for order fulfilment and shipping, we require your real name and address to deliver goods. If you choose not to provide the Personal Information requested at checkout, we will be unable to process your order or deliver goods to you. Providing this information is necessary for us to fulfil our contract with you.
User Accounts: Account creation at checkout is optional. You may complete a purchase as a guest without creating an account. If you choose to create an account, it will store your name, email, address, and order history for your convenience. You may request account deletion at any time by emailing bowermotorsport@gmail.com. Upon deletion, your profile data will be removed; order records will be retained in de-identified form for tax compliance purposes (7 years).
2B. OmniCAN Mobile Application
The OmniCAN application does not collect Personal Information. The app operates entirely on-device and does not transmit user data to our servers.
App Permissions
OmniCAN requests the following device permissions, all used exclusively on-device and never transmitted:
| Permission | Purpose | Required? |
|---|---|---|
| Bluetooth / BLE | Communication with the CAN gateway (ESP32-based hardware) | Yes — core functionality |
| Location (Coarse & Precise) | Required by Android 11 and older for BLE scanning. The app does not use your actual location. On Android 12+, the neverForLocation flag is set. | Yes — Android platform requirement |
| Nearby Devices | Required by Android 12+ for BLE device discovery and connection | Yes — Android 12+ requirement |
| Notifications | Required for the foreground service that maintains the BLE connection | Yes — Android platform requirement |
| Foreground Service | Maintains the BLE connection to the CAN gateway while the app is in the background | Yes — core functionality |
CAN / Vehicle Data
All CAN data read from your vehicle via the CAN gateway is stored locally on your device only. We do not collect, transmit, or have access to your vehicle data.
If you choose to manually export diagnostic logs and email them to us for assessment, that transmission is initiated by you and is outside our automated systems. We recommend redacting any personally identifying information before sending.
Local Data Storage
The app stores the following data locally on your device:
| Data | Purpose | Retention |
|---|---|---|
| Error and diagnostic logs | Debugging and app stability | Temporary — overwritten regularly |
| CAN data flow logs | Real-time display and logging | Temporary — overwritten regularly |
| User settings/preferences | App personalisation | Until changed by user; exportable to JSON |
Network Requests
OmniCAN makes one type of network request: checking a public GitHub repository for CAN gateway firmware updates. This request does not send any user data, device identifiers, or personal information. It simply checks whether a newer firmware version is available. If an update exists, you may choose to install it via BLE.
As with any network request, the HTTPS connection to GitHub's servers may result in standard server logs recording your IP address and user-agent string. This is handled under GitHub's own privacy policy and is not accessed or used by us.
We do not collect analytics, crash data, or any other information through the app at this time.
Future Data Collection (When Deployed)
When analytics and crash reporting are implemented in future versions, the following will apply:
| Future Feature | Service | Data Collected | Linked to User? |
|---|---|---|---|
| Usage Analytics | Firebase Analytics / Google Analytics | Device brand (e.g. Samsung, Apple, Redmi), device model, screen resolution, screen size, session count, session duration, features used | No — fully anonymised |
| Crash Reporting | Firebase Crashlytics | Standard crash data, screen resolution, screen size | No — fully anonymised |
We will never collect: names, emails, addresses, phone numbers, MAC addresses, unique device serials, vehicle identification numbers (VINs), diagnostic trouble codes (DTCs), or any other information that could identify you.
We will update this policy before deploying any analytics or crash reporting features.
3. How We Collect Personal Information
We collect Personal Information through:
- ■Direct collection: Information you provide during checkout, optional account creation, or when subscribing to notifications via email.
- ■Automated collection (future): Via analytics SDKs (e.g., Google Analytics, Firebase Analytics) and cookies on our website.
We collect Personal Information directly from you. We do not typically collect Personal Information from third parties. If we do receive Personal Information from a third party without your prior consent, we will take reasonable steps to destroy or de-identify it (APP 4).
4. Purposes of Collection and Use
| Purpose | Lawful Basis | Data Used |
|---|---|---|
| Order fulfilment & shipping | Primary purpose — necessary to provide goods | Name, email, phone, address |
| Transaction processing | Primary purpose — necessary to process payments | Payment references (via Stripe, PayPal, Apple Pay, Google Pay) |
| Customer communication (order confirmations, tracking, receipts) | Primary purpose — necessary to deliver the service | Name, email, phone |
| Shipping carrier delivery | Primary purpose — necessary to deliver goods | Name, phone, address, email (shared with shipping carrier) |
| Optional marketing notifications | Secondary purpose — with your explicit opt-in consent | |
| Analytics & product improvement (future) | Secondary purpose — anonymised, aggregated | Device brand/model, usage data (not linked to identity) |
| Crash reporting & stability (future) | Secondary purpose — to maintain app reliability | Anonymised crash data (not linked to identity) |
| Legal compliance & dispute resolution | Required by law | All relevant data |
Transactional emails (order confirmations, tracking notifications, receipts) are necessary for service delivery and cannot be opted out of. Marketing communications are only sent with your explicit opt-in consent at checkout or via notification signup. You may opt out of marketing communications at any time at no charge by using the unsubscribe link in any marketing email or by contacting us at bowermotorsport@gmail.com.
We will not use or disclose your Personal Information for a purpose other than the primary purpose of collection, unless an exception under APP 6 applies (e.g., you have consented, or the secondary purpose is directly related and you would reasonably expect it).
5. Third-Party Disclosures
We disclose Personal Information to the following third-party service providers solely to deliver our services:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Stripe | Payment processing | Order details, billing info (card data held by Stripe, not us) | United States |
| Apple Pay | Payment processing | Transaction data | United States |
| Google Pay | Payment processing | Transaction data | United States |
| PayPal | Payment processing | Transaction data | United States |
| Cloudflare | Website hosting, CDN, security (TLS encryption) | IP address, traffic data (handled under Cloudflare's Privacy Policy) | Global (edge servers) |
| WooCommerce | Order management, transactional emails (order confirmations, tracking notifications) | Name, email, phone, address, order details | As configured (your VPS) |
| Australia Post (or shipping carrier) | Delivery of physical goods | Name, phone, address, email | Australia |
| Google Analytics / Firebase (future) | Usage analytics | Anonymised device brand, model, usage data (not linked to identity) | United States |
| Firebase Crashlytics (future) | Crash reporting | Anonymised crash data, screen resolution/size (not linked to identity) | United States |
| Advertising platforms (future) | Marketing | TBC at time of deployment | TBC |
We require all third parties to handle your data in accordance with the Privacy Act 1988 and to use it only for the purpose for which it was disclosed.
Cloudflare: Cloudflare may log IP addresses and request metadata as part of its security and CDN services. This data is processed and retained under Cloudflare's own Privacy Policy. We do not control Cloudflare's data retention or processing.
6. Disclosure of Personal Information to Overseas Recipients
Our sales are currently limited to Australia. If international sales commence in the future, this policy will be updated to address cross-border data transfers and overseas customer rights.
Some third-party providers listed above (Stripe, Apple Pay, Google Pay, PayPal, Cloudflare, and potentially Google/Firebase) store or process data outside Australia, including in the United States and other jurisdictions.
Under APP 8, before disclosing Personal Information to an overseas recipient, we will take reasonable steps to ensure the overseas recipient does not breach the APPs. Where this is not practicable, we will inform you that APP 8.1 will not apply and you may not be able to seek redress under the Privacy Act for breaches by the overseas entity.
We will update this policy if the countries to which data is transferred change.
7. Data Storage and Security
We take reasonable steps to protect your Personal Information from misuse, interference, loss, unauthorised access, modification, or disclosure (APP 11), including:
| Measure | Details |
|---|---|
| Encryption in transit | TLS/SSL via Cloudflare for all website traffic |
| Payment security | Stripe PCI-DSS Level 1 compliance; we do not store card numbers |
| Server security | Hosted on a VPS with access controls and regular updates |
| Access controls | Limited to authorised personnel on a need-to-know basis |
| Breach response | In the event of an eligible data breach, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) |
Data Retention Periods
| Data Type | Retention Period |
|---|---|
| Order/transaction records | 7 years (tax compliance under the Income Tax Assessment Act 1997) |
| User account data | Until account deletion requested by user |
| Marketing email lists | Until unsubscribe + 30 days |
| Server access logs | 30 days |
| Analytics data (future, when deployed) | 26 months (Google Analytics) or 14 months (Firebase) |
| Crash logs (future, when deployed) | 90 days |
Personal Information is retained only as long as necessary for the purposes outlined in this policy, or as required by law. When retention periods expire, data is deleted or de-identified.
We take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up-to-date, and complete (APP 10). You may update your account details at any time or contact us at bowermotorsport@gmail.com to request correction.
8. Your Rights Under the Privacy Act
You have the following rights regarding your Personal Information:
| Right | How to Exercise |
|---|---|
| Access (APP 12) | Email your request to bowermotorsport@gmail.com. Access will be provided free of charge in a format that is reasonable and practicable. We will respond within 30 days. |
| Correction (APP 13) | Email your request to bowermotorsport@gmail.com. Correction requests are free of charge. If we have previously disclosed your information to a third party (such as a shipping carrier), we will take reasonable steps to notify them of the correction upon your request. If we refuse to correct your information, you may request that we associate a statement with the information indicating that you believe it is inaccurate, out-of-date, incomplete, irrelevant, or misleading. We will respond within 30 days. |
| Opt-out of marketing | Use the unsubscribe link in any marketing email, or email your request |
| Deletion / De-identification | Email your request to bowermotorsport@gmail.com |
| Account deletion | Email your request to bowermotorsport@gmail.com |
| Complaint | Email your concern to bowermotorsport@gmail.com |
We will respond to access and correction requests within 30 days. If we refuse your request, we will provide written reasons and inform you of your right to complain to the OAIC.
If you are not satisfied with our response to a complaint, you may contact:
Office of the Australian Information Commissioner (OAIC) GPO Box 5218, Sydney NSW 2001 Phone: 1300 363 992 Website: www.oaic.gov.au
9. Advertising (Future)
We do not currently use advertising SDKs or display targeted advertisements on our website or in the OmniCAN application.
When advertising is introduced, this section will be updated with specific details of:
- ■The advertising platform(s) used
- ■The data collected for advertising purposes
- ■Your opt-out rights (including device-level ad tracking controls)
The Privacy Policy will be updated before any advertising SDK is deployed.
10. Automated Decision-Making
We do not currently use automated decision-making that produces legal effects or similarly significant effects on individuals. If this changes in the future, this policy will be updated accordingly.
11. Cookies and Tracking Technologies (Future)
When deployed, our website may use cookies and similar technologies to:
- ■Remember your preferences
- ■Analyse website traffic and usage patterns
- ■Improve user experience
You can manage cookie preferences through your browser settings. Details of specific cookies and their purposes will be published when analytics is implemented.
12. Children's Privacy
Our services are not directed at children under the age of 16. We do not knowingly collect Personal Information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at bowermotorsport@gmail.com.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this document will be revised accordingly. We encourage you to review this policy periodically. Material changes will be communicated via our website or app.
14. App Store Compliance
Our applications comply with the privacy requirements of major app distribution platforms.
Apple App Store
OmniCAN's privacy practices are disclosed through Apple's App Privacy Nutrition Labels in App Store Connect. Key declarations:
- ■OmniCAN does not collect Personal Information
- ■Location permissions are used solely for BLE scanning on older Android versions (not used for actual location tracking)
- ■Future analytics and crash reporting will be anonymised and not linked to user identity
- ■A link to this Privacy Policy is provided within the app
- ■An in-app prominent disclosure is displayed before requesting Bluetooth and Location permissions, explaining that Bluetooth is used to communicate with the CAN gateway and that Location is required by older Android versions for BLE scanning only
Google Play
OmniCAN's data practices are disclosed through Google Play's Data Safety section. Key declarations:
- ■No personal information is collected by the app
- ■Location permission is required for BLE functionality only
- ■Future analytics data will be anonymised and not linked to users
- ■A link to this Privacy Policy is provided within the app
- ■The Data Safety section in Play Console accurately reflects that OmniCAN does not collect, store, or share personal or sensitive user data
- ■An in-app prominent disclosure is displayed before requesting Bluetooth and Location permissions, describing the data accessed and its purpose
15. Contact Us
For any privacy-related enquiries, requests, or complaints:
Bower Motorsport ABN: 45 711 539 046 Email: bowermotorsport@gmail.com