MYSTERYBOXAU
BROWSE
FAIRNESS
LOG INREGISTER
MBAU

MYSTERYBOXAU IS AN ONLINE RETAIL PLATFORM SELLING RANDOMISED PRODUCT SELECTIONS. ALL PURCHASES INCLUDE AN ITEM OR CREDIT REWARD. USERS MUST BE 18+ TO REGISTER.

PLATFORM

  • BROWSE BOXES
  • PROVABLY FAIR
  • ADD FUNDS
  • FAQ

LEGAL

  • TERMS OF SERVICE
  • PRIVACY POLICY
  • FAQ

SUPPORT

  • EMAIL SUPPORT
© 2026 MYSTERYBOXAU/ABN: 81 552 166 027/AUSTRALIAN OWNED
18+
PROVABLY FAIR · CRYPTOGRAPHICALLY VERIFIED · 18+ ONLY · AUSTRALIAN OWNED · REAL PRIZES · NO BLACK BOXES · INSTANT RESULTS · PROVABLY FAIR · CRYPTOGRAPHICALLY VERIFIED · 18+ ONLY · AUSTRALIAN OWNED · REAL PRIZES · NO BLACK BOXES · INSTANT RESULTS · PROVABLY FAIR · CRYPTOGRAPHICALLY VERIFIED · 18+ ONLY · AUSTRALIAN OWNED · REAL PRIZES · NO BLACK BOXES · INSTANT RESULTS · 

Privacy Policy

Effective date: 1 March 2025 · MysteryBoxAU Pty Ltd (ABN 81 552 166 027)

This Privacy Policy complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We are committed to handling your personal information openly, transparently, and securely.

1Our Commitment to Privacy

MysteryBoxAU Pty Ltd (“we”, “us”, “our”) is bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). We are committed to protecting the personal information we hold about you and to handling it responsibly.

This Policy explains how we collect, hold, use, and disclose personal information in connection with MysteryBoxAU. By using our platform you agree to the practices described in this Policy.

2What Personal Information We Collect

We collect personal information that is necessary for the provision of our services. This may include:

Account Information

  • Full name and display name
  • Email address
  • Date of birth (for age verification)
  • Password (stored as a cryptographic hash — never in plain text)
  • Profile avatar (optional)

Transaction Information

  • Purchase history and Credit balance
  • Stripe payment identifiers (we do not store full card numbers)
  • Prize claims including shipping name and delivery address
  • Box open history and roll records

Technical Information

  • IP address and approximate geolocation
  • Browser type and device information
  • Cookies and session identifiers
  • Log files and usage analytics

We only collect personal information that is reasonably necessary for our business functions. We do not collect sensitive information (as defined in the Privacy Act) unless you have consented and it is reasonably necessary.

3How We Collect Your Information

We collect personal information:

  • Directly from you when you create an account or make a purchase.
  • Automatically through cookies, log files, and analytics tools when you use our Platform.
  • From third-party services such as Stripe (payment processing) and Supabase (authentication).
  • From your browser or device when you access our Platform.

4How We Use Your Information

We use your personal information to:

  • Provide and operate the MysteryBoxAU platform and services.
  • Verify your identity and age eligibility.
  • Process payments and manage Credits.
  • Fulfil prize claims and arrange shipping.
  • Send transactional emails (receipts, shipping updates, seed rotation).
  • Send promotional communications where you have consented.
  • Detect and prevent fraud, abuse, and unauthorised activity.
  • Comply with our legal obligations, including anti-money-laundering requirements.
  • Improve our platform through analytics and user feedback.

We will not use your information for a secondary purpose unless that purpose is related to the primary purpose of collection and you would reasonably expect such use, or you have consented.

5Who We Share Your Information With

We may disclose personal information to the following third parties who assist us in operating the Platform:

PartyPurposeLocation
Stripe, Inc.Payment processingUSA (Privacy Shield)
Supabase, Inc.Database hosting & authUSA / AWS
Vercel, Inc.Web hosting & CDNUSA / Global
Shipping carriersPrize deliveryAustralia
Analytics providersUsage analyticsVaries

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may also disclose information where required by law, court order, or to protect our legal rights.

Some third parties are located overseas (primarily USA). By using our Platform, you consent to the transfer of your information to overseas recipients who are bound by comparable privacy protections.

6Security of Your Information

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access. Our security measures include:

  • TLS/SSL encryption for all data in transit.
  • Passwords hashed using bcrypt — never stored in plain text.
  • Row-level security policies enforced at the database level.
  • Access controls limiting staff access to personal data on a need-to-know basis.
  • Regular security reviews and vulnerability assessments.
  • Stripe-managed payment processing — we never touch raw card data.

If we become aware of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.

7Marketing Communications

We may send you promotional emails about new boxes, prizes, and platform updates if you have opted in at registration or at any time in your account settings.

You may opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email or by updating your preferences in your account settings. Opting out does not affect transactional communications required for account operation.

8Cookies and Tracking

We use cookies and similar technologies to operate the Platform, remember your preferences, and analyse usage. Types of cookies used:

  • Essential cookies: required for login sessions and security.
  • Analytics cookies: anonymised data to understand how users interact with the Platform.
  • Preference cookies: remember your settings such as display preferences.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Platform. We do not use advertising or tracking cookies from social media networks.

9Data Retention

We retain personal information for as long as necessary to provide our services and comply with our legal obligations:

  • Account information: retained while your account is active and for 7 years after closure for compliance purposes.
  • Transaction records: retained for 7 years as required by Australian tax and financial laws.
  • Seed records: retained for 2 years to enable roll verification.
  • Marketing preferences: retained until you withdraw consent.

When personal information is no longer required, we will securely destroy or de-identify it.

10Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate, outdated, or incomplete information.
  • Complain about a breach of the APPs.
  • Request deletion of your account and associated personal data (subject to legal retention requirements).
  • Withdraw consent for marketing communications at any time.

To exercise any of these rights, contact us at privacy@mysteryboxau.com.au. We will respond within 30 days. We will not charge a fee for access requests unless the request is complex or requires significant resources, in which case we will notify you in advance.

11Complaints

If you believe we have mishandled your personal information, please contact us first at privacy@mysteryboxau.com.au. We take all privacy complaints seriously and will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001

12Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify registered users by email at least 14 days before the changes take effect. The current version will always be available at mysteryboxau.com.au/privacy.

Contact our Privacy Officer

Email: privacy@mysteryboxau.com.au

MysteryBoxAU Pty Ltd · ABN 81 552 166 027