Privacy Policy

Privacy Policy
Tero Baths Pty Ltd
Last updated: 28 April 2026
1. Introduction
Tero Baths Pty Ltd ("Tero," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use the Tero mobile application (the "App") and visit terobaths.com (the "Website").
This policy is written to comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth).
2. Information We Collect
Information you provide
Account information: name, email address, and password (when you create an account using email and password)
Authentication identifiers: when you sign in with Apple or Google, we receive your name, email address, and a unique user identifier from those providers
User content: any reflections, journal entries, or notes you create within the App
Subscription information: purchase history and subscription status, managed by Apple and Apple's third-party services
Information collected automatically
Product interaction: which sessions you start, complete, and how you use App features
Device and technical information: anonymous app version, operating system version, and device type for troubleshooting and analytics
Website usage: when you visit terobaths.com, we collect IP address, browser type, pages visited, and referring website via standard analytics
We do not collect health data, location data, contacts, photos, microphone audio, or biometric information.
3. How We Use Your Information
We use your personal information to:
Provide and personalise the App experience
Authenticate your account and keep it secure
Process your subscription and grant access to premium content
Sync your progress and reflections across devices
Communicate with you about your account or important service updates
Improve App quality and develop new features
Comply with legal obligations
We do not use your information for advertising. We do not sell your personal information.
4. Third Party Services
We use trusted third parties to operate the App and Website:
Service
Purpose
Location
Privacy Policy
Supabase
Account, database, and content storage
United States
supabase.com/privacy
RevenueCat
Subscription management
United States
revenuecat.com/privacy
Apple
App distribution, payments, Sign in with Apple
United States
apple.com/legal/privacy
Google
Sign in with Google
United States
policies.google.com/privacy
Stripe
Website payment processing only (not used in the App)
United States
stripe.com/privacy
Google Analytics
Website analytics only (not used in the App)
United States
policies.google.com/privacy

We share only the minimum information required for these services to function.
5. Overseas Data Transfer
Your personal information is stored on servers located in the United States via our service providers Supabase and RevenueCat. By using the App, you consent to your information being transferred to and processed in the United States.
We have taken reasonable steps to ensure these providers handle your information consistently with the Australian Privacy Principles.
6. Data Security
We protect your information using industry-standard measures including encryption in transit (TLS), encryption at rest, role-based access controls, and row-level security on our database.
We never store your password in plain text. Authentication is handled through secure providers (Supabase Auth, Apple, Google).
No method of transmission over the internet is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security.
7. Data Retention
We retain your personal information for as long as your account is active. If you delete your account, we delete your personal information from our active databases within 30 days, except where retention is required by law (for example, transaction records for tax purposes).
Backup copies may persist for up to 90 days before being permanently deleted.
8. Your Rights
Under the Australian Privacy Principles, you have the right to:
Access the personal information we hold about you
Correct information that is inaccurate or out of date
Delete your account and personal information at any time, directly from within the App (Settings → Account → Delete Account)
Opt out of marketing communications
Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au
If you have used Sign in with Apple, account deletion within the App will also revoke your Apple sign-in tokens for Tero.
To exercise any of these rights, contact us at keelan@terobats.com. We will respond within 30 days.
9. International Users
For users in the European Union or United Kingdom, we process your data in accordance with the General Data Protection Regulation (GDPR). Our lawful bases for processing are: consent (for marketing), contractual necessity (to provide the service you signed up for), and legitimate interests (to improve the service and prevent abuse).
EU and UK users have additional rights under GDPR including the right to data portability and the right to object to processing. Contact us at keelan@terobaths.com to exercise these rights.
For users in California, you have rights under the California Consumer Privacy Act (CCPA) including the right to know what personal information we collect and the right to request deletion.
10. Children
Tero is not intended for users under 16 years of age. We do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has provided us with personal information, please contact us at keelan@terobaths.com and we will delete it.
11. Cookies and Similar Technologies
The App does not use cookies. The App stores authentication tokens locally on your device using secure system storage to keep you signed in.
The Website (terobaths.com) uses cookies for analytics and essential functionality. You can disable cookies in your browser settings, but this may affect Website functionality.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, the App, or legal requirements. When we make material changes, we will notify you through the App or by email at least 30 days before the changes take effect.
The "Last updated" date at the top of this policy indicates when it was last revised. We encourage you to review this policy periodically.
13. Contact Us
For questions about this Privacy Policy, to exercise your rights, or to report a privacy concern, contact:
Tero Baths Pty Ltd Email: keelan@terobaths.com Website: terobaths.com
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner GPO Box 5288, Sydney NSW 2001 Phone: 1300 363 992 Website: oaic.gov.au