200 bonus Points on month one.Join now
Skip to content

Privacy

Privacy Policy

Last updated: 2026-05-25

1. About this Policy

1.1 This Privacy Policy sets out how [UNICASH Pty Ltd] (ABN [90 693 062 538]) (UNICASH, we, us, our) handles Personal Information collected through the UNICASH platform, including the website at unicash.com.au and any associated apps, services, and communications (together, the Platform).

1.2 This Policy is made under the Privacy Act 1988 (Cth) (Privacy Act) and applies the Australian Privacy Principles (APPs).

1.3 By using the Platform, creating an Account, subscribing to a Membership, purchasing a Point Booster, entering a Draw, or otherwise interacting with UNICASH, the individual acknowledges that Personal Information will be handled as set out in this Policy.

1.4 Capitalised terms not defined in this Policy have the meaning given in the Terms and Conditions.

2. About UNICASH

UNICASH operates the Platform as defined in the Terms and Conditions. Personal Information is primarily processed within Australia, with limited offshore disclosure to the service providers described in clause 9.

3. What is Personal Information

Personal Information has the meaning given in the Privacy Act: information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether or not it is recorded in a material form.

Sensitive Information is a subset of Personal Information and includes information about health, racial or ethnic origin, religious beliefs, sexual orientation, political opinions, criminal record, and biometric information. UNICASH does not solicit Sensitive Information except where strictly necessary for a specific lawful purpose (see clause 6).

4. The kinds of Personal Information UNICASH collects

UNICASH collects the following categories of Personal Information.

4.1 Account and identity information

  • full name and preferred name;
  • email address;
  • mobile telephone number;
  • date of birth (to confirm the Member is 18 years of age or older);
  • residential state or territory (to confirm eligibility for Draws);
  • account password (stored only as a salted hash); and
  • profile preferences and communication settings.

4.2 Membership and transaction information

  • Membership tier and subscription status;
  • Point Booster purchase history, Points balance, and Points transaction ledger;
  • Draw entry history and winner status;
  • Prize fulfilment records; and
  • Fuel Rewards balance and redemption history.

4.3 Payment information

  • payment method (card type, last four digits, expiry, wallet type);
  • billing name and address;
  • payment processor identifiers (for example, Stripe customer ID and payment intent IDs); and
  • transaction history (amount, currency, date, status, refunds, chargebacks).

UNICASH does not store full primary account numbers, card verification values, or wallet credentials. Card data is handled directly by UNICASH's payment processors and is stored on their PCI-DSS-compliant systems.

4.4 Receipt scanning information

When a Member uses the Scan Receipts feature, UNICASH collects:

  • photographs or images of receipts;
  • OCR-extracted text (including merchant name, transaction date and time, line items, totals, and payment-method indicator);
  • a SHA-256 cryptographic hash of the receipt image;
  • a perceptual hash of the receipt image; and
  • a transaction fingerprint derived from receipt content (used to detect duplicate submissions).

Receipt content may incidentally include information about purchasing patterns, locations, or products. UNICASH uses this information only for the purposes set out in clause 6 and protects it consistently with clause 15.

4.5 Gift Card redemption information

When a Member redeems Points for a Gift Card through the Gift Card Provider (currently Prezzee Pty Ltd), UNICASH collects:

  • Recipient email address;
  • Recipient first name;
  • gift message text (if provided);
  • selected gift style or template; and
  • delivery telemetry from the Gift Card Provider (delivery status, click status, timestamps).

Where a Member provides information about a Recipient other than themselves, the Member must have that Recipient's authority to do so. See clause 4.10.

4.6 Verification information (for winners and risk reviews)

Where required to verify identity, age, residency, or eligibility, UNICASH may collect:

  • a copy of a government-issued identification document (for example, driver's licence or passport);
  • a self-declaration or photograph for liveness verification (provided by a third-party identity verification service); and
  • a signed declaration or release where required by a trade promotion permit.

Identification documents are retained only for the period reasonably necessary to verify eligibility and meet permit record-keeping obligations.

4.7 Device and technical information

  • IP address (current and historical);
  • device type, operating system, browser type and version, app version;
  • approximate location derived from IP address;
  • referring URL and pages visited;
  • timestamps of interaction;
  • session identifiers and authentication tokens;
  • crash reports and diagnostic logs; and
  • cookies and similar tracking technologies (see clause 13).

4.8 Communications and support information

  • the content of emails, SMS messages, in-app messages, support tickets, and chat conversations between the Member and UNICASH;
  • recordings or transcripts of telephone calls with the UNICASH support team (where applicable, with notice given before the call);
  • survey responses; and
  • feedback and complaints.

4.9 Fraud-detection signals

UNICASH generates, holds, and acts on fraud and abuse signals derived from Platform activity. These may include velocity metrics, repeated-image hashes, IP and device fingerprints, behavioural patterns, and pattern matches against known abuse indicators. See clause 12.

4.10 Third-party Personal Information provided by a Member

A Member may provide Personal Information about other individuals (for example, a Gift Card Recipient). The Member warrants that the Member has the authority to do so and has made the individual aware of this Policy, including how the individual's Personal Information will be used.

4.11 Information voluntarily provided

A Member may provide additional Personal Information through marketing surveys, prize claim forms, or other voluntary submissions.

UNICASH does not solicit Sensitive Information unless it is strictly necessary for a specific purpose (such as the limited use of a photograph for liveness verification) and the Member has consented.

5. How UNICASH collects Personal Information

5.1 Directly from the individual, including when the individual:

  • creates an Account or updates a profile;
  • subscribes to a Membership or purchases a Point Booster;
  • enters a Draw or claims a Prize;
  • submits a Receipt or redeems a Gift Card;
  • contacts UNICASH support or responds to a survey;
  • subscribes to or interacts with UNICASH marketing communications; or
  • participates in promotions or campaigns.

5.2 Automatically, when an individual uses the Platform, through cookies, analytics, server logs, mobile telemetry, and similar technologies (see clause 13).

5.3 From third parties, including:

  • payment processors (transaction status, fraud signals);
  • identity verification providers (verification result);
  • the Gift Card Provider and Prize fulfilment providers (delivery status);
  • analytics and attribution providers (campaign performance);
  • marketing partners that have the individual's consent to share information;
  • fraud-prevention databases and industry shared lists, where lawful; and
  • publicly available sources, where lawful and proportionate.

5.4 From other UNICASH users, where another person provides the individual's details (for example, as a Gift Card Recipient). An individual who does not wish UNICASH to process their Personal Information in those circumstances should contact privacy@unicash.com.au.

5.5 Where it is lawful and practicable, UNICASH collects Personal Information directly from the individual concerned. Where Personal Information is collected from a third party, UNICASH takes reasonable steps to ensure the individual is aware of the matters listed in APP 5.

6. Why UNICASH collects, holds, uses, and discloses Personal Information

Personal Information is collected and used for the following primary purposes:

(a) Account operation — registration, authentication, profile management, password recovery, and security; (b) Memberships and Point Boosters — billing, subscription management, renewal, cancellation, refunds, customer service, and management of Membership Benefits; (c) Draws and promotions — accepting entries, deducting Points, conducting draws, identifying and notifying winners, delivering Prizes, and meeting trade promotion permit record-keeping obligations; (d) Scan Receipts — verifying eligibility, calculating Points or Fuel Rewards earned, detecting duplicate or fraudulent submissions, and responding to disputes; (e) Payments — charging the payment method on file (including recurring Membership renewals), refunds, chargebacks, and reconciliation; (f) Gift Card redemption — disclosing required information to Gift Card Providers (such as Prezzee Pty Ltd) for fulfilment and delivery to the nominated Recipient; (g) Identity and eligibility verification — for winners, suspected fraud reviews, and where otherwise required by law or by a trade promotion permit; (h) Communications — including service notices, transactional messages, security alerts, support responses, Draw outcomes, and (with consent or where otherwise permitted by law) marketing communications; (i) Fraud, abuse, and unlawful conduct detection and prevention — including operating the fraud-signals queue, investigating chargebacks, and enforcing the Terms; (j) Platform improvement — analytics, performance monitoring, A/B testing, product development, and customer research; (k) Legal compliance — including the Privacy Act, the Spam Act 2003 (Cth), the Australian Consumer Law, anti-money-laundering regulation (where applicable), tax law, and trade promotion permit conditions; and (l) Legal proceedings — establishing, exercising, or defending legal claims, and responding to lawful requests by regulators, courts, or law enforcement.

Where Personal Information is collected for a primary purpose, UNICASH may also use or disclose it for a related secondary purpose where the individual would reasonably expect UNICASH to do so, where the individual has consented, or where the use is otherwise permitted by the APPs.

7. The basis on which UNICASH collects and uses Personal Information

UNICASH is not a public sector agency, however the APPs require collection and use to be lawful and fair. UNICASH relies on one or more of the following bases for each handling activity:

(a) the individual's consent (express or implied); (b) necessity to provide the Platform, including to perform contractual obligations (for example, processing a Membership payment or fulfilling a Prize); (c) UNICASH's legitimate operational interests in maintaining a safe, fraud-free, and reliable Platform, balanced against the individual's privacy expectations; (d) legal obligation, where required by law to collect, retain, or disclose information; and (e) vital interests, in rare cases where this is necessary to prevent serious harm.

An individual may withdraw a consent at any time by contacting privacy@unicash.com.au or by using the unsubscribe controls described in clause 11. Withdrawal of consent does not affect lawful processing already carried out and may limit UNICASH's ability to provide some features.

8. Disclosure of Personal Information

8.1 UNICASH may disclose Personal Information to the following categories of recipients:

(a) UNICASH personnel — employees, contractors, and authorised representatives of UNICASH on a need-to-know basis; (b) payment processors — including Stripe Payments Australia Pty Ltd and any other payment processors notified on the Platform from time to time; (c) Gift Card and Prize fulfilment providers — including Prezzee Pty Ltd, where the Member has redeemed Points for a Gift Card or where UNICASH is delivering a Prize; (d) cloud and infrastructure providers — including hosting providers, database providers, content delivery networks, and object storage providers (used to store receipt images and Platform data); (e) communications providers — email, SMS, push notification, and customer support platform providers; (f) analytics, attribution, and performance providers — used to understand Platform usage and improve the service; (g) identity verification and anti-fraud providers — where the individual is subject to winner verification, eligibility check, or fraud review; (h) professional advisers — including lawyers, accountants, auditors, and insurers, subject to professional confidentiality obligations; (i) regulators, courts, and law enforcement agencies — where required or authorised by law; (j) a successor entity — in the event of a merger, acquisition, restructure, or asset sale, in which case UNICASH will require the successor to handle Personal Information consistently with this Policy; and (k) other parties to which the individual directs or consents to disclosure.

8.2 A current list of categories of third-party service providers used by UNICASH is available on request from privacy@unicash.com.au.

8.3 UNICASH does not sell Personal Information.

9. Service providers and overseas disclosure (APP 8)

9.1 Some service providers are located, host data, or process Personal Information outside Australia. The current likely recipient countries include [the United States of America, the European Union, and the United Kingdom]. The full and current country list must be confirmed against UNICASH's sub-processor register before publication.

9.2 The categories of overseas recipients include:

(a) payment processing — Stripe, where data may be processed in the United States and other countries in which Stripe operates; (b) Gift Card fulfilment — Prezzee Pty Ltd, which may host and process data in the United States or other jurisdictions in which it operates; (c) cloud infrastructure — [AWS / Google Cloud / similar provider], where data may be processed in Australian and overseas regions; (d) communications platforms — email, SMS, and push providers that may operate from overseas regions; and (e) analytics and performance tools — which may store aggregated and identifiable data overseas.

9.3 Before disclosing Personal Information overseas, UNICASH takes reasonable steps in the circumstances to ensure that the recipient does not breach the APPs in relation to the information, including through contractual data processing terms, security warranties, and (where appropriate) reliance on the recipient's compliance with comparable data protection frameworks. The basis on which UNICASH relies on the exceptions in APP 8.2 (if any) must be confirmed by legal review.

9.4 By providing Personal Information to UNICASH, the individual acknowledges that it may be disclosed to and processed in the countries described in this clause.

10. Cross-platform disclosures specific to UNICASH

10.1 Prezzee Gift Card redemption

Where a Member redeems Points for a Gift Card delivered through Prezzee Pty Ltd, UNICASH discloses the following Personal Information to Prezzee for the purpose of fulfilling and delivering the Gift Card:

  • Recipient email address;
  • Recipient first name;
  • gift message text;
  • selected gift style;
  • order amount and currency; and
  • an internal UNICASH reference identifier.

Prezzee handles the Recipient's Personal Information under its own privacy policy, available on its website. UNICASH does not directly receive or store the Gift Card code; Prezzee delivers the code to the Recipient.

Where a Member provides a Recipient's email address, the Member warrants that the Member has the Recipient's authority to do so and has made the Recipient aware that their information will be passed to Prezzee.

10.2 Stripe payments

Payment details are submitted directly to Stripe by the Member's browser or app. Stripe handles those details under its own privacy and security obligations and returns to UNICASH only the data UNICASH requires to operate the Account (such as transaction status, last four digits of the card, payment method type, and processor identifiers).

10.3 Identity verification

Where identity verification is required (for example, before paying a Prize), UNICASH may share specific identity attributes with an identity verification provider for the limited purpose of verifying identity, age, and residency. UNICASH does not use the results for any other purpose.

11. Direct marketing and communications (APP 7 and the Spam Act 2003)

11.1 Service communications. A Member with an active Account receives transactional and service communications, including:

  • account, billing, and security notices;
  • Membership renewal, payment, and cancellation notices;
  • Draw entry confirmations and Prize fulfilment messages; and
  • changes to this Policy or to the Terms and Conditions.

These communications are necessary for operating the Platform and may not be opted out of while the Account remains active.

11.2 Marketing communications. With the Member's consent (or where otherwise permitted by the Spam Act 2003 and the Privacy Act 1988), UNICASH may send marketing communications by email, SMS, push notification, or other electronic means. Marketing communications may include offers, promotions, Draw announcements, partner offers, and product updates.

11.3 Opt-out. A Member may unsubscribe from marketing communications at any time by:

  • using the unsubscribe link in any marketing email;
  • replying STOP to any marketing SMS;
  • updating communication preferences in the Account; or
  • contacting privacy@unicash.com.au.

UNICASH will process opt-outs promptly and in any event within the periods required by the Spam Act 2003.

11.4 Sender identification. Marketing communications sent by UNICASH will identify the sender and include functional unsubscribe instructions, as required by the Spam Act 2003.

11.5 No purchased or rented marketing lists. UNICASH does not purchase or rent marketing lists from third parties for the purpose of cold-marketing to non-customers.

12. Receipt scanning, fraud prevention, and behavioural analysis

12.1 Receipt scanning data is used to: (a) verify that a Receipt is eligible for Points or Fuel Rewards; (b) calculate the reward amount; (c) prevent duplicate submissions of the same Receipt (through cryptographic hash, perceptual hash, and transaction fingerprint comparisons); and (d) investigate disputes or suspected abuse.

12.2 Fraud-prevention signals may be generated and stored to detect patterns of misuse, including: (a) repeated submission patterns; (b) velocity metrics across Accounts; (c) device, network, and IP signals; (d) Draw-entry patterns; and (e) pattern matches against known abuse indicators.

12.3 Automated decisions. Some abuse checks are performed automatically. Where an automated check materially affects a Member's access to the Platform (for example, blocking an Account), the Member may request human review by contacting privacy@unicash.com.au.

12.4 Receipt images, hashes, and related fraud signals are retained for the period described in clause 16, after which they are deleted in accordance with UNICASH's purge processes (which include a long-term archival tier).

13. Cookies, analytics, and similar tracking

13.1 The Platform uses cookies, local storage, pixels, software development kits (SDKs), and similar technologies (together, Tracking Technologies) to operate, secure, measure, and improve the service.

13.2 The categories of Tracking Technologies used include: (a) strictly necessary — required for the Platform to function (for example, authentication and session management); these cannot be disabled without breaking the service; (b) functional — remember preferences and settings; (c) performance and analytics — measure aggregate usage and Platform performance (for example, [Google Analytics 4 / PostHog / Mixpanel]); and (d) marketing and attribution — measure the effectiveness of campaigns and (with consent, where required) deliver tailored messaging.

13.3 An individual may control cookies through browser settings, device permissions, and the UNICASH cookie preference controls (where displayed). Disabling cookies may limit functionality.

13.4 Where required by law, UNICASH displays a cookie banner and obtains consent for non-essential cookies before deploying them.

14. Children's privacy

14.1 The Platform is intended for adults aged 18 years and over. UNICASH does not knowingly collect Personal Information from individuals under 18.

14.2 An individual who believes a person under 18 has provided Personal Information to UNICASH should contact privacy@unicash.com.au. UNICASH will take reasonable steps to delete that information.

15. Security of Personal Information (APP 11)

15.1 UNICASH takes reasonable steps to protect Personal Information from misuse, interference, loss, unauthorised access, modification, and disclosure. These measures include: (a) encryption in transit (TLS) and encryption at rest for sensitive datasets; (b) salted password hashing; (c) tokenised payment data (handled by Stripe); (d) role-based access controls and least-privilege access for staff; (e) multi-factor authentication for high-risk administrative actions; (f) logging, monitoring, and intrusion detection; (g) secure software development practices and dependency management; (h) regular vulnerability and penetration testing; (i) vendor risk reviews of material service providers; and (j) staff confidentiality obligations and training.

15.2 UNICASH does not warrant that the Platform is, or will remain, free from security incidents. UNICASH's obligation under this Policy is limited to taking the reasonable steps required by APP 11.1.

15.3 Member responsibilities. The Member is responsible for keeping the Member's password and Account credentials secure and for promptly notifying UNICASH of any suspected unauthorised access at privacy@unicash.com.au or support@unicash.com.au.

16. Retention and deletion

16.1 UNICASH retains Personal Information only for so long as is reasonably necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax, audit, regulatory, and dispute-resolution obligations.

16.2 Indicative retention periods (which may be longer where required by law): (a) Account data — for the life of the Account and for a reasonable period after closure to handle disputes and chargebacks; (b) Payment and transaction records — for the period required by Australian tax and accounting law (typically at least five years); (c) Receipt images and OCR data — for 12 months from the date of submission, after which they are purged in accordance with the scheduled purge process. Receipt hashes and transaction fingerprints used solely for duplicate detection may be retained for longer in a minimised form; (d) Identity verification documents — for the period reasonably necessary to verify eligibility plus the period required by any applicable trade promotion permit, and then securely deleted; (e) Draw entry and Prize records — for the period required by the relevant trade promotion permit and, in any event, at least the period during which a dispute could reasonably arise; (f) Fraud-prevention signals — for so long as is reasonably necessary to detect and prevent recurring abuse; (g) Support communications — for a reasonable period to address recurring or related issues; and (h) Backups and archives — until they are overwritten in the ordinary cycle.

16.3 When Personal Information is no longer required, UNICASH takes reasonable steps to destroy or de-identify it, in accordance with APP 11.2.

16.4 Some Personal Information may continue to exist in archival systems for a short period after deletion from active systems. During that period, access is restricted and use is limited to legal, compliance, and recovery purposes.

17. Notifiable Data Breaches

17.1 UNICASH complies with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth).

17.2 Where UNICASH suffers a data breach that is likely to result in serious harm to any individual whose Personal Information is involved, UNICASH will: (a) take prompt action to contain the breach and mitigate harm; (b) assess whether the breach is an "eligible data breach" under the NDB scheme; (c) notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable; and (d) notify affected individuals as soon as practicable, with information about the breach and the steps they can take.

17.3 Suspected security or privacy incidents should be reported to privacy@unicash.com.au.

18. Access to and correction of Personal Information (APP 12 and APP 13)

18.1 Access. An individual may request access to the Personal Information UNICASH holds about that individual by contacting privacy@unicash.com.au. UNICASH will respond within a reasonable period (typically 30 days). UNICASH may require reasonable identity verification before responding. Where access is refused, UNICASH will provide written reasons in accordance with the Privacy Act.

18.2 Correction. An individual who believes Personal Information held by UNICASH is inaccurate, out of date, incomplete, irrelevant, or misleading may contact privacy@unicash.com.au. Where UNICASH is satisfied of the correction, UNICASH will make it without charge. Where UNICASH is not satisfied, UNICASH will explain its reasons and the individual may request that a statement of the individual's view be attached to the relevant record.

18.3 No charge for access. UNICASH does not charge for receiving or responding to a request, however reasonable costs may apply to the act of providing access in particular formats.

18.4 Self-service. Many fields (name, email, phone, communication preferences) may be reviewed and updated directly in the Account.

19. Anonymity and pseudonymity (APP 2)

19.1 Where lawful and practicable, an individual may interact with UNICASH anonymously or under a pseudonym.

19.2 Most Platform features require identifying information because UNICASH must: (a) verify the Member is 18 years of age or older and an Australian resident; (b) charge a payment method; (c) record Draw entries and validate Prize winners; and (d) comply with the Australian Consumer Law, applicable tax law, and trade promotion permits.

19.3 Public pages of the website may be browsed without creating an Account.

20. Government-related identifiers (APP 9)

UNICASH does not use government-related identifiers (such as driver's licence numbers, passport numbers, Medicare numbers, or tax file numbers) as its own identifier for individuals. Where UNICASH collects a government-related identifier as part of identity verification, UNICASH uses it only to verify identity and meet regulatory obligations, and deletes it as soon as it is no longer required.

21. Complaints

21.1 An individual who believes UNICASH has breached the Privacy Act or this Policy should contact the UNICASH Privacy Officer at privacy@unicash.com.au. The complaint should include: (a) the individual's name and contact details; (b) the nature of the concern; (c) any relevant dates, communications, or screenshots; and (d) the outcome sought.

21.2 UNICASH will acknowledge the complaint and aim to resolve it within 30 days of receipt. Complex matters may take longer; UNICASH will keep the complainant informed in those cases.

21.3 Escalation. If the complainant is not satisfied with UNICASH's response, the complainant may lodge a complaint with the Office of the Australian Information Commissioner:

  • Website: oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5288, Sydney NSW 2001

22. Changes to this Policy

22.1 UNICASH may update this Policy. The current version is always available at unicash.com.au/privacy.

22.2 Where a change is material, UNICASH will give reasonable prior notice (for example, by email or in-Platform notification) before the change takes effect.

22.3 Continued use of the Platform after the effective date of an update constitutes acceptance of the updated Policy.

23. Contact

Enquiries about this Policy, Personal Information, or how UNICASH handles privacy should be directed to the UNICASH Privacy Officer:

Privacy Officer [UNICASH Pty Ltd] ABN [90 693 062 538] [45 St Georges Terrace, Perth WA 6000] Email: privacy@unicash.com.au General support: support@unicash.com.au Web: unicash.com.au

This Privacy Policy is to be read alongside the UNICASH Terms and Conditions, the UNICASH Refund Policy, and any applicable Promotion-Specific Terms. Pre-launch versions of this document remain subject to legal review and may be updated before the public launch date.

Questions about this document?

UNICASH support is based in Australia. Email support@unicash.com.au or visit the Contact page.

UNICASH Pty Ltd · ABN 90 693 062 538 · 45 St Georges Terrace, Perth WA 6000.