Prelo Pty Ltd (“Prelo”, “we”, “us”, or “our”) is committed to handling personal information in a responsible and transparent manner. This Data Retention Policy explains how long we retain different categories of data and the purposes for which such data is retained. This Policy should be read in conjunction with our Privacy Policy and Terms of Service.

1. Purpose of This Policy

 

This Policy outlines:

•    the types of data we collect;
•    how long each category of data is retained;
•    the reasons for retaining data;
•    when and how data is de-identified or destroyed;
•    your rights to request deletion of your data.

 

We retain personal information only for as long as reasonably necessary for the purposes for which it was collected or to comply with legal, regulatory, and operational obligations, in line with Australian Privacy Principle 11.2.

 

2. Categories of Data and Retention Periods

 

2.1 Account Information

 

This includes information we use to create and manage your account, such as:
•    name, username, email address, mobile number, postal address, profile picture
•    account credentials
•    internal user ID and account status
•    Trust Badge verification status
•    notification and communication preferences
•    favourites
•    dates of account creation and closure

 

Retention Period:
•    Retained while your account remains active.
•    Permanently deleted or de-identified after 3 years of inactivity, unless required longer for legal, regulatory, or fraud-prevention purposes.
•    If your account is closed, Account Information is permanently deleted or de-identified within 12 months, following a 30-day grace period, unless further retention is required for lawful purposes.

 

Reason:
Maintain user accounts, authentication, fraud prevention.

2.2 Identity Verification Data (Trust Badge)

Includes:
•    government-issued ID details
•    proof of address documentation
•    document type and issuing authority
•    verification metadata
•    verification status

 

Retention Period:
•    Retained while your account remains active and for up to 3 years after your most recent verification activity, unless required longer for fraud prevention, dispute resolution, or legal compliance.
•    If your account is closed, this data is permanently deleted or de-identified within 12 months, unless retention is required to resolve disputes or comply with lawful obligations.
•    Identity Verification Data may be de-identified earlier where no longer reasonably necessary for verification, security, or compliance.

 

Reason:
Prevent fraud, maintain platform integrity, comply with legal and insurance audit requirements.

2.3 Transaction and Payment Records

 

Includes:
•    transaction amounts
•    payout details
•    Stripe transaction IDs
•    transaction timestamps
•    financial logs

 

Retention Period:
•    Retained for 7 years to comply with Australian taxation, corporate, and financial record-keeping obligations.
•    May be retained longer as required for audits, dispute resolution, chargebacks, fraud-prevention, or legal compliance.

 

Reason:
•    Required under the Corporations Act and ATO record-keeping standards.
•    Necessary for chargebacks, audits, and dispute investigations.

 

2.4 Shipping and Courier Data

 

Includes:
•    shipping addresses
•    pickup/delivery details
•    courier tracking numbers
•    Easyship export data

 

Retention Period:
•    Retained while your account remains active.
•    Permanently deleted or de-identified after 3 years of inactivity, unless required longer for legal, regulatory, or fraud-prevention purposes.
•    If your account is closed, this data is permanently deleted or de-identified within 12 months, following a 30-day grace period, unless further retention is required for lawful purposes.

 

Reason:
Required for dispute resolution, courier investigations, and insurance claims.

 

2.5 Dispute and Insurance Records

 

Includes:
•    dispute messages
•    evidence (photos, screenshots, videos)
•    insurance claim documentation
•    internal review notes

 

Retention Period:
•    Retained for up to 7 years from the date the dispute or claim is finally resolved.
•    May be retained longer where necessary for legal, insurance, regulatory, or fraud-prevention purposes.

 

Reason:
Supports fraud prevention, insurance assessments, and legal defensibility.

 

2.6 User Messaging and Communications

 

Includes:
•    in-app chat messages
•    support messages and tickets
•    in-app notifications
•    email communications
•    dispute correspondence
•    relevant metadata

 

Retention Period:
•    In-app notifications are retained for 90 days after the notification date.
•    Other messages and communications are retained for 18 months after the date of communication.
•    Information may be retained longer where required for active disputes, fraud-prevention, or legal compliance.

 

Reason:
Assist with disputes, detect misconduct, prevent fraud.

 

2.7 Listings, Reviews and User-Generated Content

 

Includes:
•    listing descriptions and photos
•    user reviews and ratings
•    comments and public-facing content

 

Retention Period:
•    Listings and associated content remain available while the listing is active.
•    Upon account closure, Listings, Reviews, and User-Generated Content are retained for 12 months, unless required longer for dispute resolution or fraud-prevention.
•    Certain content may remain publicly visible where already shared or where legally permissible.

 

2.8 Device, Log, and Analytics Data

 

Includes:
•    IP address, device ID
•    login logs and security events
•    OTP codes
•    usage patterns and analytics data
•    cookies and similar tracking technologies

 

Retention Period:
•    OTP codes are retained for up to 10 minutes for security purposes.
•    Device, log, and analytics data are retained for up to 12 months, and may be de-identified earlier where practicable.
•    Aggregated or de-identified analytics data may be retained indefinitely for statistical, security, or operational improvement purposes.

 

Reason:
Improve safety, detect suspicious activity, analyse platform performance.

 

3. Deletion and De-Identification

 

When data is no longer needed for any lawful purpose, we:
•    permanently delete it, or
•    de-identify it so it can no longer be linked to an individual.

 

De-identified data may be used for analytics, market insights, or platform improvements.

 

4. Exceptions: When We May Retain Data Longer

 

We may retain data beyond the stated periods if:
•    it is required for an active investigation;
•    it is needed for insurance, chargebacks, fraud analysis, or dispute resolution;
•    legal obligations require longer retention;
•    a law enforcement agency requests preservation of records;
•    it is necessary to protect Prelo or its users.

 

5. User Requests for Data Deletion

 

You may request deletion of your personal information at any time by contacting contact@prelo.com.au.

 

However, deletion cannot occur where the data:
•    is needed for an active dispute or investigation;
•    must be retained for legal or tax purposes;
•    forms part of mandatory business records;
•    is required to prevent fraud or abuse.

 

We will inform you if certain data cannot be deleted immediately.

 

6. Security of Retained Data

 

Prelo implements reasonable safeguards to protect retained data, including:
•    encryption
•    access controls
•    secure cloud infrastructure
•    audit logging
•    staff access restrictions

 

In the event of an eligible data breach, Prelo will comply with the Notifiable Data Breaches (NDB) scheme.

 

7. Changes to This Policy

 

We may update this Policy from time to time. The most current version will be available on the Platform. Continued use of the Platform after an update constitutes your acceptance of the revised Policy.

 

8. Contact Us

 

If you have questions about this Data Retention Policy, please contact us at: contact@prelo.com.au