The fine print, in plain words
Privacy Policy
Last updated 2 July 2026 · Applies to vindo.com.au and Vindo-built ordering sites
Vindo builds online ordering sites for independent hospitality venues in Melbourne's north. We handle personal information the way we handle pricing: published, plain and with no surprises. This policy explains what we collect, why, who sees it, and what you can do about it — in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We hold ourselves to the APPs even where a small-business exemption might apply.
1. Who we are
Vindo is an Australian business operating from Melbourne, Victoria, providing online ordering websites and related services to independent food venues. In this policy, "we", "us" and "Vindo" mean the operator of vindo.com.au.
Privacy contact: hello@vindo.com.au.
2. What we collect, and where it goes
On this marketing site (vindo.com.au)
- Walkthrough form. The "book a walkthrough" form opens an email in your email app with your name, venue, suburb and phone number filled in. Nothing is stored on our servers by that form — the information reaches us only if you choose to send the email.
- Email you send us. If you write to hello@vindo.com.au we keep the correspondence so we can respond and keep track of the conversation.
- On your device only. The site remembers your light/dark preference, and the demo remembers its own demo state (a pretend cart, pretend points), in your browser's local storage. That data never leaves your device and you can clear it in your browser at any time.
- Hosting logs. The site is served by Cloudflare, whose infrastructure keeps standard, short-lived technical logs (such as IP address and request details) for security and performance. We run no advertising trackers and no third-party analytics cookies.
On Vindo-built ordering sites (when you order from a venue)
- Order details. What you ordered, your name, and your mobile number — collected so the venue can prepare your order and so we can send order confirmations and updates by SMS.
- Payment. Payments are processed by Stripe. Your card details go directly to Stripe over an encrypted connection and never touch Vindo's servers. Stripe's own privacy policy applies to its processing: stripe.com/au/privacy.
- Delivery address, if you choose delivery, so the venue can get the food to you.
3. How we use it
- To respond to enquiries and provide walkthroughs and demos.
- To operate ordering sites: process orders, send order confirmations and status updates, and help venues resolve issues with an order.
- To meet legal obligations (for example tax and record-keeping).
Marketing: we only send marketing messages with your consent, every message identifies us and includes a working unsubscribe, and we honour opt-outs promptly — as the Spam Act 2003 (Cth) requires.
Two promises that go beyond the law:
- We never sell personal information. To anyone.
- A venue's customer list belongs to the venue. Vindo never markets to a venue's customers without that venue's — and where required, the customer's — explicit opt-in.
5. How we protect it (APP 11)
- All Vindo sites are served over HTTPS only.
- Card data is handled exclusively by Stripe (PCI DSS Level 1); Vindo's own systems are kept out of card-data scope by design.
- Access to personal information is limited to what's needed to run the service, and protected by strong authentication.
- We keep personal information only as long as it's needed for the purposes above or as the law requires, then delete or de-identify it.
If something goes wrong: we follow the Notifiable Data Breaches scheme. If a breach is likely to result in serious harm, we will notify affected people and the Office of the Australian Information Commissioner (OAIC) as required.
6. Access, correction and complaints (APPs 12–13)
You can ask us at any time to:
- see the personal information we hold about you;
- correct it if it's wrong; or
- delete it, where we're not legally required to keep it.
Email hello@vindo.com.au — we'll respond within a reasonable time (normally within 30 days) and won't charge you for asking.
If you're not happy with our response, you can complain to the Office of the Australian Information Commissioner: oaic.gov.au · 1300 363 992.
7. Changes to this policy
If we change this policy we'll post the new version here with a new "last updated" date. Material changes to how ordering data is handled will also be flagged to our venue partners directly.