Privacy Policy

If you subscribe to the daily drop email, we store your email address in our database. We use it for one purpose only: to send you one email per day when a new product drops.

We will never sell, rent, or share your email address with any third party for marketing purposes. The only service that ever touches your email is Resend (our email provider — see Third Parties below), which delivers the email on our behalf.

We also store a boolean flag if you ask to be reminded about tomorrow's drop. That flag is reset after each send.

When you click a GET IT button, we log the following to our database:

• →Product clicked — so we know which drops are performing
• →Where you clicked — homepage, product page, sticky bar, or email — so we understand the layout
• →Timestamp — to see when clicks happen throughout the day
• →Your IP address — for deduplication and rough geographic context (country-level)
• →Your browser's user agent string — to understand device breakdown

This data is used purely to understand which products resonate with our audience — nothing more. We do not use it to build advertising profiles, track you across other sites, or sell it to anyone.

IP addresses are stored in their full form for up to 90 days, then deleted. We may retain anonymised (truncated) counts for longer-term reporting.

To prevent spam on the email signup form, we count how many signup attempts have been made from a given IP address within the last hour. This count is stored in our database and automatically expires. We do not log or retain IP addresses for any purpose beyond this.

We use exactly one cookie: theme. It stores your colour theme preference (dark or light) so we can render the correct theme before the page loads — avoiding a flash of the wrong colours.

This cookie contains no personal information. It has a 1-year expiry and is never sent to any third party.

We do not use advertising cookies, tracking pixels, or any third-party analytics cookies. If we add analytics in the future (we're considering Plausible, which is privacy-friendly and cookie-free), we will update this policy first.

We rely on a small number of third-party services to operate the site:

To be explicit about what we don't do:

• →We do not create user accounts or store passwords
• →We do not process payments — all transactions happen at the retailer
• →We do not use advertising networks or sell ad space
• →We do not use Facebook Pixel, Google Analytics, or similar trackers
• →We do not share your email with any marketing platform

We keep data only as long as it's useful:

• →Subscriber email addresses: until you unsubscribe, then promptly deleted on request
• →Full IP addresses in click logs: up to 90 days
• →Anonymised click counts: indefinitely (no personal data)
• →Rate limit counters: 1 hour (automatic expiry)
• →Theme cookie: 1 year, stored only in your browser

Under the Australian Privacy Act 1988, you have the right to:

• →Know what personal information we hold about you
• →Ask us to correct inaccurate information
• →Ask us to delete your personal information
• →Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your data

To exercise any of these rights, email us at randomshopau@gmail.com. We'll respond within 30 days.

Every email we send includes a one-click unsubscribe link in the footer. You can also unsubscribe by emailing us directly at randomshopau@gmail.com.

Once unsubscribed, we will not send you further marketing emails. Your email address remains in our database marked as inactive (so we don't accidentally re-subscribe you). If you want it deleted entirely, just ask.

If we make meaningful changes to what data we collect or how we use it, we'll update the “Last updated” date at the top of this page. We won't notify existing subscribers of minor clarifications, but we will if something material changes.

Random Shop is operated by an individual in Melbourne, Victoria, Australia.

Questions about this policy or data requests: randomshopau@gmail.com