Privacy Policy
Bower Motorsport (ABN: 45 711 539 046) Last Updated: 9 April 2026 Applicable to: BowerMotorsport.com.au, BowerMotorsport.shop, the OmniCAN beta tester application, and the OmniCAN mobile application
1. Definitions
| Term | Meaning |
|---|---|
| Personal Information | Information or an opinion about an identified individual, or an individual who is reasonably identifiable, as defined under the Privacy Act 1988 (Cth). |
| Sensitive Information | A subset of Personal Information including health, biometric, racial, political, religious, or criminal records. We do not collect Sensitive Information. |
| APPs | The Australian Privacy Principles under Schedule 1 of the Privacy Act 1988 (Cth). |
| We / Us / Our | Bower Motorsport (ABN: 45 711 539 046). |
| You / Your | Any individual who accesses our website(s), submits a beta application, or uses the OmniCAN application. |
| Services | BowerMotorsport.com.au, BowerMotorsport.shop, any associated redirect domains (BowerMotorsport.com, BowerMotorsport.au), the OmniCAN beta tester application and related intake workflow, and the OmniCAN mobile application. |
| CAN Data | Controller Area Network data, including vehicle diagnostic and telemetry information read by the OmniCAN application via a CAN gateway device. |
| Beta Application Data | Information submitted when applying to participate in an OmniCAN beta program, including contact details, location, vehicle/setup information, technical background, uploaded media, and consent selections. |
2. What Personal Information We Collect
2A. Website and Online Store
We collect the following categories of Personal Information through our website and online store:
| Category | Data Items | Collection Point |
|---|---|---|
| Identity & Contact | Full name, email address, phone number, postal/shipping address | Checkout process; optional notification signup; beta application form |
| Transaction | Order details, items, quantities, prices, payment references (handled by Stripe — we do not store card numbers), transaction IDs | Checkout process |
| Beta Application Data | Full name, email address, suburb/state/postcode, vehicle details, ECU and firmware details, technical skill and experience, current gauges/switch setup, testing availability, Android device details, optional social/build links, uploaded photos/videos, and beta consent selections | OmniCAN beta tester application form |
| User Account (optional) | Name, email, address, order history | Optional account creation at checkout |
| Cookies & Tracking (future) | Browser type, pages visited, session duration, scroll depth, outbound clicks, site search queries, video engagement | Website (upon deployment of analytics) |
Vehicle details, uploaded photos, and uploaded videos may constitute Personal Information where they can reasonably identify you, your vehicle, or your specific setup when linked to an application or support request.
Anonymity and Pseudonymity (APP 2): You may browse our website anonymously. We do not require you to identify yourself unless you are making a purchase, subscribing to notifications, or applying for a beta program. Where practicable, you may use a pseudonym; however, for order fulfilment, shipping, and beta administration, we require accurate identifying information. If you choose not to provide the Personal Information requested at checkout or in a beta application, we will be unable to process your order or assess your beta participation. Providing this information is necessary for us to fulfil our contract with you or administer the beta program you have requested to join.
User Accounts: Account creation at checkout is optional. You may complete a purchase as a guest without creating an account. If you choose to create an account, it will store your name, email, address, and order history for your convenience. You may request account deletion at any time by emailing accounts@bowermotorsport.com.au. Upon deletion, your profile data will be removed; order records will be retained in de-identified form for tax compliance purposes (7 years).
2B. OmniCAN Mobile Application
The OmniCAN application does not collect Personal Information. The app operates entirely on-device and does not transmit user data to our servers.
App Permissions
OmniCAN requests the following device permissions, all used exclusively on-device and never transmitted:
| Permission | Purpose | Required? |
|---|---|---|
| Bluetooth / BLE | Communication with the CAN gateway (ESP32-based hardware) | Yes — core functionality |
| Location (Coarse & Precise) | Required by Android 11 and older for BLE scanning. The app does not use your actual location. On Android 12+, the neverForLocation flag is set. | Yes — Android platform requirement |
| Nearby Devices | Required by Android 12+ for BLE device discovery and connection | Yes — Android 12+ requirement |
| Notifications | Required for the foreground service that maintains the BLE connection | Yes — Android platform requirement |
| Foreground Service | Maintains the BLE connection to the CAN gateway while the app is in the background | Yes — core functionality |
CAN / Vehicle Data
All CAN data read from your vehicle via the CAN gateway is stored locally on your device only. We do not collect, transmit, or have access to your vehicle data.
If you choose to manually export diagnostic logs and email them to us for assessment, that transmission is initiated by you and is outside our automated systems. For beta testers, voluntarily submitted logs, screenshots, photos, or videos are handled as beta support information under this policy rather than as app telemetry. We recommend redacting any personally identifying information before sending.
Local Data Storage
The app stores the following data locally on your device:
| Data | Purpose | Retention |
|---|---|---|
| Error and diagnostic logs | Debugging and app stability | Temporary — overwritten regularly |
| CAN data flow logs | Real-time display and logging | Temporary — overwritten regularly |
| User settings/preferences | App personalisation | Until changed by user; exportable to JSON |
Network Requests
OmniCAN makes one type of network request: checking a public GitHub repository for CAN gateway firmware updates. This request does not send any user data, device identifiers, or personal information. It simply checks whether a newer firmware version is available. If an update exists, you may choose to install it via BLE.
As with any network request, the HTTPS connection to GitHub's servers may result in standard server logs recording your IP address and user-agent string. This is handled under GitHub's own privacy policy and is not accessed or used by us.
We do not collect analytics, crash data, or any other information through the app at this time.
Future Data Collection (When Deployed)
When analytics and crash reporting are implemented in future versions, the following will apply:
| Future Feature | Service | Data Collected | Linked to User? |
|---|---|---|---|
| Usage Analytics | Firebase Analytics / Google Analytics | Device brand (e.g. Samsung, Apple, Redmi), device model, screen resolution, screen size, session count, session duration, features used | No — fully anonymised |
| Crash Reporting | Firebase Crashlytics | Standard crash data, screen resolution, screen size | No — fully anonymised |
We will never collect: names, emails, addresses, phone numbers, MAC addresses, unique device serials, vehicle identification numbers (VINs), diagnostic trouble codes (DTCs), or any other information that could identify you.
We will update this policy before deploying any analytics or crash reporting features.
3. How We Collect Personal Information
We collect Personal Information through:
- ■Direct collection: Information you provide during checkout, optional account creation, when subscribing to notifications via email, when submitting a beta application form, when uploading media, or when contacting us for beta support.
- ■Automated collection (future): Via analytics SDKs (e.g., Google Analytics, Firebase Analytics) and cookies on our website.
We collect Personal Information directly from you. Some beta application information may be submitted through third-party form infrastructure such as Google Forms, acting as a service provider under your direction. We do not typically collect Personal Information from unrelated third parties. If we do receive Personal Information from a third party without your prior consent, we will take reasonable steps to destroy or de-identify it (APP 4).
4. Purposes of Collection and Use
| Purpose | Lawful Basis | Data Used |
|---|---|---|
| Order fulfilment & shipping | Primary purpose — necessary to provide goods | Name, email, phone, address |
| Transaction processing | Primary purpose — necessary to process payments | Payment references (via Stripe, PayPal, Apple Pay, Google Pay) |
| Customer communication (order confirmations, tracking, receipts) | Primary purpose — necessary to deliver the service | Name, email, phone |
| Shipping carrier delivery | Primary purpose — necessary to deliver goods | Name, phone, address, email (shared with shipping carrier) |
| Optional marketing notifications | Secondary purpose — with your explicit opt-in consent | |
| Beta application assessment and tester selection | Primary purpose — necessary to evaluate participation | Beta Application Data |
| Beta tester administration and support | Primary purpose — necessary to operate the beta program | Contact details, setup details, uploaded media, voluntarily submitted logs/screenshots, support communications |
| Product improvement and issue diagnosis during beta | Primary purpose — necessary to assess the product and resolve issues | Feedback, screenshots, logs, uploaded photos/videos, vehicle/setup details |
| Optional promotional use of submitted media | Secondary purpose — with your explicit opt-in consent | Photos/videos for which promotional consent was provided |
| Analytics & product improvement (future) | Secondary purpose — anonymised, aggregated | Device brand/model, usage data (not linked to identity) |
| Crash reporting & stability (future) | Secondary purpose — to maintain app reliability | Anonymised crash data (not linked to identity) |
| Legal compliance & dispute resolution | Required by law | All relevant data |
Transactional emails (order confirmations, tracking notifications, receipts) are necessary for service delivery and cannot be opted out of. Marketing communications are only sent with your explicit opt-in consent at checkout or via notification signup. You may opt out of marketing communications at any time at no charge by using the unsubscribe link in any marketing email or by contacting us at admin@bowermotorsport.com.au. Consent to use submitted beta photos or videos for promotional purposes is separate from marketing-email consent and is entirely optional.
We will not use or disclose your Personal Information for a purpose other than the primary purpose of collection, unless an exception under APP 6 applies (e.g., you have consented, or the secondary purpose is directly related and you would reasonably expect it).
5. Third-Party Disclosures
We disclose Personal Information to the following third-party service providers solely to deliver our services:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Stripe | Payment processing | Order details, billing info (card data held by Stripe, not us) | United States |
| Apple Pay | Payment processing | Transaction data | United States |
| Google Pay | Payment processing | Transaction data | United States |
| PayPal | Payment processing | Transaction data | United States |
| Cloudflare | Website hosting, CDN, security (TLS encryption) | IP address, traffic data (handled under Cloudflare's Privacy Policy) | Global (edge servers) |
| Google Forms / Google Workspace / Google Drive | Beta application intake, file uploads, and response storage | Beta application responses, uploaded files, and associated form metadata | United States and other jurisdictions used by Google |
| WooCommerce | Order management, transactional emails (order confirmations, tracking notifications) | Name, email, phone, address, order details | As configured (your VPS) |
| Australia Post (or shipping carrier) | Delivery of physical goods | Name, phone, address, email | Australia |
| Google Analytics / Firebase (future) | Usage analytics | Anonymised device brand, model, usage data (not linked to identity) | United States |
| Firebase Crashlytics (future) | Crash reporting | Anonymised crash data, screen resolution/size (not linked to identity) | United States |
| Advertising platforms (future) | Marketing | TBC at time of deployment | TBC |
We require all third parties to handle your data in accordance with the Privacy Act 1988 and to use it only for the purpose for which it was disclosed.
Cloudflare: Cloudflare may log IP addresses and request metadata as part of its security and CDN services. This data is processed and retained under Cloudflare's own Privacy Policy. We do not control Cloudflare's data retention or processing.
Google Forms / Google Workspace / Google Drive: If you submit an OmniCAN beta application through Google Forms, Google may process your form responses, uploaded files, respondent email address, IP address, account/session information, and related metadata under Google's own privacy terms. If the Google Forms setting to automatically collect respondent email addresses is enabled, your email address may be captured automatically as part of the submission process.
6. Disclosure of Personal Information to Overseas Recipients
Our sales are currently limited to Australia. If international sales commence in the future, this policy will be updated to address cross-border data transfers and overseas customer rights.
Some third-party providers listed above (Stripe, Apple Pay, Google Pay, PayPal, Cloudflare, Google Forms / Google Workspace / Google Drive, and potentially Google/Firebase) store or process data outside Australia, including in the United States and other jurisdictions.
If you submit a beta application or upload media through Google-hosted infrastructure, that information may be stored or processed outside Australia.
Under APP 8, before disclosing Personal Information to an overseas recipient, we will take reasonable steps to ensure the overseas recipient does not breach the APPs. Where this is not practicable, we will inform you that APP 8.1 will not apply and you may not be able to seek redress under the Privacy Act for breaches by the overseas entity.
We will update this policy if the countries to which data is transferred change.
7. Data Storage and Security
We take reasonable steps to protect your Personal Information from misuse, interference, loss, unauthorised access, modification, or disclosure (APP 11), including:
| Measure | Details |
|---|---|
| Encryption in transit | TLS/SSL via Cloudflare for all website traffic |
| Payment security | Stripe PCI-DSS Level 1 compliance; we do not store card numbers |
| Server security | Hosted on a VPS with access controls and regular updates |
| Access controls | Limited to authorised personnel on a need-to-know basis |
| Breach response | In the event of an eligible data breach, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) |
Access to beta applications, uploaded media, and beta support material is restricted to authorised personnel involved in administering the beta program, evaluating applicants, or supporting testers.
Data Retention Periods
| Data Type | Retention Period |
|---|---|
| Order/transaction records | 7 years (tax compliance under the Income Tax Assessment Act 1997) |
| User account data | Until account deletion requested by user |
| Marketing email lists | Until unsubscribe + 30 days |
| Unsuccessful beta application records | 90 days after tester selection is complete |
| Selected tester administration/support records | 12 months after beta completion |
| Uploaded beta media | Same as the related beta application or support record unless promotional consent applies |
| Promotional-consent media | Until consent is withdrawn or the media is no longer used, subject to reasonable archival and backup limitations |
| Server access logs | 30 days |
| Analytics data (future, when deployed) | 26 months (Google Analytics) or 14 months (Firebase) |
| Crash logs (future, when deployed) | 90 days |
Personal Information is retained only as long as necessary for the purposes outlined in this policy, or as required by law. When retention periods expire, data is deleted or de-identified.
We take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up-to-date, and complete (APP 10). You may update your account details at any time or contact us at admin@bowermotorsport.com.au to request correction.
8. Your Rights Under the Privacy Act
You have the following rights regarding your Personal Information:
| Right | How to Exercise |
|---|---|
| Access (APP 12) | Email your request to admin@bowermotorsport.com.au. Access will be provided free of charge in a format that is reasonable and practicable. We will respond within 30 days. |
| Correction (APP 13) | Email your request to admin@bowermotorsport.com.au. Correction requests are free of charge. If we have previously disclosed your information to a third party (such as a shipping carrier), we will take reasonable steps to notify them of the correction upon your request. If we refuse to correct your information, you may request that we associate a statement with the information indicating that you believe it is inaccurate, out-of-date, incomplete, irrelevant, or misleading. We will respond within 30 days. |
| Opt-out of marketing | Use the unsubscribe link in any marketing email, or email your request |
| Deletion / De-identification | Email your request to admin@bowermotorsport.com.au |
| Account deletion | Email your request to accounts@bowermotorsport.com.au |
| Withdraw promotional media consent | Email your request to admin@bowermotorsport.com.au to stop future promotional use of submitted media |
| Complaint | Email your concern to admin@bowermotorsport.com.au |
We will respond to access and correction requests within 30 days. If we refuse your request, we will provide written reasons and inform you of your right to complain to the OAIC.
Beta applicants and testers may also request deletion of their beta application or support data, subject to any legal, recordkeeping, backup, or dispute-resolution requirements. If you withdraw consent for promotional use of submitted media, we will stop future use within a reasonable time, but this will not retroactively withdraw materials already published or distributed before your request was received.
If you are not satisfied with our response to a complaint, you may contact:
Office of the Australian Information Commissioner (OAIC) GPO Box 5218, Sydney NSW 2001 Phone: 1300 363 992 Website: www.oaic.gov.au
9. Advertising (Future)
We do not currently use advertising SDKs or display targeted advertisements on our website or in the OmniCAN application.
When advertising is introduced, this section will be updated with specific details of:
- ■The advertising platform(s) used
- ■The data collected for advertising purposes
- ■Your opt-out rights (including device-level ad tracking controls)
The Privacy Policy will be updated before any advertising SDK is deployed.
10. Automated Decision-Making
We do not currently use automated decision-making that produces legal effects or similarly significant effects on individuals. If this changes in the future, this policy will be updated accordingly.
11. Cookies and Tracking Technologies (Future)
When deployed, our website may use cookies and similar technologies to:
- ■Remember your preferences
- ■Analyse website traffic and usage patterns
- ■Improve user experience
You can manage cookie preferences through your browser settings. Details of specific cookies and their purposes will be published when analytics is implemented.
12. Children's Privacy
Our services are not directed at children under the age of 16. We do not knowingly collect Personal Information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at admin@bowermotorsport.com.au.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this document will be revised accordingly. We encourage you to review this policy periodically. Material changes will be communicated via our website or app.
14. App Store Compliance
Our applications comply with the privacy requirements of major app distribution platforms.
Apple App Store
OmniCAN's privacy practices are disclosed through Apple's App Privacy Nutrition Labels in App Store Connect. Key declarations:
- ■OmniCAN does not collect Personal Information
- ■Location permissions are used solely for BLE scanning on older Android versions (not used for actual location tracking)
- ■Future analytics and crash reporting will be anonymised and not linked to user identity
- ■A link to this Privacy Policy is provided within the app
- ■An in-app prominent disclosure is displayed before requesting Bluetooth and Location permissions, explaining that Bluetooth is used to communicate with the CAN gateway and that Location is required by older Android versions for BLE scanning only
Google Play
OmniCAN's data practices are disclosed through Google Play's Data Safety section. Key declarations:
- ■No personal information is collected by the app
- ■Location permission is required for BLE functionality only
- ■Future analytics data will be anonymised and not linked to users
- ■A link to this Privacy Policy is provided within the app
- ■The Data Safety section in Play Console accurately reflects that OmniCAN does not collect, store, or share personal or sensitive user data
- ■An in-app prominent disclosure is displayed before requesting Bluetooth and Location permissions, describing the data accessed and its purpose
15. Contact Us
For any privacy-related enquiries, requests, or complaints:
Bower Motorsport ABN: 45 711 539 046 Email: admin@bowermotorsport.com.au