Privacy policy

Privacy Policy
Last updated: September 30, 2025

1. Overview / Scope

Cat & Koi (ABN: 93 160 982 477) operates this online store and related services (the “Services”). This Privacy Policy explains how we collect, hold, use and disclose personal information, your rights, and how to contact us about privacy matters. We follow the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) when handling personal information.

2. What is “Personal Information”

Personal information” means information or an opinion about an identifiable individual (for example name, address, email, payment details, IP address). Personal information does not include anonymised or de-identified information.

3. Personal Information We Collect

We may collect:

  • Contact details (name, email, postal and shipping addresses, phone).
  • Account credentials (username, password, preferences).
  • Transaction/payment information (order history, payment method, billing details).
  • Device and technical data (IP address, device identifiers, browser and connection data).
  • Usage and analytics (pages viewed, products browsed, cart activity).
  • Communications you send us (support requests, reviews).

We do not collect sensitive information unless required and with consent (for example, sensitive health information would only be collected where necessary and with explicit consent).

4. How We Collect Personal Information

We collect information:

  • Directly from you (account creation, checkout, support forms);
  • Automatically when you use the Services (cookies, web beacons, tracking pixels, and server logs);
  • From service providers and partners (payment processors, fulfilment companies, analytics, and advertising platforms); or
  • From public or third-party sources (where permitted).

When we collect personal information we will, where practicable, take reasonable steps to notify you of the collection, the purposes, and any usual disclosures (see APP 5).

5. Purposes of Collection and Use

We use personal information to:

  • Provide, administer and improve the Services, process orders and payments, handle returns and deliveries, and provide customer service;
  • Personalise your shopping experience and send service messages (order confirmations, delivery updates);
  • Detect and prevent fraud, abuse, or other illegal activity;
  • Send marketing and promotional communications where you have consented (you may opt out at any time); and
  • Comply with legal obligations (tax, reporting) and enforce our terms.

We will only use personal information for purposes compatible with the purpose of collection, or otherwise permitted by law.

6. Disclosure to Third Parties

We may disclose personal information to:

  • Platform & infrastructure providers (Shopify) and payment processors (e.g. Shopify Payments, PayPal, Stripe) to operate the store and process payments;
  • Logistics & fulfilment partners (e.g. Australia Post, Aramex, couriers) to deliver orders;
  • Marketing and analytics providers (e.g. Google Analytics, advertising networks, email platforms) to provide marketing and analytics services;
  • Professional advisors, auditors, service providers, and contractors who help us run the business; and
  • Law enforcement, regulators or courts, to comply with legal obligations.

When we disclose personal information to third parties we require them to handle it securely and only for the disclosed purpose.

7. Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy . Depending on where you live, you may exercise certain rights with respect to your personal information here Shopify Privacy Portal Link.

8. Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

9. Cross-Border Disclosures

Some service providers and partners are located overseas. When we disclose personal information to overseas recipients (for example hosting, analytics or advertising providers), we will take reasonable steps to ensure that those recipients will handle your information in a way that provides protection comparable to the APPs (for example by contract or other safeguards), unless you consent or an exception applies under APP 8. You may ask us which countries your data may be transferred to and which safeguards we rely upon.

10. Cookies, Tracking Pixels, and Online Advertising

We use cookies, tracking pixels and similar technologies to provide and improve the Services, analyse trends, and serve targeted advertising. Examples of technologies that may be used include cookies, Google Analytics, Facebook/Meta pixels, and advertising identifiers. You can manage cookie preferences using the cookie banner or your browser settings; you may also opt out of many forms of targeted advertising using industry opt-out tools. We follow OAIC guidance on use of tracking pixels and will be transparent about the technologies we use.

11. Marketing & Commercial Communications

We only send marketing messages if you have consented (e.g. you ticked an opt-in checkbox or you otherwise provided consent). All marketing emails include an unsubscribe link and we will action unsubscribe requests promptly. We also comply with the Spam Act 2003 (Cth) when sending commercial electronic messages (consent, identification, and an unsubscribe facility).

12. Children’s Privacy

The Services are not directed at children. We do not knowingly collect personal information from children under 16. If we become aware we have collected personal information from a child without parental consent we will delete it. If you are a parent or guardian and believe we hold a child’s personal information, contact us to request deletion.

13. Security and Retention

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure (for example, access controls, encryption and restricted access). However no system is completely secure — we cannot guarantee absolute security. In the event of an eligible data breach we will comply with our obligations under the Notifiable Data Breaches (NDB) scheme and notify affected individuals and the OAIC where required.

We retain personal information only as long as necessary for the purposes described or to meet legal requirements. For example, transaction and tax records are generally retained for at least five years (and sometimes longer) to satisfy tax and business record-keeping obligations. See the ATO for specific retention rules.

14. Access, Correction, and Complaints

You may request access to the personal information we hold about you or request correction by contacting us at info.catandkoi@gmail.com. We will respond to requests in a timely way; in most cases we will respond within 30 calendar days. We will not charge for a request to access or correct your personal information but may charge a reasonable fee for providing access in limited circumstances (for example, where there are substantial administrative costs).

If you are not satisfied with our response you may make a complaint to the Office of the Australian Information Commissioner (OAIC) (see https://www.oaic.gov.au). We will also cooperate with the OAIC in relation to any investigation.

15. Overseas Disclosure
Some service providers that help us operate the store (including Shopify, payment processors, and shipping partners) may store or process personal information outside Australia. We take reasonable steps to ensure these providers handle your information in accordance with the Australian Privacy Principles.

16. Changes to this Policy

We may update this Privacy Policy from time to time. We will post updates on this page and update the “last updated” date. Where required by law or where a change is material we will try to notify you directly (for example by email).

17. Contact

Privacy enquiries, access/correction requests or complaints: info.catandkoi@gmail.com

Further reading / regulator links: Office of the Australian Information Commissioner (OAIC) — Australian Privacy Principles & Notifiable Data Breaches: https://www.oaic.gov.au. ACMA — Spam Act guidance: https://www.acma.gov.au. Shopify privacy tools: https://privacy.shopify.com.