Privacy Policy
Bonnum Lux Group Pty Ltd • ABN 95 693 729 207
Effective Date: 7 June 2026 | Last Updated: 10 June 2026
Acknowledgement of Country
Bonnum Lux Group acknowledges the Ngunnawal people, Traditional Custodians of the land on which we work, and pays our respects to Elders past, present, and emerging.
1. Introduction
This Privacy Policy explains how Bonnum Lux Group Pty Ltd (ABN 95 693 729 207) ("we," "us," "our," "Bonnum Lux Group") collects, uses, discloses, and protects your personal information when you use Fargeaux (the "Application") and our website at fargeaux.com (the "Website").
We are committed to protecting your privacy and complying with applicable privacy laws, including the Australian Privacy Principles under the Privacy Act 1988 (Cth), the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), and other applicable privacy legislation in the regions where we operate. This Privacy Policy applies to all users of the Application and Website worldwide. Region-specific rights and disclosures are set out in Section 8.
2. Information We Collect
We collect personal information in the following ways:
2.1 Information You Provide Directly
- Account information: when you create a Fargeaux account, we collect your email address and a password (or you may sign in via a magic link sent to your email). You may optionally provide your name.
- Purchase information: when you purchase a Membership via fargeaux.com, you provide your email address and payment information. Payment details are processed by Stripe and are not stored by us.
- Communications: if you contact us via email or our support channels, we collect the information you choose to provide.
- Cashback delivery information: if you qualify for the Safety Pioneer cashback and request payment via PayPal or bank transfer, we may collect additional information (such as your PayPal email or bank account details) solely to deliver your cashback.
2.2 Information Collected Automatically
- Device information: device type, operating system version, application version, language settings.
- Usage data: features used, content accessed, quiz scores, progress through modules, time spent in the Application.
- Crash and performance data: anonymous diagnostic data to help us identify and resolve technical issues.
- Approximate location: derived from your App Store or Google Play region (used to apply regional pricing and consumer rights). We do not collect precise GPS location.
2.3 Information Received from Third Parties
- Apple App Store: when you purchase through Apple in-app purchase, Apple shares transaction information with us (transaction ID, product purchased, purchase date). Apple may share your name, email, and postcode only if you separately consent during an auto-renewing subscription purchase. Fargeaux does not currently offer subscription products.
- Google Play Store: when you purchase through Google Play in-app purchase, Google shares transaction information with us (order ID, product purchased, purchase date).
3. How We Use Your Information
We use your personal information for the following purposes:
- To provide and operate the Application and Website
- To authenticate you and manage your account
- To process your purchases and grant you access to purchased content
- To track your learning progress and personalise your experience
- To respond to your support requests and communications
- To send you transactional emails (e.g., welcome, receipts, account notifications)
- To send you marketing communications, where you have opted in
- To deliver the Safety Pioneer cashback at the milestone
- To improve the Application through usage analytics and crash reporting
- To detect, prevent, and address technical, security, fraud, or abuse issues
- To comply with legal obligations and respond to lawful requests
4. Legal Basis for Processing (EU and UK Users)
If you are located in the European Union or the United Kingdom, the GDPR and UK GDPR require us to identify a legal basis for processing your personal information. The legal bases we rely on are:
- (a) Contract: processing necessary to perform our agreement with you, such as authenticating your account, granting access to content you have purchased, and providing customer support;
- (b) Legal obligation: processing necessary to comply with applicable laws, such as retaining tax records and responding to lawful regulatory requests;
- (c) Legitimate interests: processing necessary for our legitimate business interests, such as improving the Application, securing our systems, preventing fraud and abuse, and conducting analytics — where these interests are not overridden by your rights and freedoms;
- (d) Consent: processing based on your explicit consent, such as sending marketing communications. You may withdraw your consent at any time.
5. How We Share Your Information
We do not sell your personal information. We share your personal information only with the following categories of recipients:
5.1 Service Providers
We use trusted third-party service providers to operate the Application and Website. These providers have access only to the personal information necessary to perform their functions and are contractually obligated to protect your data. Our primary service providers include:
- Firebase (Google LLC): authentication, database (Firestore), file storage, crash reporting, and analytics
- RevenueCat, Inc.: entitlement management — tracks which users have purchased Fargeaux memberships across purchase channels
- Stripe, Inc.: payment processing for fargeaux.com purchases
- Vercel, Inc.: website hosting for fargeaux.com
- Email service provider: delivery of transactional and marketing emails
- PayPal Holdings, Inc.: optional delivery mechanism for the Safety Pioneer cashback (where applicable)
5.2 Distribution Platforms
When you purchase a Fargeaux membership via the Apple App Store or Google Play Store, those platforms process your payment and share limited transaction information with us as described in Section 2.3. Apple and Google have their own privacy practices, which apply in addition to this Privacy Policy.
5.3 Legal and Regulatory Requirements
We may disclose your personal information if required by law, regulation, legal process, or government request, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Bonnum Lux Group, our users, or the public.
5.4 Business Transfers
If Bonnum Lux Group is involved in a merger, acquisition, restructuring, financing, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you before your personal information is transferred and becomes subject to a different privacy policy, where required by law.
6. International Data Transfers
Bonnum Lux Group is based in Australia. Personal information we collect may be transferred to, stored, and processed in Australia, the United States (where many of our service providers are based), the European Union, the United Kingdom, and other countries where we or our service providers operate.
For transfers of personal information from the European Union or United Kingdom to other jurisdictions, we rely on appropriate safeguards as required by GDPR and UK GDPR, such as:
- Adequacy decisions issued by the European Commission or the UK government, where available
- Standard Contractual Clauses approved by the European Commission or UK Information Commissioner's Office
- Other legally recognised transfer mechanisms permitted under applicable data protection law
7. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by applicable law:
| Information Type | Retention Period |
|---|---|
| Account information (email, profile) | While your account is active, then deleted within 90 days of account closure or earlier upon request |
| Purchase records | 7 years (required for Australian tax and audit compliance) |
| Usage and learning progress data | While your account is active; anonymised after 24 months of inactivity |
| Crash and performance data | 12 months |
| Support communications | 24 months from last contact |
| Marketing consent records | Until consent is withdrawn, plus 3 years |
8. Your Privacy Rights
Your rights depend on your location. All users have core rights; additional rights apply by region.
8.1 Rights Available to All Users
Regardless of your location, you may exercise the following rights:
- Access: request a copy of the personal information we hold about you
- Correction: request that we correct inaccurate or incomplete information
- Deletion: request that we delete your personal information, subject to legal retention requirements
- Withdraw consent: where processing is based on your consent, withdraw your consent at any time
8.2 Additional Rights for EU and UK Users (GDPR / UK GDPR)
If you are located in the European Union or United Kingdom, you also have the right to:
- Data portability: receive your personal information in a structured, commonly used, machine-readable format
- Restriction of processing: restrict how we process your information in certain circumstances
- Object to processing: object to processing based on legitimate interests, or to processing for direct marketing
- Lodge a complaint: lodge a complaint with your local data protection authority
EU users may contact their national data protection authority. UK users may contact the Information Commissioner's Office (ICO) at ico.org.uk.
8.3 Additional Rights for California Users (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to know: know what categories of personal information we collect, the sources, purposes, and recipients
- Right to delete: request deletion of your personal information
- Right to correct: request correction of inaccurate personal information
- Right to opt out of sale or sharing: we do not sell or share personal information as those terms are defined under the CCPA
- Right to limit use of sensitive personal information: we do not use sensitive personal information for purposes that trigger this right
- Right to non-discrimination: we will not discriminate against you for exercising your privacy rights
8.4 Australian Privacy Act Rights
If you are an Australian resident, you have rights under the Australian Privacy Principles, including the right to access and correct your personal information, and the right to make a complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have breached the Privacy Act.
8.5 How to Exercise Your Rights
To exercise any of these rights, contact us at support@fargeaux.com. We will respond within 30 days (or sooner where required by applicable law). We may need to verify your identity before fulfilling your request to protect your information from unauthorised disclosure.
9. Children's Privacy
Fargeaux is not directed at children. We do not knowingly collect personal information from:
If you believe we may have collected personal information from a child below the applicable age in your jurisdiction, please contact us at support@fargeaux.com and we will delete it promptly.
- Children under 13 (in the United States, per the Children's Online Privacy Protection Act)
- Children under 16 (in the European Union under GDPR-K, except in member states that have lowered the age to 13, 14, or 15)
- Children under 13 (in the United Kingdom)
- Children under 13 (in Australia, under the Australian Privacy Principles)
10. Data Security
We implement reasonable technical and organisational measures to protect your personal information, including:
Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and you use the Application and Website at your own risk.
- Encryption in transit using HTTPS/TLS
- Encryption at rest where applicable, provided by our service providers
- Access controls limiting which personnel can view personal information
- Secure password storage using industry-standard hashing and salting
- Regular review of our security practices and those of our service providers
11. Cookies and Tracking Technologies (Website)
Our Website at fargeaux.com uses essential cookies necessary for site functionality. We may also use analytics cookies (where you consent, in regions that require consent) to understand how visitors use our Website.
You can control cookies through your browser settings, including blocking or deleting cookies. Disabling essential cookies may impair Website functionality. The Application does not use cookies. Cookies are a web technology that does not generally apply to native mobile apps.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting an updated version at fargeaux.com/privacy and updating the "Last Updated" date. Where required by applicable law, we will provide additional notice through the Application or by email.
The version of the Privacy Policy in effect at the time of your interaction with the Application or Website governs that interaction, except where a later version provides more favourable terms to you or where a change is required by law.
13. Contact Us
For privacy questions, concerns, complaints, or to exercise your rights:
If you are not satisfied with our response to your privacy enquiry, you may also lodge a complaint with the relevant regulatory authority in your region:
- Australia: Office of the Australian Information Commissioner (oaic.gov.au)
- United Kingdom: Information Commissioner's Office (ico.org.uk)
- European Union: your national data protection authority (list available at edpb.europa.eu)
- California: California Privacy Protection Agency (cppa.ca.gov)
— End of Privacy Policy —