Privacy Policy

Introduction

This Privacy Policy explains how AUTH SHOES PTY LTD (ABN 37 694 216 950), a company registered in Australia at 30 Fitzhardinge Cres, Evatt, ACT 2617 (“AUTH SHOES”, “we”, “us” or “our”), handles personal information collected through this website and through the services we operate that integrate with third-party platforms such as eBay. We are committed to handling personal information in a manner consistent with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

By using this website or any service we provide, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the website or our services.

Information we collect

We collect personal information in three ways. First, information you provide directly — principally your name and email address when you contact us by email, together with any details you choose to include in your message. Second, information collected automatically when you visit the website, such as your IP address, browser type and version, the pages you view, the date and time of your visit, and basic server log data used to operate and secure the site. Third, information we receive from third-party services where you have authorised an integration — for example, when you authorise AUTH SHOES to access your eBay account through the eBay Developer API, we receive an access token and the specific account data necessary to perform the requested operations.

How we use your information

We use personal information to respond to your enquiries, to operate and improve the website, to provide and maintain any services you have requested, to detect and prevent misuse, and to comply with our legal obligations. We do not use your information for advertising profiling, and we do not engage in cross-site tracking.

eBay integration disclosure

AUTH SHOES PTY LTD operates services that integrate with the eBay Developer API. When a user authorises one of our applications to act on their behalf, eBay issues an OAuth access token to us. We use this token only to perform the operations that the user has expressly authorised, and only for as long as necessary to complete those operations.

We do not store eBay account passwords or login credentials at any point — the OAuth flow is designed specifically so that credentials remain with eBay. We do not sell, rent or share eBay account data with third parties for marketing purposes. Account data received through the eBay API is held under access controls and is used solely to deliver the integrated functionality the user has requested.

Users may revoke our access to their eBay account at any time directly from their eBay account settings, under the “Apps you’ve given access to” section. Once access is revoked, we will cease accessing the account and will delete or de-identify related access tokens in accordance with our retention practices.

Compliance with eBay Marketplace Account Deletion notifications

Where the eBay platform issues a Marketplace Account Deletion or Account Closure notification for a user whose data we hold through the eBay Developer API, we comply fully with eBay’s published policy. We operate a dedicated HTTPS webhook endpoint that is subscribed to these notifications, validates each incoming notification against eBay’s challenge-code mechanism on initial registration, and verifies the authenticity of subsequent notifications against eBay’s published public keys before processing.

Upon receipt of a valid Marketplace Account Deletion notification, we permanently and irrevocably delete all personal data associated with the affected user — including buyer username, shipping address, message history, and any order metadata containing personal identifiers — from our production database, application logs, and backups, within thirty (30) days of receipt. Each notification, the deletion actions taken, and the time of completion are recorded in our immutable audit log for compliance review. We do not retain any personal identifier of the affected user beyond what is technically necessary to complete and verify the deletion process itself.

How we share information

We do not sell personal information. We disclose personal information only in the following limited circumstances: to service providers who process information on our behalf under contractual confidentiality and security obligations (for example, hosting and email infrastructure providers); where required or permitted by Australian law, including in response to a lawful request from a government or regulatory authority; and in the context of a business transfer, such as a merger or acquisition, in which case the recipient will be bound to honour this policy.

Data retention

We retain personal information only for as long as is reasonably necessary for the purposes described in this policy, or for as long as required by law. Email correspondence is retained for the period necessary to address your enquiry and for a reasonable follow-up window thereafter. Server logs are retained for a short rolling window for security and diagnostic purposes. eBay access tokens are retained only for the duration of the authorised integration.

Security

We take reasonable technical and organisational measures to protect personal information against loss, misuse and unauthorised access. The website is served exclusively over HTTPS. Access to systems that handle personal information is restricted to authorised personnel on a need-to-know basis. While no method of transmission or storage is completely secure, we work to maintain protections appropriate to the sensitivity of the information we hold.

Your rights under Australian law

Subject to the Privacy Act and other applicable laws, you have the right to request access to the personal information we hold about you, to request correction of information that is inaccurate or out-of-date, and to request deletion of personal information that we are no longer required to retain. Requests can be sent to zhuoran@authshoes.com.au. If you believe we have not handled your information in accordance with the Australian Privacy Principles, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Cookies

The website uses minimal essential cookies only, for purposes such as remembering basic preferences and supporting core functionality. We do not use advertising cookies, third-party analytics that profile users across sites, or cross-site tracking cookies of any kind.

Children’s privacy

This website and our services are not directed to children under the age of 16, and we do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us and we will take appropriate steps to delete it.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable law. When we do, we will revise the “last revised” date shown at the top of this page. Material changes will be highlighted where appropriate.

Contact us

For any questions about this Privacy Policy or about how your personal information is handled, please contact us:

AUTH SHOES PTY LTD
Email: zhuoran@authshoes.com.au
Post: 30 Fitzhardinge Cres, Evatt, ACT 2617, Australia