Back to YORA

Legal

Privacy Policy — YORA

Effective: 1 July 2026Last updated: April 2026

YORA ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the YORA mobile application and website (collectively, the "Services").

We operate in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).

1. Who We Are

YORA is operated by YORA Pty Ltd, an Australian company.

Contact us: Email: privacy@yorago.com.au Address: Brisbane, Queensland, Australia

2. Information We Collect

Information you provide directly

  • Account information: Name, phone number, email address when you register
  • Booking information: Restaurant, activity, or event bookings you make through YORA
  • Payment information: We use Stripe for payments. We do not store card numbers — Stripe handles all payment data under PCI DSS compliance
  • Communications: Messages you send us via email or in-app support

Information collected automatically

  • Location data: Your GPS coordinates (only when you grant permission) to show nearby venues and sort by distance. We do not store your location history.
  • Device information: Device type, operating system version, app version
  • Usage data: Which screens you visit, features you use, search queries
  • Crash reports: Anonymised error data to improve app stability (via Sentry)

Information we do NOT collect

  • We never collect your payment card numbers
  • We never store your OTP verification codes
  • We do not track your location when the app is in the background
  • We do not sell your personal information to third parties

3. How We Use Your Information

We use your personal information to:

  • Provide the Services — process bookings, display nearby venues, personalise your experience
  • Communicate with you — booking confirmations, reminders, service updates
  • Improve the Services — analyse usage patterns, fix bugs, improve features
  • Comply with legal obligations — maintain records as required by Australian law
  • Prevent fraud — detect and prevent fraudulent activity

We will not use your information for any purpose incompatible with these purposes without your consent.

4. Location Data

YORA uses your location to:

  • Show restaurants, activities, and events near you
  • Sort results by distance
  • Display accurate travel directions

Your control:

  • Location permission is requested only when you first open the app
  • You can change location permissions at any time in your phone's Settings
  • If you deny location permission, the app falls back to your selected city
  • We do not track your location in the background or when the app is closed
  • We do not store your location history

5. How We Share Your Information

We share your information only as follows:

With venues when you book

When you make a booking, we share your name and booking details with the restaurant or activity venue to facilitate your reservation. We do not share your phone number or payment information with venues.

With service providers

We use trusted third-party services to operate YORA. These providers process your data only on our instructions:

Provider Purpose Location
Supabase Database and authentication Sydney, Australia
Stripe Payment processing Australia/USA
Sentry Crash reporting USA
Vercel Website hosting USA
Twilio SMS verification codes USA

All overseas providers are required to handle your data in accordance with Australian privacy standards.

As required by law

We may disclose information if required by Australian law, court order, or to protect the rights and safety of our users.

We will never:

  • Sell your personal information to third parties
  • Share your data with advertisers for targeting purposes
  • Disclose your information without legal basis

6. Data Storage and Security

Where your data is stored: Your data is stored in Supabase's Sydney (Australia) data centre, keeping your data onshore in compliance with Australian data residency best practices.

How we protect your data:

  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Authentication tokens are stored in your device's secure storage (hardware-encrypted)
  • Our database uses Row Level Security — users can only access their own data
  • We conduct regular security reviews and follow OWASP mobile security guidelines
  • Access to production systems is restricted to authorised personnel only

Data retention:

  • Account data: retained while your account is active + 7 years (tax/legal requirements)
  • Booking history: retained for 7 years
  • Location data: not retained after your session ends
  • Crash reports: anonymised and retained for 90 days

7. Your Rights

Under the Australian Privacy Principles, you have the right to:

Access your data You can request a copy of all personal information we hold about you. We will respond within 30 days.

Correct your data If your information is inaccurate or incomplete, you can update it in the app or request a correction from us.

Delete your account You can delete your account and all associated data from Settings → Account → Delete Account. We will process deletions within 30 days. Note: some records may be retained for legal compliance (e.g. completed transaction records for 7 years).

Withdraw consent You can withdraw consent for marketing communications at any time by updating your preferences in Settings or emailing privacy@yorago.com.au.

Make a complaint If you believe we have mishandled your personal information, contact us at privacy@yorago.com.au. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

To exercise any of these rights, contact us at privacy@yorago.com.au. We will verify your identity before processing requests.

8. Children's Privacy

YORA is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us at privacy@yorago.com.au and we will delete the information.

9. Cookies and Tracking

Mobile app: The YORA app does not use cookies. We use device identifiers and session tokens to maintain your logged-in state.

Website (yorago.com.au): Our website uses:

  • Essential cookies: Required for the site to function (session management)
  • Analytics: We may use anonymised analytics to understand how users interact with our site. No personally identifiable information is collected.

We do not use advertising or tracking cookies.

10. Push Notifications

If you grant permission, we may send push notifications for:

  • Booking confirmations and reminders
  • Service updates

You can disable push notifications at any time in your device Settings.

We will not send marketing push notifications without your explicit consent.

11. Third-Party Links

YORA may contain links to third-party websites and services (e.g. restaurant websites, ticketing platforms). We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Sending a push notification to the app
  • Displaying a notice in the app on next login
  • Updating the "Last updated" date above

Continued use of YORA after changes constitutes acceptance of the updated policy.

13. Contact Us

For any privacy questions, requests, or complaints:

Email: privacy@yorago.com.au Response time: Within 30 days

For complaints not resolved to your satisfaction: Office of the Australian Information Commissioner (OAIC) Website: oaic.gov.au Phone: 1300 363 992

This Privacy Policy was prepared with reference to the Privacy Act 1988 (Cth), the Australian Privacy Principles, and the OAIC's guidelines for mobile applications.