Privacy Policy
MISE Systems Pty Ltd ("MISE", "we", "us") operates the MISE booking platform — the consumer iOS app Mise, the merchant iOS app Mise Business, and the website misesystems.com (collectively, the "Services").
This policy explains what personal information we collect, why we collect it, who we share it with, how long we keep it, and the rights you have over your data. We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles. Where you access the Services from outside Australia, additional local laws may apply (for example, the EU GDPR).
1. Information we collect
We only collect information that is necessary to operate the Services and to comply with law. We never sell your data.
| Category | Examples | Why we need it |
|---|---|---|
| Account & contact | Email, phone number, first and last name, profile photo, chosen role (customer / business owner / staff) | To create your account, sign you in, send booking confirmations and reminders, and provide customer support |
| Business onboarding (merchants only) | Business name, ABN, address, premise photos, services and pricing, staff portfolio uploads, bank account information for payouts | To verify each business before it goes live on the platform and to route customer payments to your account |
| Bookings | Bookings you create or receive, the services involved, dates and times, status changes, customer notes | To run the booking flow end-to-end |
| Reviews | Star rating and free-text comment you submit after a completed booking | To help other customers make informed decisions |
| Location | Approximate or precise device location while the customer app is in use (only if you grant permission) | To show premises near you on the map; you can revoke permission any time in iOS Settings |
| Device & usage | Anonymous device identifier, push notification token, app version, OS version, crash reports, broad usage events (e.g. "screen viewed") | To send notifications, diagnose crashes, and understand which features are useful |
| Payment | Last four digits of the card you used to pay, payment timestamp, amount | To show you a receipt and run refunds. Card numbers and CVCs are handled directly by Stripe — we never receive or store them. |
2. How we use your information
- Run the Services. Authenticate you, run searches, complete bookings, process payments through Stripe, send push notifications, and surface reviews.
- Verify merchants. Manually review every business signup before it appears to customers.
- Keep the platform safe. Detect fraud, abuse, and reverse-engineering attempts; honour content reports; enforce our Terms.
- Improve the product. Read aggregated, de-identified usage data to fix bugs and prioritise features. We do not build personal profiles for advertising and we do not sell user lists.
- Comply with law. Tax, accounting, dispute resolution, and lawful requests from authorities.
3. Who we share your information with
We share only the minimum information needed for each partner to do their job for us, and only with partners who are themselves bound by privacy obligations.
- Stripe (Stripe Payments Australia Pty Ltd) — card payments, Stripe Connect Express payouts to merchants. Stripe is the data controller for card-network data. See stripe.com/au/privacy.
- Google / Firebase — authentication, push notifications (FCM), App Check via App Attest and reCAPTCHA, and analytics. See firebase.google.com/support/privacy.
- Apple — App Store distribution, push (APNs), App Attest. See apple.com/legal/privacy.
- DigitalOcean — server hosting (Sydney, Australia), database storage, photo storage. See digitalocean.com/legal/privacy-policy.
- Postmark — transactional emails such as booking confirmations and password resets.
- Sentry — crash and error diagnostics. We configure Sentry to redact personally identifying fields.
- Other businesses on the platform — when you book, the merchant sees your name, contact details, the service you booked, and any notes you attached so they can deliver the appointment.
- Authorities — only when compelled by valid law or a binding court order.
We do not sell your personal information. We do not share it with advertising networks. The Services contain no third-party ad SDKs and no in-app purchases.
4. Where your data is stored
Servers, databases, and uploaded photos are hosted in DigitalOcean's Sydney region (syd1, Australia). Stripe and Google may process some data in the United States and the European Union. All transit is over TLS 1.2+; data at rest is encrypted by the respective provider.
5. How long we keep your data
- Active account: for as long as you keep your account.
- Deleted account: account record and personally identifying fields are removed within 30 days of deletion. Bookings are anonymised but retained for tax and dispute records, in line with the ATO's seven-year minimum retention requirement for financial records.
- Aggregate analytics: retained indefinitely in de-identified form.
6. Your rights
- Access & correction. View and edit your profile inside the app, or email us for a full copy of your data.
- Deletion. Delete your account in-app under Settings → Delete Account. This is permanent and cannot be undone. We honour deletion within 30 days.
- Withdraw permissions. Revoke location, push, camera, or photo-library permissions at any time in iOS Settings → MISE.
- Object to processing. Email us at [email protected] and we will respond within 30 days.
- Complain. Submit a complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you are not satisfied with our response.
7. Children
The Services are not directed at children under 16. If you are under 16, please do not submit personal information through the app. If we learn that we have collected information from a child without verified parental consent, we will delete that information promptly.
8. User-generated content moderation
Customers can leave reviews after a completed booking. Each review can be reported via the in-app menu or hidden from the user's own feed. Reports are addressed to [email protected]. We commit to triaging reports of objectionable content within 24 hours and removing material that violates our Terms.
9. Security
All client–server traffic is encrypted with TLS. Authentication is backed by Firebase Auth and gated by Firebase App Check (App Attest on iOS, reCAPTCHA v3 on web). Card data is handled exclusively by Stripe. Internal admin actions are logged and auditable.
No system is perfectly secure. If you believe your account has been compromised, email [email protected] immediately.
10. Changes to this policy
We will revise this policy when product changes require it. The "Last updated" date at the top of the page reflects the latest revision. Material changes will be highlighted in-app.
11. Contact
MISE Systems Pty Ltd
Sydney, NSW, Australia
Email: [email protected]