Netto

Privacy Policy

Last updated: 17 May 2026

This policy is under legal review and will be updated before Netto opens to the public. If you have questions, contact us at privacy@yourdomain.com.au.

Who we are

We operate Netto — an analytics and intelligence tool that helps independent pizza shop owners understand their business. The platform connects to your existing point-of-sale data via CSV import, lets you track sales by channel, analyse menu profitability, manage supplier invoices, and ask plain-English questions about your numbers using AI.

For privacy enquiries, contact us at: privacy@yourdomain.com.au

We are committed to handling all personal information in line with the Australian Privacy Act 1988 and its Australian Privacy Principles (APPs). Where our platform is accessed by anyone in the European Union, we also comply with the General Data Protection Regulation (GDPR).

What this policy covers — and what it does not

This policy covers information we collect and handle as the operator of this platform.

When you upload your sales data or customer transaction records, you are sharing information about your own customers — their names, phone numbers, and order details. In that situation:

You (the shop owner) are responsible for your customers' data. You are their data controller.
We store and process that data only on your instructions, to provide you with analytics.
Your customers who want to access, correct, or delete their information should contact you directly.

We require all shop owners to have a lawful reason for uploading their customers' data and to have informed their customers that their information may be processed by business analytics tools.

What information we collect

Your account information

When you sign up, we collect your name and email address. We use this to create your account, send you important service updates, and let you log in securely.

Your shop's sales data

When you upload a CSV export from your POS system, we process:

Transaction records: date, customer name (partial), customer phone number, payment method, order amount, GST component, delivery channel, and collection type
Item sales summaries: item name, size, quantities sold, revenue per item
Channel summaries: revenue by sales channel

This data is uploaded by you and is used only to generate analytics and reports for your shop.

Staff and labour data

Shift dates and times, number of staff on shift, hourly rates, and total labour cost — entered manually by you for wage-vs-revenue analysis.

Supplier and invoice data

Supplier names, contact details, invoice amounts, and line items. When you paste a supplier invoice as text, our AI extracts the line items on your behalf.

Bank transaction data

Transaction dates, bank narration descriptions, amounts, and categories — uploaded as a CSV from your business bank account.

Menu data

Item names, categories, sizes, and prices. This is business information, not personal information about individuals.

Technical data

When you use the platform, we automatically collect standard technical information including your IP address, browser type, and usage logs. We use this only to keep the service secure and working correctly. We do not use it for advertising or sell it to anyone.

AI chat queries

When you ask the AI assistant a question, we process your question and retrieve relevant data from your account to generate an answer. These interactions are logged for up to 30 days for troubleshooting purposes, then deleted.

How we use your information

We use your information only to:

Provide, maintain, and improve the platform
Generate reports and analytics that answer your business questions
Process supplier invoice data you paste into the system
Send you important account notices (password resets, security alerts)
Respond to your support requests

We do not:

Sell your data to anyone, ever
Use your data to advertise to you or your customers
Share your data with other pizza shops or competitors
Use your customers' transaction data to build profiles on those individuals
Train AI models on your personal data

Who we share your information with

We share your information only with the service providers who help us run the platform. We require all of them to protect your data and use it only to provide us with specific services.

Supabase

All data is held in Supabase's secure database infrastructure, located in Singapore. Supabase provides our database, user authentication, and server-side processing.

Anthropic

Our AI assistant is powered by Anthropic's Claude API. Only aggregated business summaries are sent to Anthropic to generate answers — never customer names or phone numbers, never raw invoice text. Anthropic does not receive any personally identifiable information about your customers.

Vercel

Our platform is hosted on Vercel's infrastructure. Vercel processes web requests and serves the application. Standard technical data (IP addresses, request logs) passes through Vercel's systems.

Stripe

If you subscribe to a paid plan, your payment is processed by Stripe. We do not store your card details. Stripe's privacy policy governs how they handle your payment information.

We do not sell data to advertisers, data brokers, or any third party for commercial purposes.

Data retention

Account data: Held while your account is active and deleted within 90 days of cancellation, unless we are legally required to keep it longer.
Business transaction and invoice data: Retained for 7 years to comply with Australian tax record-keeping requirements (Tax Administration Act 1953).
AI chat logs: Deleted after 30 days.
Technical logs: Retained for up to 90 days, then deleted.

If your account is inactive for 2 years, we will contact you before deleting it. You can export all your data before closure.

How we protect your information

Encryption in transit: All data between your browser and our servers uses TLS encryption (HTTPS)
Encryption at rest: Your data is encrypted in the database
Row-level security: Our database is configured so that each shop owner can only ever see their own data — it is technically impossible for one shop's data to appear in another shop's account
Restricted access: The platform uses only a restricted database key in all client code. Admin-level access is reserved for secured server-side functions only
No passwords stored in plain text: Authentication is managed by Supabase Auth using industry-standard hashing
No card data stored: We never store payment card numbers

If we become aware of a data breach that is likely to cause serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required under the Notifiable Data Breaches scheme — within 30 days of becoming aware.

Artificial intelligence and automated processing

The platform uses AI powered by Anthropic's Claude to answer plain-English questions about your business data. This AI:

Does not make any decisions about you or your customers that have legal or significant practical effects
Does not automatically take any action on your behalf — all outputs are for your information only
Is not used to profile or score your end customers as individuals
Answers questions using aggregated summaries rather than individual-level customer records where possible

You can always ask us to explain how the AI arrived at a particular answer. Contact us at privacy@yourdomain.com.au.

Your privacy rights

If you are the shop owner

You have the following rights in relation to the information we hold about you:

Right to access: You can ask us what personal information we hold about you. We will respond within 30 days.
Right to correction: If any information we hold is wrong, you can ask us to correct it within 30 days.
Right to deletion: You can ask us to delete your personal information. We will do so unless we are legally required to keep it.
Right to de-identification: Where full deletion is not practicable, you can ask us to de-identify your information.
Right to complain: You can complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or call 1300 363 992.

To exercise any of these rights, email privacy@yourdomain.com.au with the subject line “Privacy Rights Request”. We will respond within 30 days and may need to verify your identity before actioning your request.

If you are a customer of a pizza shop that uses Netto

Your personal information was collected by the pizza shop when you placed your order, not by us directly. To access, correct, or delete your information, please contact the pizza shop directly.

Cookies and tracking

The platform uses only essential cookies required for you to log in and stay logged in securely. We do not use advertising cookies, third-party tracking pixels, or analytics services that share your data with ad networks.

Children's privacy

This platform is designed for use by adult business owners and their staff. We do not knowingly collect personal information from anyone under 18 years of age. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

Changes to this policy

If we make material changes to this policy, we will notify you by email at least 14 days before the change takes effect. The “last updated” date at the top of this page will always show when the policy was most recently revised. Continued use of the platform after notification constitutes acceptance of the updated policy.

Contact us

For any privacy questions, requests, or complaints:

Email: privacy@yourdomain.com.au

We aim to respond to all privacy enquiries within 10 business days.

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001

← Back to Netto