Privacy Notice
We at ShopBack respect the privacy and confidentiality of the personal data of our clients, customers, visitors and all others whom we interact with in the course of providing our services. While we are driven by the goal of providing customers with an enhanced shopping experience, we also understand that a key concern that customers may have is the safety of their personal information, and are committed to ensuring that all personal data provided to us remain secure and are only utilised for purposes that our customers have consented to.
To begin with, we only collect such personal information that is necessary to provide you with the services that you have requested, understand your needs, and serve you better as a whole. We collect the least information possible. We provide to our merchant partners only such information as is necessary to allow us to verify and track your rewards.
For example, we utilise cookies to track your transactions with our merchant partners because such information is necessary to enable us to validate and credit cashback into your ShopBack account.
Otherwise, we limit any data provided to an aggregate level.
We do not under any circumstances sell your information.
We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the applicable personal data protection legislation.
Set out below is our detailed personal data protection policy. You may rest assured that ShopBack takes privacy and security seriously and is receptive to any feedback on these issues. If you have any queries, comments or concerns, or otherwise require any help, please feel free to contact us at help@shopback.com.au or at dpo@shopback.com
The ShopBack Team
Personal Data Protection Policy
The purpose of this document is to inform you as to how ShopBack manages, collects, uses, and discloses Personal Data relating to you and other users of our website, extension for desktop web browsers (“web extension”), software applications, mobile applications and other platforms. We conduct our business in compliance with the relevant data protection legislation,and have implemented additional measures to protect your personal information. The continued provision of our services to you and your continued use of such services shall be deemed to be our mutual agreement to abide by this Personal Data Protection Policy as updated from time to time on our website.
Personal Data
In this Personal Data Protection Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.
“Sensitive information” has the meaning given in the Privacy Act 1988 (Cth) and includes information such as health information and biometric information. We do not seek to collect sensitive information in the ordinary course of our services.
“De‑identified information” means information that is no longer about an identifiable individual or an individual who is reasonably identifiable. We may de‑identify data and use or share it in aggregated form.
Collection of Personal Data
The Personal Data that ShopBack may collect from you will depend on the products, services, and promotions that you use or subscribe to. ShopBack collects this data to enable our services and our platforms to function properly and to help us better understand how they work on different devices and browsers. Typically, ShopBack will collect Personal Data relating to you when you:
Leave your contact details with us after attending our events e.g. marketing or community events and seminars.
Leave your contact details with us after visiting, using or installing (as the case may be) our websites, portals, mobile applications, social media platforms and web extension, or make enquiries via any other portal
Register for our services and/or submit any forms relating to any of our products and services.
Sign up for alerts or newsletters or respond to our marketing collaterals e.g. advertisements, brochures or flyers.
Contact us with enquiries or requests for assistance or interact or communicate with us or our employees, e.g. via our online interface, email, telephone calls, faxes, text messages or face-to-face meetings.
Participate in competitions, lucky draws, surveys, or other such events.
Submit your CV and job application forms to us or Submit your CV to recruitment firms or job portals, who in turn forward the same to us.
Are referenced to us by business partners or third parties.
The Personal Data collected may include information relating to your:
Identity: This includes your full name, email address, date of birth, phone number, photographs, device ID, IP address, and payment-related information (e.g. bank account details or details of your account with a payment service provider such as PayPal).
Interactions with us: This includes recordings of your phone calls with us, emails you sent, and other records of any contact you have with us.
Account: Details relating to your ShopBack account.
Use of our services: This includes using cookies, our web extension or other browser related methods to track information relating to your interaction with our and our merchants’ websites (e.g. the pages within our website that you visit, the time spent on those pages, items and information searched on our site, access time and dates, webpages you were visiting prior to our site, and information relating to clicks and redirects), as well as data related to your transactions with our merchants and partners (Including any Order Reference / Order ID).
For the avoidance of doubt however, ShopBack’s web extension does not track your search engine history, emails or your browsing data on any site that is not one of our merchant’s sites or where it is not related to ShopBack’s product or services. When you are on one of our merchant’s sites, ShopBack will only collect information about that site that lets us calculate and validate with the merchant the rewards due to you and such coupons or promos that are applicable to you. Please see below for a further explanation of how our web extension operates and what data it collects.
Preferences: This includes details that you have shared with us as to how you would like to be contacted, and your preferred products and brands.
Location: Some of the services we provide depend on your location. In order to work, those services need to know your location. Whenever you open and use or interact with our platforms (incl. our app) on your mobile device or otherwise, we use the location information to tailor our services to your location. The services use your various devices’ ‘background location’, including to send you notifications of offers / plans / interesting things near you. If you have ‘background location’ turned on, our platforms will from time to time tell us about your device’s location even if you are not directly interacting with our platforms.
Anonymity/Pseudonymity: Where lawful and practicable (for example, general browsing of our websites), you may interact with us without identifying yourself or by using a pseudonym. Certain services require identification to function.
Receipts Programme (if you participate): This includes the receipt image or file you submit, any receipt data we receive via optional connect and sync features (for example from a connected external email inbox or membership/loyalty account), and the details we extract (such as retailer, store/location if printed, date / time, totals, and items / brands / SKUs), a receipt identifier, the time of submission and processing status (e.g. tracked, confirmed or rejected), and checks / signals we create to help prevent misuse (for example, duplicate, age and velocity checks). If you connect an external account for the Receipts Programme, we also receive technical information needed to access that account on your behalf (for example, secure tokens) and receipt-related messages or transaction data needed to identify and import eligible receipts.
Apart from collecting the above Personal Data directly from you or your authorised representatives, ShopBack may also collect Personal Data from third parties (such as our business partners, Google, social media providers, or fraud-prevention agencies), or from publicly available sources.
In addition, ShopBack uses “cookies”, which are small data files sent to your browser to store and track information about you when you enter our website. The cookie is used to track some of the information mentioned above relating to the use of our services.
Most internet browsers provide you the option to turn off the processing of cookies but this may result in the loss of functionality, restrict your use of the website, and/or delay or affect the way in which it operates. In particular, it would not allow us to track your transactions with our merchant partners and this would mean that we would be unable to credit you with cashback or otherwise provide you with the products and services that you have requested. That said, you should configure our web extension and your use thereof.
Use of the ShopBack Web Extension
ShopBack does not collect browsing data from your search engine history, any information from your emails via the web extension, or data on websites not relevant to the services we provide. ShopBack’s web extension only collects data on our merchants and merchant-category related shopping sites.
When you are on one of our merchant sites, indicated by a blinking ShopBack icon when you navigate to such a site, the extension will collect information such as the merchant’s trade name, domain and page views that help us determine if it is a site ShopBack supports, and lets us find you relevant Cashback and Coupons. In some cases, we also monitor the success or failure of coupon usage to improve our coupon algorithm and the amount saved per coupon to provide you with the best coupons.
ShopBack’s web extension also collects the following information to let us understand how our users engage with our services on our merchants’ sites and to ensure our products are working correctly so that you may enjoy a better shopping experience:
Browser type
Operating system
Error Logs
Event stamp
None of the information we collect contains any personally identifiable information such as email addresses or names, nor does ShopBack’s web extension collect any sensitive information such as credit card data, bank data or passwords.
Use of the ShopBack Receipts Programme
This feature (including any connect and sync options) is optional. When you submit a receipt or we import a receipt via a connected external account (for example, a supported email inbox or membership/loyalty account), we collect the image or file and extract line‑item data to verify authenticity, operate anti‑fraud / abuse controls (including duplicate / age / velocity checks and temporary holds), determine reward eligibility, and credit rewards. In this programme, we reward you (with cashback or points) in exchange for your receipt data, which we use to run the programme and, in de-identified and aggregated form, to produce commercial insights for retailers and brands as described below. We do not sell your personal information (that is, data that identifies you) to any third party.
Where you connect an external account, we use the access you grant us (for example, via OAuth) only to look for receipts from participating retailers and import them into the Receipts Programme. We configure our systems to minimise collection from that account and do not use this access to read or store non-receipt emails or other unrelated content. We never receive your account password. Access is provided via secure tokens issued by your provider (for example, Google or Microsoft), which we protect using encryption, strict access controls, and logging and monitoring designed to detect misuse.
When you use email sync, we configure our systems to scan only a limited recent period of your inbox (for example, approximately the last 21 days of messages) and only when you choose to sync. We do not continuously monitor your inbox in the background.
We may normalise data against retailer, brand and product catalogues and may conduct manual review to improve accuracy and programme integrity. We use service providers for OCR/receipt processing and risk tooling acting on our instructions.
We also use receipt data to create aggregated, de-identified insights (such as sales volumes, product performance and category trends) which we provide to retailers and brands, including on a paid basis, and which form part of how the programme is funded. These insights do not identify you or your individual purchases.
Our risk checks may involve automated decision‑making that can affect reward eligibility or timing; you can contact support to contest a decision, and we may conduct a manual review. You can opt out by ceasing to submit receipts; your privacy rights continue to apply.
Submit only authentic receipts for your own purchases. Do not submit receipts containing other people's personal data unless you have their consent. You can opt out of the Receipts Programme by ceasing to submit receipts (and by using any in‑app controls we provide).
Accuracy of Information and Third Party Consent
You should ensure that all Personal Data submitted to us is complete, accurate, true, and correct. Failure on your part to do so may result in our inability to provide you with the products and services that you have requested.
Further, when you provide us with any Personal Data relating to a third party (including your spouse, children, parents, and/or employees), you represent to us that you have obtained the consent of the third party to provide us with their Personal Data.
Use of Personal Data
ShopBack does not sell or trade Personal Data collected online with third parties. We may use Personal Data relating to you to:
Administer the services we provide you
Primarily, we use your Personal Data to fulfil and process your orders and cashback. This would include using Personal Data relating to you to track your transactions with our merchant partners, credit cashback rewards into your ShopBack account, and process the necessary payments associated with such transactions. It would also include using Personal Data relating to you to activate or deactivate services, provide you with additional products, services, and benefits (such as promotions, loyalty programmes, or reward programmes), and administer (at times in conjunction with our preferred partners) promotional events, contests, competitions, and corporate social responsibility projects.
To process receipts (if you participate): convert images/documents and receipt data we receive (including via connect and sync features) to structured data, normalise against retailer/brand/product catalogues, and determine reward eligibility, then calculate and credit rewards linked to your receipt and display related statuses in‑app.
Direct marketing and online advertising: We may use your personal information to provide you with marketing communications and offers. You can opt out of marketing at any time (e.g., via in‑message unsubscribe or in‑app settings). We do not use sensitive information for direct marketing without your consent. We may use hashed identifiers to reach you on third‑party platforms, acting under our instructions. You can unsubscribe from our promotional emails at any time through the unsubscribe function within the promotional emails.
Enhance the services we provide you
We use your Personal Data to investigate complaints, claims and disputes. We also use your Personal Data to improve site and service performance and the delivery of our services, such as when you make inquiries into and provide feedback on our quality of service. We may also use Personal Data relating to you to understand your preferences, develop new products and services, or personalize or otherwise improve the products and services we offer you. It would also include using Personal Data relating to you to deliver relevant advertising (such as that involving details of our or our preferred partners’ products, services, special offers, and rewards), either to our customers generally, or which we have identified may be of interest to you in particular, to deliver periodic newsletters to you with your prior consent or if otherwise permitted under local laws and regulations, or to promote benefits and offer rewards and promotions that you qualify for.
Customer Service
This would include using Personal Data relating to you to respond to requests and enquiries made by you (or persons authorised by you), provide you with directory assistance, and provide you with updates relating to our products, services, or policies.
Security and Compliance
This would include using Personal Data relating to you to detect and prevent fraud and other crimes (e.g. by conducting checks against money laundering, terrorism financing and related risks), conducting internal audits, or otherwise meeting legal, regulatory and other requirements (including providing assistance to law enforcement, judicial, and other government agencies, responding to regulatory complaints, making relevant disclosures to regulatory bodies, conducting audit checks, due diligence and investigations, and taking steps which ShopBack considers necessary in the event of a lawsuit or potential lawsuit). It would also include using Personal Data relating to you for the purposes of security and risk management and to ensure the safety and security of our properties and systems such as by verifying authenticity and preventing abuse/fraud.
Job applications
This would include processing job applications, recruitment and selection and processing and administering employment records.
We will not use Personal Data relating to you for purposes other than what we have informed you, or which we are permitted or required under local law and regulations.
We will retain Personal Data relating to you for only as long as there is a business or legal need.
When we no longer need personal information for any permitted purpose, we will take reasonable steps to destroy it or de‑identify it, subject to legal and regulatory record‑keeping obligations.
Sharing of Personal Data
We may share Personal Data relating to you with:
Companies within the ShopBack group.
ShopBack’s business partners, vendors, agents, and service providers who we work with to deliver services you have subscribed to. This would include merchant partners, payment service providers, third party service providers engaged in connection with marketing promotions and services offered by ShopBack or its preferred partners, and third party service providers who provide operational services to ShopBack (such as telecommunications, information technology, payment, printing, billing, payroll, processing, technical services, training, market research, call centre or other services to ShopBack). It also includes our professional advisers such as auditors and lawyers.
In the event of an actual or prospective business asset transaction (such as any merger, acquisition or asset sale), any business partner, investor, assignee, or transferee for the purposes of facilitating such a transaction.
Relevant regulators, statutory boards or authorities, or law enforcement agencies as required by any laws, rules, guidelines, and regulations or schemes.
Personal Data is disclosed to the above only for relevant purposes (please refer to those mentioned in this Policy) or to protect the interests of our customers.
In exceptional circumstances, ShopBack may also be required to disclose Personal Data relating to you, where there are grounds to believe that disclosure is necessary to prevent a threat to life or health, or for law enforcement purposes.
In some cases, we encrypt, anonymize, and aggregate the information before sharing it. Anonymizing means stripping the information of personally identifiable features. Aggregating means presenting the information in groups or segments e.g. age groups.
Overseas disclosures: We may disclose personal information to overseas recipients (for example, our global group companies and cloud or processing providers). Where we do so, we take reasonable steps to ensure appropriate safeguards over the data transferred. We will also ensure that overseas organisations we work with observe strict confidentiality and data protection obligations.
Security of Personal Data
ShopBack ensures that all Personal Data collected will be safely and securely stored and has implemented stringent measures to secure and protect your information. These include:
Using a secure, encrypted connection on all our web pages where you transmit Personal Data. We use industry standard encryption in the transmission of such data.
Ensuring that Personal Data relating to you is only stored on servers with proper safeguards to prevent security breaches.
Limiting access to information in our systems.
Implementing strict verification processes to prevent unauthorised access to Personal Data.
Securely destroying your personal information when it’s no longer needed for our business or legal processes.
Data Breaches: We maintain a data breach response process. Where an eligible data breach occurs under the Notifiable Data Breaches (NDB) scheme, we will assess promptly and notify the Office of the Australian Information Commissioner (OAIC) and affected individuals, including steps they should take in response.
Updating Personal Data
You can update your personal information any time by accessing your account on the ShopBack website. If there is any Personal Data relating to you that you are unable to update through the ShopBack website and which you wish to make corrections to, you may contact us at help@shopback.com.au and we will be glad to help you as best as we can.
Respecting your Consent and Access to Personal Data
If you wish to access the Personal Data that we have relating to you, enquire about the ways in which Personal Data relating to you has been or may have been used or disclosed by ShopBack within the past year, or wish to withdraw your consent to our use of such Personal Data, you may contact us (and our Data Protection Officer) at help@shopback.com.au or dpo@shopback.com. We will seek to attend to your request as best as we reasonably can.
We will respond to requests for access to or correction of your personal information within a reasonable period. We may refuse access in the limited circumstances permitted by law and will provide written reasons. Kindly note however that we may have to charge you a reasonable administrative fee for providing access (not for making a request) to Personal Data relating to you.
Please note that you may withdraw your consent to our collection, use and disclosure of your information at any time. This includes uninstalling the web extension. However, do kindly also note that if you withdraw your consent to our use and/or disclosure of Personal Data relating to you, depending on the nature of your objection, we may not be in a position to continue to provide our products or services to you or perform on any contract we have with you. Our legal rights and remedies are expressly reserved in such an event.
If you have a privacy complaint, please contact us at the details above. We will acknowledge and respond to privacy complaints within a reasonable period. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).
Changes to the Personal Data Protection Policy
ShopBack reserves the right to modify and update the Personal Data Protection Policy at any time to ensure that it is consistent with industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of the Personal Data Protection Policy as updated from time to time on our website. Any changes to this policy will be published on our website.
Governing Law
We manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
This Personal Data Protection Policy and your use of this website shall be governed in all respects by the laws of Australia.
Last Updated: 26 January 2026