Privacy Policy

This Privacy Policy explains how LegitMate AU handles personal information and scan-related information when you use this website. LegitMate AU is operated by Schmitt Studio in Brisbane, Australia.

LegitMate AU is designed as a public online-shop risk-signal checker. It is not intended to collect sensitive information, payment details, account passwords or private documents.

When you run a scan, we process the shop URL you submit and publicly visible information from the scanned website. This may include publicly displayed ABNs, ACNs, business names, email addresses, phone numbers, addresses, policy pages, payment signals, review links, structured data, domain information, redirects and other trust or risk signals.

We may process basic technical information connected with your request, such as IP address, approximate request time, browser-visible URL submitted, user agent, rate-limit events, error logs and server diagnostic information. This helps us operate the service, prevent misuse and troubleshoot scan failures.

If you contact us by email or phone, we may collect the contact details and message content you choose to provide.

Do not submit passwords, payment card details, checkout pages containing personal information, private customer portals, private links, intranet pages, admin dashboards, internal company systems or URLs you are not authorised to scan.

LegitMate AU is intended only for public online-shop pages that are visible to normal shoppers.

We use submitted URLs and scan information to generate an automated risk-signal report. The report may highlight business-registration signals, website safety signals, consumer-policy signals, payment signals, review signals and possible red flags.

We may also use technical information to operate, secure, debug, improve and protect the website; to apply rate limits; to investigate abuse; and to comply with legal obligations.

Where configured, LegitMate AU may use ABN Lookup Web Services to check publicly available Australian business registration information. Relevant extracts, such as ABN status, business name or GST registration signals, may be shown in the scan result where appropriate.

Where configured, LegitMate AU may use Google Safe Browsing for non-commercial URL threat-list checks. The browser-visible URL being checked may be sent to Google for this purpose. If Google Safe Browsing is not configured, this check is skipped.

Where configured in the future, hosting, analytics or diagnostic providers may process limited technical information on our behalf. Any analytics should be configured to minimise personal data collection where possible.

We do not sell your personal information. We may disclose information to service providers that help us operate the website, such as hosting, diagnostics, security, email, ABN verification or threat-list checking providers.

We may disclose information where required or authorised by law, to investigate suspected misuse, to protect the security of the service or to respond to lawful requests.

Some technology providers used to operate the website may process or store information outside Australia. For example, hosting, diagnostics or security providers may use international infrastructure. If external services such as Google Safe Browsing are enabled, information may be processed by Google according to its applicable terms and policies.

The current application does not require advertising cookies or user accounts. Hosting providers may use essential technical logs or security mechanisms needed to deliver the site.

If analytics are added later, this Privacy Policy should be updated before launch to describe what is collected, why it is collected and how users can manage their choices.

The application is designed to generate scan results without requiring user accounts. Scan data should not be kept longer than necessary for operating, debugging, rate-limiting, security and legal purposes.

Server logs and hosting logs may be retained for limited periods according to the configuration and retention settings of the hosting provider. Contact messages may be retained for as long as reasonably needed to respond to your enquiry and maintain business records.

We use reasonable technical and organisational measures to protect the website and reduce misuse, including server-side URL validation, private-network scan blocking, rate limiting and environment-variable handling for API keys.

No internet service can be guaranteed completely secure. Please avoid submitting private or sensitive information to the scanner.

You may contact us to request access to, or correction of, personal information we hold about you. You may also contact us if you have a privacy complaint or question about how this website handles information.

We will respond within a reasonable time. If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner (OAIC).

We may update this Privacy Policy as the website develops, especially if analytics, accounts, payments, commercial features or new third-party services are added. The updated version will be published on this page.