For Brands

Privacy Policy

Introduction

Your privacy and the protection of your personal information is important to Shping. This privacy policy explains what personal data we process, how we collect it and why. We take the security of your data very seriously and this privacy policy tells you what we do to ensure its protection. In this policy we also outline the rights we think you have with your personal data, and how you can exercise them.

Who We Are

Shping is the world’s first fully integrated ecosystem combining shopper marketing, brand protection, product safety, and a global product database — all in a single platform that rewards consumers for both engaging with and contributing to it.

Shping operates a mobile application (the App) that allows consumers to earn rewards, known as Shping Points, by uploading receipts, writing product reviews, joining brand loyalty programs, interacting with product-related content, participating in optional rewarded advertising, completing surveys, games, and offers through third-party reward partners, and making qualifying purchases through cashback offers via affiliate networks.

Depending on brand participation and product availability, the App may also offer additional features such as authenticity verification, product recall alerts, receipt storage, warranty activation, product ratings, and social media integration. Users can contribute content to Shping’s product database, and new features may be introduced over time to enhance the overall experience.

To facilitate the redemption of Shping Points (whether as cash to a nominated bank account or as cryptocurrency to a nominated external wallet), we collect certain personal data, including bank account details and external cryptocurrency wallet addresses where applicable. Where required by applicable law, we also collect identity verification (KYC) information to comply with our anti-money laundering, fraud prevention, and other regulatory obligations.

Shping’s headquarters are located in Melbourne, Australia.

Our Approach to Privacy

We take your privacy seriously. We do not sell your personal data to third parties for marketing or promotional purposes without your express consent. We do not abuse or misuse your personal data or let it fall into the wrong hands. We only collect and process your information for purposes clearly explained to you.

As a user of the Shping App or services, we collect personal information that you provide directly (e.g. during registration or support inquiries), as well as data generated from your interactions with the App. This includes:

  • Purchase receipts and transaction details
  • Information about your loyalty program memberships (e.g. Flybuys, Everyday Rewards)
  • Partial payment method metadata for verification (e.g. masked card digits)
  • Your preferences, venue selection, product interactions, and review activity
  • Advertising identifiers and ad interaction data
  • Participation data from third-party Reward Activities (surveys, games, offers)
  • Click-through and conversion data from Cashback Offers
  • Inferred or derived insights from your usage patterns, such as reward redemptions, scan behaviour, ad engagement, and product engagement

We may use your data to personalise your experience, operate and maintain the proper functioning of our services, enhance performance, and improve how we serve you and our brand partners. Where appropriate, we limit the collection of personal data to what is strictly necessary and take steps to de-identify or anonymise it when full retention is not required or when used for analytics and reporting purposes.

We may also share certain personal information with carefully selected and trusted business partners who support the delivery of our services, including advertising networks, third-party reward partners, affiliate networks, marketing, analytics, customer support, and technical operations partners. These partners are contractually bound to process your data securely and only for authorised purposes, in compliance with applicable privacy laws and industry best practices, except where they act as independent data controllers in their own right (as described in the relevant sections below).

In all cases, we apply reasonable safeguards to protect your personal information and ensure it is not used for unauthorised purposes.

Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under Australia’s Notifiable Data Breaches scheme.

As technologies and privacy regulations evolve, we will update this policy to ensure ongoing compliance and transparency. When changes occur, we will always publish the most current version on our website.

We conduct Privacy Impact Assessments for all new features involving personal data to ensure that privacy by design principles are met and continually reviewed.

Your Consent

When you download the App, register an account, or use our services, you will be asked to read and expressly agree to this privacy policy before proceeding. Your continued use of the App or website is also subject to this privacy policy.

By providing your consent, you agree to:

  • The collection and use of your personal information by us and the third parties described in this privacy policy
  • The disclosure of your personal information to the third parties described in this privacy policy, including advertising networks, third-party reward partners (such as Prodege), and affiliate networks (such as Commission Factory, Impact, and Rakuten Advertising) where you engage with the relevant features of the App
  • The transfer of your personal information to other countries outside Australia

For certain activities — such as inclusion in custom audience segments for advertising purposes — we will seek your explicit consent separately, and will not proceed without it.

If you do not wish your personal information to be used in the ways described above, please do not use our App, website, or services. You may also withdraw consent at any time by contacting us at privacy@shping.com. Note that withdrawing consent may limit your ability to use certain features (for example, you may not be able to participate in Reward Activities or Cashback Offers if you withdraw consent for the relevant data sharing).

Note: This policy is governed by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). Users located in other jurisdictions may have additional rights under applicable local laws.

Where and Why We Collect and Process Your Personal Information

Where we collect your personal information from

  • When you visit our website
  • When you register for or use the Shping App
  • When you contact us for help, support, or general inquiries
  • From participating third parties (e.g. retailers, payment and loyalty platforms) to improve and verify services
  • From the receipts you upload, which include purchase data, store information, loyalty and payment identifiers
  • From your activity within the App (e.g. scans, reviews, uploads, redemptions, settings, ad interactions, Reward Activity participation, Cashback Offer clicks)
  • From advertising partners, third-party reward partners, and affiliate networks, in connection with the delivery and validation of advertising, Reward Activities, and Cashback Offers

Why we process your personal information

  • To enable your use of the App and its features (e.g. receipt uploads, product reviews, reward redemptions, advertising, Reward Activities, Cashback Offers)
  • To personalise your experience and tailor relevant brand content, offers, or advertising
  • To build a shopping profile that reflects your preferences and engagement
  • To provide support and respond to your requests
  • To evaluate the performance and security of the App and related infrastructure
  • To comply with our legal obligations and enforce our terms of service
  • To share insights with participating brands for campaign effectiveness
  • To deliver marketing and loyalty communications from partner brands you have joined, via email or SMS, without disclosing your contact details
  • To deliver, validate, measure, and pay for advertising, Reward Activities, and Cashback Offers, including by sharing necessary data with advertising partners, third-party reward partners, and affiliate networks

Use of Data for Custom Audiences

Inclusion in custom audience segments for brand advertising is an optional feature of the App. It is offered on an opt-in basis only, is not required for you to use the App or to participate in the Shping Rewards program, and you may withdraw your consent at any time through the App’s privacy settings or by contacting privacy@shping.com.

Where you have given your explicit opt-in consent, we may share behavioural data — such as scan history, receipt uploads, and product reviews — with our brand partners to help them create custom audience segments for advertising purposes on platforms like Facebook, Instagram, or X (formerly Twitter). As part of this process, limited personal identifiers (such as your device’s advertising ID, name, email address, or phone number) may also be securely shared to enable accurate audience matching, in accordance with applicable privacy laws and the policies of those platforms.

If you withdraw consent, we will cease including your data in new custom audience segments. Audience segments already supplied to platforms may take a period to update at those platforms in accordance with their own processes.

Our Legal Basis for Processing Your Data

We process your personal data on the basis of your consent, which you provide when you register for and use the App or services. For certain processing activities — such as custom audience creation, identity verification, or participation in Reward Activities and Cashback Offers — we seek your explicit consent at the relevant point in the App.

We also process personal data where necessary to fulfil our contractual obligations to you, to comply with legal obligations, or where we have a legitimate interest in doing so that is not overridden by your rights.

If you do not consent to our processing of your personal data as described in this policy, please do not use our App, website, or services.

What Information We Collect

Our App and services collect and analyse a range of information. This may include:

  • Biographical and profile information that you have supplied to us voluntarily
  • Your physical and email address
  • Your date of birth
  • Your gender (optional) to help personalise product recommendations
  • Location information — data which reveals an approximate or precise geographical location of you and your mobile device, depending on your device and App permissions. We only collect this information where you have agreed to us doing so by enabling location access on your mobile device
  • Information about your mobile device — including device type, operating system, device identifiers, and browser information
  • Technical data such as IP address, time zone, language preferences, device model, operating system, and browser type
  • Advertising identifiers, including IDFA (iOS) and Advertising ID (Android), where you have not restricted their use through your device settings
  • Usage data and App metadata — such as how you interact with the App (e.g. pages viewed, session duration, features used), performance diagnostics, and error logs
  • Cookies, pixels, SDKs, and similar tracking technologies to enhance your experience, monitor usage patterns, deliver advertising, validate Reward Activities, and track Cashback Offer attribution. See the “Cookies and Tracking Technologies” section below for details
  • Product reviews, comments, photos, and other content you upload or submit within the App voluntarily
  • Uploaded purchase receipts, including receipt images and data extracted from those receipts (e.g. store name, date, items purchased, prices)
  • Your Shping Points balance and reward activity, including pending and credited entitlements from Reward Activities and Cashback Offers
  • Advertising interaction data, including ad views, clicks, completions, and rewarded ad validation events
  • Reward Activity data, including survey responses (where you participate in surveys), offer completions, game interactions, and conversion validation events
  • Cashback Offer data, including click-through events, merchant identification, purchase amounts (as reported by the merchant or affiliate network), and conversion validation events
  • Bank account details (for cash redemptions). External cryptocurrency wallet addresses are collected only from users who choose cryptocurrency redemption
  • Information from third parties, such as marketing partners, analytics providers, advertising partners, third-party reward partners, affiliate networks, or social login integrations, in accordance with their privacy policies and your permissions
  • KYC (Know Your Customer) and identity verification data when required for compliance purposes
  • Any information provided to us through support queries, feedback forms, surveys, or marketing campaigns

If you are visiting our website, App, or contacting us for information or technical support, we may also collect your name, contact details (phone number and/or email address), approximate location, and device and browser diagnostics to help us resolve technical issues.

Advertising in the App

The App displays advertising as part of its normal operation. Advertising includes non-rewarded ads (such as native, banner, video, and interstitial ads shown in normal app flow) and rewarded ads (which you may optionally choose to view in exchange for Shping Points).

Advertising Partners

Advertising in the App is delivered, measured, and optimised through third-party advertising networks, mediation platforms, exchanges, and measurement partners. These partners include AppLovin, Unity, Liftoff, Pangle, Meta, Google/AdMob, and other partners we may engage from time to time.

These advertising partners act as independent data controllers in their own right with respect to the personal information they receive from the App. They use this information for their own purposes, including ad targeting, fraud prevention, audience measurement, and improvement of their own products and services, in accordance with their own privacy policies. We encourage you to review the privacy policies of these partners for details of how they handle your data.

Data Shared with Advertising Partners

When advertising is shown in the App, the following categories of data may be shared with advertising partners, depending on the advertising format and your privacy settings:

  • Advertising identifiers (IDFA, Advertising ID), where not restricted by your device settings
  • Device identifiers, device type, operating system, and technical specifications
  • IP address
  • Approximate location (based on IP address or, where permitted, more precise location)
  • App identifier (the Shping App) and limited app activity context (such as which screen the ad appeared on)
  • Ad interaction events (views, clicks, dismissals, completions, conversions)
  • For rewarded ads: validation events confirming the ad was completed for reward purposes
  • Anonymised or pseudonymised user identifiers used for fraud prevention and frequency capping

We do not share your name, email address, phone number, banking details, or KYC information with advertising partners.

Advertising Personalisation and Controls

You may control advertising personalisation through:

  • Device settings: iOS App Tracking Transparency (Settings → Privacy & Security → Tracking) and Android Advertising ID controls (Settings → Privacy → Ads)
  • In-App settings: where available, you may adjust advertising preferences in the App’s settings
  • Industry opt-outs: the Digital Advertising Alliance (DAA) AppChoices tool and Australian Digital Advertising Alliance (ADAA) opt-out mechanisms

Restricting advertising personalisation does not remove non-rewarded advertising from the App but may reduce the relevance of the ads shown. Rewarded ads remain available regardless of personalisation settings, though they may be less targeted.

Third-Party Reward Activities (Surveys, Games and Offers)

The App offers optional rewarded activities, including surveys, games, and offers, provided through third-party reward partners (Reward Activities). Participation in Reward Activities is voluntary. When you choose to participate in a Reward Activity, certain data is shared with the relevant third-party reward partner and, in some cases, with the partner’s clients (such as survey researchers and offer advertisers).

Offer Serving Technology

This App uses an integration developed by Prodege, LLC (“Prodege”). Prodege is an online offer platform, through which app users are exposed to market research surveys and/or third-party ads, including offers, games, and shopping (collectively, “Rewarded Activities”). Prodege collaborates with publishers of smartphone applications to provide their users with access to Rewarded Activities. When a user connects to this App, certain device and connection data (including Advertising ID, Device ID, and whether and how the user enabled access to the same) may be sent, via our App, to Prodege servers to enable Rewarded Activities to display through our App. Prodege collects and processes your data in accordance with applicable legal requirements. For a full list of data Prodege may receive through this App, and further information on how Prodege processes such data, see Prodege’s Privacy Policy, available at https://bitlabs.ai/offerwall-privacy-policy. Prodege may transfer your data to non-EEA countries in accordance with applicable legal requirements, including the EU-US Data Privacy Framework and/or EU Commission Standard Contractual Clauses. Prodege may share such data with third parties, clients and business partners, for commercial purposes. To exercise any applicable rights relating to your data held by Prodege, please visit: https://bitlabs.ai/offerwall-privacy-policy. Please review the Prodege Privacy Policy for a more detailed view of how Prodege works and with whom Prodege shares data.

For clarity: your participation in Rewarded Activities is also subject to the Prodege privacy policy in respect of data processed by Prodege. This Privacy Policy describes Shping’s own handling of your personal information; Prodege’s handling of personal information is governed by its own privacy policy linked above. Shping is not responsible for Prodege’s independent processing activities, and Prodege is not responsible for Shping’s.

Other Reward Activity Partners

From time to time we may engage additional third-party reward partners beyond Prodege. Where this occurs, we will update this Privacy Policy to identify the additional partners and the categories of data shared with them.

Data Shared with Reward Activity Partners

When you participate in a Reward Activity, the following categories of data may be shared with the third-party reward partner (and, where relevant, with their clients):

  • Advertising identifiers and device identifiers
  • IP address and approximate location
  • Device type, operating system, and technical specifications
  • Anonymised or pseudonymised user identifier
  • Survey responses (where you participate in surveys), which may include demographic, attitudinal, behavioural, and product-preference information you choose to disclose in answering survey questions
  • Offer completion data and game interaction data
  • Conversion validation events

We do not share your name, email address, phone number, banking details, or KYC information with Reward Activity partners. Survey responses you provide are shared with the survey researcher (which may be Prodege’s client) for the research purposes specified at the time of the survey.

Affiliate Cashback Offers

The App offers cashback in Shping Points on qualifying purchases made through participating merchants via affiliate networks. The affiliate networks we work with include Commission Factory, Impact, Rakuten Advertising, and other networks we may engage from time to time.

How Tracking Works
When you click on a Cashback Offer in the App, you are redirected to the participating merchant’s website through the affiliate network’s tracking link. The affiliate network places a tracking cookie (or mobile equivalent) that associates your subsequent purchase at the merchant with the Shping App. When you complete a qualifying purchase, the merchant notifies the affiliate network, which in turn notifies Shping of the conversion.

The affiliate networks act as independent data controllers with respect to the tracking and attribution data they collect. They process this data in accordance with their own privacy policies. Each affiliate network publishes its own privacy policy:

  • Commission Factory: see commissionfactory.com for current privacy information
  • Impact: see impact.com for current privacy information
  • Rakuten Advertising: see rakutenadvertising.com for current privacy information

Data Shared with Affiliate Networks
When you click through a Cashback Offer, the following categories of data may be shared with the affiliate network and/or the participating merchant:

  • Anonymised or pseudonymised user identifier
  • Click-through identifier (used to track the source of the purchase)
  • Device identifiers and basic technical information
  • IP address
  • Information about the merchant and offer you clicked through to

The participating merchant collects all information you provide directly to them in the course of making a purchase (including name, payment details, shipping address, and purchase details), and that information is handled in accordance with the merchant’s own privacy policy. Shping receives only the conversion information necessary to credit your cashback (which typically includes the click-through identifier, the merchant identifier, the purchase amount, and the conversion status).

Commission Disclosure

Shping receives a commission from participating merchants (paid via the affiliate networks) when you complete a qualifying purchase through a Cashback Offer. The cashback Shping Points credited to your account are paid from this commission. This commercial relationship does not affect the cashback you receive, which is determined by the advertised percentage.

Cookies and Tracking Technologies

The App and our website use various technologies to collect information about your activity, recognise your device, deliver personalised experiences, deliver advertising, and validate Reward Activities and Cashback Offers. These technologies include:

Categories of Tracking Technology

  • Cookies and similar web technologies used on our website to remember your preferences, maintain sessions, and analyse usage
  • Mobile advertising identifiers (IDFA on iOS, Advertising ID on Android) used to support advertising personalisation, frequency capping, attribution, and fraud prevention. These identifiers are subject to your device’s privacy settings
  • Software development kits (SDKs) integrated into the App from advertising networks, mediation platforms, analytics providers, and reward partners, which collect technical and interaction data as described above
  • Server-to-server (S2S) callbacks used to communicate conversion events between Shping, advertising partners, reward partners, and affiliate networks without placing client-side tracking
  • Pixel tags and tracking links used in marketing communications and Cashback Offer click-throughs
  • Device fingerprinting in limited cases, used for fraud prevention and security purposes

Purposes of Tracking

  • Authenticating you and maintaining your session
  • Delivering and personalising advertising in the App
  • Measuring advertising performance and attribution
  • Validating completion of rewarded ads, Reward Activities, and Cashback Offers
  • Detecting and preventing fraud, including invalid traffic, bot activity, and account abuse
  • Analytics, performance monitoring, and product improvement
  • Frequency capping (preventing the same ad from being shown too many times)

Your Controls

You can manage tracking through:

  • Device-level controls: iOS App Tracking Transparency, Android Advertising ID reset and opt-out, browser cookie settings
  • In-App settings: where available
  • Industry opt-outs: DAA AppChoices, ADAA opt-out mechanisms
  • Withdrawing consent: by contacting privacy@shping.com

Note that essential tracking (such as authentication, fraud prevention, and conversion validation for Reward Activities and Cashback Offers you actively engage with) cannot be disabled without affecting your ability to use the relevant features.

Sharing Information with Third Parties

We may share your personal information with third parties in the following circumstances:

  • With product brand owners who have partnered with us or are listed in our brand database and have asked us to collect, process, or analyse data on their behalf
  • With product brand owners and retailers who have partnered with us or are listed in our brand or partner database. If you submit a product review (including text, photos, or videos), we may share this content along with your display name, avatar photo, age group, general location, and other metadata to help brands and retailers understand and showcase authentic shopper feedback. Your full contact details (such as email or phone number) will not be shared without your explicit consent
  • With advertising partners, including AppLovin, Unity, Liftoff, Pangle, Meta, Google/AdMob, and other partners we engage from time to time, as described in the “Advertising in the App” section above
  • With third-party reward partners, including Prodege, as described in the “Third-Party Reward Activities” section above
  • With affiliate networks, including Commission Factory, Impact, Rakuten Advertising, and other networks we engage from time to time, as described in the “Affiliate Cashback Offers” section above
  • With participating merchants where you make qualifying purchases via Cashback Offers (limited to information necessary to complete the purchase and confirm the conversion)
  • With partners, vendors, and subprocessors that provide IT, cloud storage, analytics, customer support, marketing, or other operational services necessary to help us deliver the App and services. These third parties may process personal information strictly under our instructions and in accordance with contractual obligations and data protection laws
  • With other companies within the Shping corporate group who support or enhance our services
  • With marketing and advertising partners, analytics providers, or affiliate networks to help promote our services, subject to applicable laws and user preferences
  • With payment processors, banking partners, and identity verification providers where necessary to fulfil a redemption request, comply with KYC obligations, or prevent fraud
  • With government authorities, regulators, courts, law enforcement agencies, or other authorised parties where we believe disclosure is reasonably necessary to comply with a legal obligation, protect public interest, or respond to a lawful request
  • In the event of a merger, acquisition, restructuring, or sale of our assets, where personal data may be transferred to a successor entity. We will endeavour to provide prior notice where possible
  • To complete any transaction or service you have authorised or requested through the App
  • To detect, prevent, or otherwise address security, fraud, or technical issues
  • To protect the rights, property, or safety of Shping, our users, or our partners
  • When you join a brand’s loyalty program within the App, we may enable that brand to send you marketing communications, including emails or SMS messages, about their products, services, and loyalty benefits. These messages are sent through Shping’s secure system, and we do not disclose your actual email address or phone number to the brand

Some of the third parties we share data with may be located outside your country, including in countries that may not have the same data protection laws. In such cases, we take reasonable steps to ensure that your personal information remains protected through appropriate safeguards, including standard contractual clauses and data processing agreements.

We do not sell your personal information.

Security

We have what we believe are robust, appropriate, and sufficient security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our information security management system.

We take the privacy and protection of your personal information very seriously and use a number of methods to keep your personal information secure, including reasonable physical, technical, and organisational measures to restrict access. Access to your data is strictly controlled by a combination of permissions-based user roles, tried and tested processes, and multi-factor authentication.

Shping uses a passwordless login system based on one-time verification codes sent by email or SMS. You are responsible for keeping your email account, mobile device, and any linked services secure so that login codes cannot be intercepted or misused by others.

Although we implement these measures, we have no control over what happens between your device and our information infrastructure. You should be aware of the many cyber security risks that exist and take appropriate steps to safeguard your own information and devices. To the maximum extent permitted by law, Shping accepts no liability in respect of data breaches or unauthorised access that occur beyond our sphere of control.

Where required by applicable law, we will notify you of any loss of or unauthorised access to your personal information, and we will cooperate with the appropriate authorities to investigate such incidents in a timely fashion.

International Transfers of Information

Shping is an Australian-based global company providing services internationally. While all user data is currently stored on servers located in Australia, in the course of providing our services, we may transfer certain personal information to trusted service providers and product partners located in countries outside Australia, including but not limited to the United States, Singapore, New Zealand, the United Kingdom, and the European Economic Area. Some of these jurisdictions may not offer the same level of data protection as under Australian privacy laws.

In particular:

  • Advertising partners (including AppLovin, Unity, Liftoff, Pangle, Meta, and Google/AdMob) operate global infrastructure and may process your data in multiple jurisdictions, including the United States
  • Prodege (our third-party reward partner) is based in the United States and may process your data in the United States and other jurisdictions, in accordance with the EU-US Data Privacy Framework and/or EU Commission Standard Contractual Clauses where applicable
  • Affiliate networks may process your data in multiple jurisdictions depending on the network and the merchants involved

Where we transfer personal information overseas, we take reasonable steps to ensure it is handled in accordance with the Australian Privacy Principles (APPs). This includes entering into binding agreements with overseas recipients that impose obligations substantially similar to the APPs or verifying that they are subject to laws that offer comparable protection.

By using our services and submitting your personal information, you consent to this transfer, storage, and processing of your information outside Australia in accordance with this Privacy Policy.

Retention of Your Information

We retain your personal information for as long as is necessary to fulfil the purposes for which it was collected. This typically includes helping you access rewards, providing support, fulfilling our contractual obligations, or enabling product partners to run targeted campaigns and programs.

In most cases, this means we retain your personal data for the duration of your active account. You may request account deletion at any time via the Shping App. Your account may also be closed by Shping in limited circumstances set out in the Terms (specifically, for breach of the Terms, suspected fraud, AML/CTF concerns, sanctions, or other compliance grounds, or where required by law).

Information collected for KYC, anti-money laundering, fraud prevention, or other regulatory compliance purposes will be retained as required by law (typically seven (7) years from the relevant transaction or account closure, whichever is later), regardless of any account closure or deletion request.

Upon User-Initiated Account Closure

When you close your account through the App:

  • Most information that could personally identify you (such as your name, date of birth, email address, residential address, profile photo, content history, and linked third-party accounts) will be removed or securely de-identified, except where retention is required by law (including AML/CTF, tax, and other regulatory obligations) or as described below
  • We retain your mobile number for the purpose of administering the reactivation right described in clause 17.3 of the Terms. This mobile number functions as your Reactivation Identifier and is the only identifier we retain to link a returning user to a preserved Shping Points balance
  • We retain your preserved Shping Points balance and a minimal account record sufficient to administer reactivation. This record is held separately from active-user records
  • Pending Reward Activity entitlements and pending Cashback Offer entitlements that have not been validated or settled by the date of closure are voided. Associated tracking and conversion records may be retained as required for our agreements with the relevant partners and for fraud prevention purposes
  • Records required for AML/CTF compliance are retained as required by law (seven years from the relevant transaction or account closure, whichever is later). These records are held under access controls separate from the App and are not used for any operational purpose other than statutory compliance

If you reactivate your account within twelve (12) months of closure, you will be required to re-supply any personal information needed to use the App. If you reactivate more than twelve (12) months after closure, you will be required to complete identity re-verification (including KYC) through Shping support before reactivation is granted.

If your account is not reactivated within seven (7) years of closure, Shping may release the preserved balance in accordance with clause 17.4 of the Terms, and the Reactivation Identifier and any remaining minimal account record will be deleted or fully de-identified at that time, except where statutory retention obligations require otherwise.

Upon Closure for Breach, Fraud, or Compliance Reasons

Where your account is closed under clause 12 (Breach Closure) or clause 14 (legal or regulatory requirement) of the Terms, we may retain associated identifying information for a longer period than would otherwise apply, where reasonably necessary for fraud prevention, enforcement of our Terms, defending legal claims, complying with statutory obligations, or supporting investigations by law enforcement or regulators. The reactivation right described above does not apply to accounts closed under those clauses.

De-identified and Aggregated Data

We may continue to retain anonymised or aggregated data (including location, demographics, advertising interactions, and survey results) for analytics, reporting, and product improvement purposes. This data cannot be used to identify you and is not subject to the retention timelines above.

We regularly review the information we hold to ensure it remains relevant to our operational requirements and those of our product partners. In cases where we collect and process personal data at the instruction of a product partner, we act according to their direction — including retention or deletion timelines where applicable.

Where content such as product reviews has been removed for policy violations and retained for audit or compliance purposes, it is held in anonymised or de-identified form only, such that it cannot be used to identify the original submitter. This applies even where an account deletion request has been made.

Data Held by Third-Party Partners

Advertising partners, third-party reward partners (including Prodege), affiliate networks, and participating merchants act as independent data controllers with respect to data they receive from the App. The retention of that data by those partners is governed by their own privacy policies, not this Privacy Policy. Closure of your Shping account does not automatically result in deletion of data held by those partners, although you may exercise any rights you have directly against them under applicable privacy law.

Your Rights

As a user whose personal information we collect and process, you have specific rights under applicable privacy laws. You may exercise these rights at any time by emailing privacy@shping.com or using the contact details provided below. To protect your data, we may request two forms of valid identification to verify your identity before fulfilling your request.

Right to be informed

You have the right to receive clear, transparent information about how we use your personal data. This Privacy Policy, along with any related notices or communications we may provide, is designed to keep you informed.

Right of access

You can request a copy of the personal data we hold about you at any time, free of charge. Upon verifying your identity, we will provide the categories of personal data concerned, the purposes of processing, any third parties with whom the data has been shared, the retention period for that data (where possible), and the source of the data if it was not collected directly from you.

Right to rectification

If your personal data is inaccurate or incomplete, you may request that we correct or update it. This right can be combined with the right to restrict processing while we verify and correct the data.

Right to erasure

You can request deletion of your personal information where no lawful basis or legitimate reason for continued processing exists. If your account is deleted through the App or upon your request, we will remove or de-identify most personal information as described in the Retention section above. We will retain your mobile number (as your Reactivation Identifier), your preserved Shping Points balance, and a minimal account record for the purpose of administering reactivation. We may also retain de-identified or anonymised data for analytical or compliance purposes, and certain identifiable data where required by law (including AML/CTF and tax retention obligations). If you wish to permanently waive your reactivation right and have your Reactivation Identifier deleted before the seven-year long-stop, please contact privacy@shping.com; we will action this request, subject to applicable statutory retention obligations, and your preserved balance will be released in accordance with clause 17.4 of the Terms.

Data held by independent third-party controllers (including advertising partners, third-party reward partners, and affiliate networks) is subject to their own erasure processes; please contact those partners directly to exercise erasure rights against them.

Right to restrict processing

You may ask us to restrict processing of your personal data where you contest its accuracy, the data has been unlawfully processed, we no longer need the data but you require it for a legal claim, or you have objected to processing and a decision is pending. In such cases, we will store your data but not process it until the restriction is lifted.

Right to object

You may object to our processing of your personal data when it is based on our legitimate interests, used for direct marketing purposes, processed for research or statistical purposes, or performed under a public task or legal authority. You may object specifically to the use of your data for advertising personalisation through your device settings or by contacting us.

Right to delete your account via the App

You can delete your Shping account at any time directly within the App. Doing so will deactivate your account and trigger removal or de-identification of most personally identifiable data, subject to the retention rules described in the Retention section above (including retention of your Reactivation Identifier for the purpose of administering reactivation). We will retain non-personal, anonymised data for analytical or reporting purposes.

We aim to respond to all requests within 30 days, unless legal or operational constraints prevent us from doing so. If that happens, we will inform you promptly.

Age Requirement and Children’s Data

The Shping App is not intended for individuals under the age of 18. You must be at least 18 years of age to register or use the services. All advertising, Reward Activities, and Cashback Offers served through the App are served on a general-audience basis and are not directed at children.

We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected personal information from a person under 18, we will take reasonable steps to delete that information promptly and securely, and to block that user from continuing to access the App.

For product partners using our services to collect or process data of children, they must comply with the data protection laws applicable to them and obtain any required parental or guardian consent prior to using our service.

Data Protection Officer

We have nominated a Data Protection Officer to take overall responsibility for matters of data protection and privacy. This is our Head of Information Security and you can contact them with any questions or concerns about your data by emailing privacy@shping.com.

We are not responsible for the content or privacy practices of third-party websites or services linked from our App or website, including merchants accessed through Cashback Offers, advertising landing pages, and Reward Activity Host sites.

Automated Profiling and Decision Making

We may use automated tools to analyse your activity and provide personalised experiences, offers, advertising, or content. This may include assigning you to consumer segments, recommending products based on your activity, or determining which advertising and Reward Activities to surface to you. You have the right to request human intervention or object to profiling by contacting us.

Right to Data Portability

You may request a copy of your personal data in a structured, commonly used, and machine-readable format by contacting privacy@shping.com.

Opting Out of Brand Targeting and Advertising Personalisation

You can opt out of receiving targeted content or being included in anonymised custom audience lists used for brand engagement by adjusting your preferences in the App or by contacting us at privacy@shping.com.

You can opt out of advertising personalisation through your device’s privacy settings (such as iOS App Tracking Transparency or Android Advertising ID controls). Opting out of personalisation does not remove non-rewarded advertising from the App.

Related Policies

For additional platform rules, please refer to:

Contact Us

Should you have any questions, comments, or concerns about this policy or how we handle and process your data, please contact us:

Shping Holdings Pty Ltd (ACN 697 767 650, ABN 37 697 767 650)

Email: privacy@shping.com
Phone: 03 9924 4405 (Australia) | +61 3 9924 4405 (international)
Web: shping.com/faq

Effective Date: 1 July 2026
Version: 290526_PP

Get Boss updates

Stay in the loop to get new news, boss rewards & offers.