What information do we collect?
Whether the information or opinion is true or not; and
whether the information or opinion is recorded in a material form or not.
The kind of Personal Information that we collect from you will depend on how you use the website. The Personal Information which we collect and hold about you may include:
Your name, email, phone number, and address
Account details like username and password
Payment and order information (processed securely via third-party providers)
Messages you send through the platform
Uploaded artwork, videos, and profile content
Referral info and activity related to referrals
How you use the platform (pages visited, features used)
Device details like IP address and browser type (via cookies)
In addition to the above, when you use our mobile apps, we may collect:
Device Information: such as model, operating system version, unique device identifiers, and crash logs;
Push Notification Tokens: for sending optional alerts and updates;
Usage Analytics: through tools like Google Analytics for Firebase to improve functionality;
Photo or File Access: when you voluntarily upload artwork, video tutorials, or other digital files; and
Approximate Location: based on IP address or voluntarily provided for event features (if applicable).
This data is used solely to operate, secure, and improve the Platform experience and is not sold to third parties. We also maintain audit logs and metadata necessary to detect fraud, enforce Platform rules, and comply with legal record-keeping requirements.
Types of Information
The Privacy Act 1988 (Cth) defines types of information, including Personal Information and Sensitive Information.
Personal Information means information or an opinion about an identified individual or an individual who is reasonably identifiable.
If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “Personal Information” and will not be subject to this Privacy Policy.
Sensitive Information is defined as including information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive Information will be used by us only:
For the primary purpose for which it was obtained;
For a secondary purpose that is directly related to the primary purpose; and
With your consent or where required or authorised by law.
How we collect your Personal Information
We may collect Personal Information from you whenever you input such information into the website or mobile app or provide it to us in any other way.
We may also collect cookies from your computer or device which enable us to tell when you use the Platform and help customise your experience. As a general rule, it is not possible to identify you personally from our use of cookies.
We use different types of cookies, including essential cookies for Platform functionality, analytical cookies to improve user experience, and marketing cookies that may be set by third parties. These cookies are typically retained for up to 90 days, depending on their purpose and your browser settings. Third-party cookies are subject to their respective privacy policies, which we encourage you to review.
You can change or withdraw your cookie consent at any time in your browser or device settings.
Where reasonable and practicable we collect your Personal Information from you only. However, sometimes we may be given information from a third party; in cases like this we will take steps to make you aware of the information that was provided by a third party.
Purpose of collection
We collect, use, and process Personal Information to:
Provide and manage your account.
Facilitate purchases, sales, and commissions between users.
Operate the Platform and ensure its security.
Communicate with you about updates, support, and new features.
Improve functionality through analytics and feedback.
Comply with legal, tax, and regulatory requirements; and
Send optional marketing or promotional material (only with your consent).
We rely on several legal bases for processing personal data, including your consent, performance of a contract (e.g., account creation or sale), legitimate business interests (e.g., improving services), and compliance with legal obligations.
We customarily only disclose Personal Information to our service providers who assist us in operating the Platform. Your Personal Information may also be accessed by maintenance and support personnel acting in the normal course of their duties.
By using our Platform, you consent to the receipt of direct marketing material. We will only use your Personal Information for this purpose if we have collected such information directly from you, and if it is material you would reasonably expect to receive from us. We do not use sensitive Personal Information in direct marketing activity. Our direct marketing material will include a simple means by which you can request not to receive further communications, such as an unsubscribe link.
Security, Access and Correction
We store your Personal Information on secure servers and encrypted databases hosted in Australia and, where applicable, in other regions that provide an equivalent level of data protection. We apply layered safeguards — including access controls, encryption, network security, and periodic security audits — to protect against unauthorised access, misuse, alteration, or disclosure.
When Personal Information is no longer required for its original purpose, we take reasonable steps to securely destroy, anonymise, or de-identify it. Most records are retained for up to seven (7) years to meet business, tax, or legal obligations.
We use industry-standard security measures — such as encryption, access control, and secure data centres — to safeguard your information. When deletion is required, data is erased using secure, verifiable methods (for example, digital shredding and physical destruction of media). Active data is typically retained for up to 30 days, and archived data for up to five (5) years, after which automated purge protocols permanently remove it in accordance with recognised data-destruction standards.
The Australian Privacy Principles:
Permit you to obtain access to the Personal Information we hold about you in certain circumstances (APP 12); and
Allow you to correct inaccurate Personal Information subject to certain exceptions (APP 13).
Where you would like to obtain such access, please contact us in writing using the contact details set out at the bottom of this Privacy Policy.
Disclosure and International Data Transfers
We only disclose your Personal Information when necessary to operate the Platform or comply with law. This may include limited sharing with trusted third-party service providers that support hosting, analytics (e.g., Firebase, Supabase), payments (e.g., Stripe, PayPal), communication, and customer support.
Some providers may store or process data outside Australia. Where this occurs, we ensure the recipient offers privacy protection substantially similar to the Australian Privacy Principles and, where relevant, the GDPR. By using the Platform, you consent to these limited cross-border transfers.
Complaint procedure
If you have a complaint concerning the manner in which we maintain the privacy of your Personal Information, please contact us using the details provided at the bottom of this Policy. All complaints will be reviewed by our team, and we may seek further information from you to clarify your concerns. If we determine that your complaint is valid, we will work with you to take appropriate steps to address the issue. If you are still dissatisfied with the resolution, you may refer the matter to the Office of the Australian Information Commissioner (OAIC).
Documentation and Response Timeline
We will acknowledge receipt of your complaint within five (5) business days and provide you with a reference number. Our privacy team will investigate your complaint and maintain detailed records of all communications and findings. We aim to resolve all privacy complaints within five (5) business days. If additional time is required, we will notify you in writing. All complaint documentation will be retained for 60 months following resolution. If the matter requires escalation, our Privacy Officer will personally review your case within five (5) business days of the escalation request.
User Rights (GDPR / CCPA / General)
Depending on your location, you may have the right to:
Request access to, or a copy of, the information we hold about you;
Request correction, deletion, or restriction of processing;
Object to certain processing (such as direct marketing); and
Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at support@3hats.io. We will respond within 30 days, or the timeframe required by law.
Data Breach Notification
In the unlikely event of a data breach likely to cause serious harm, we will promptly notify affected users and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme. Where required by other laws, we will also notify relevant overseas authorities.
How to contact us about privacy
If you have any queries, or if you seek access to your Personal Information, or if you have a complaint about our privacy practices, you can contact us at: support@3hats.io
Privacy Policy (in a nutshell):
We collect personal info so 3 Hats can run smoothly.
This includes things like your name, contact details, and any art, videos, or files you upload. It helps us manage your account, enable sales, and keep the platform safe.We also collect technical data when you use the app.
Things like device type, app version, crash logs, and how you use the site. This helps us fix bugs, improve performance, and understand what features people like.We use cookies to make your experience better.
Some are essential to run the site; others help us see how people use it. You can turn cookies off in your browser anytime.We don’t sell your data. Ever.
We only use it to provide the 3 Hats service and improve it.We keep sensitive data private.
We won’t collect or use things like your religion, health, or political beliefs unless required by law or you’ve given explicit consent.We protect your info with strong security.
Your data is encrypted, stored on secure servers, and deleted when no longer needed. We follow Australian and international data-protection standards.We share data only when necessary.
For example, with payment processors like Stripe or PayPal, or trusted services like Firebase that help us host and run the platform.Some of those providers are overseas.
When we transfer data internationally, we make sure it’s handled under privacy laws that are just as strict as Australia’s.You can access or correct your info anytime.
Just email support@3hats.io and we’ll help you review or update your personal details.You have rights under GDPR and other laws.
Depending on where you live, you can ask us to delete your data, limit how we use it, or stop marketing emails.We take privacy complaints seriously.
We’ll respond within five business days and aim to resolve any issue quickly. If we can’t, you can contact the Office of the Australian Information Commissioner (OAIC).If there’s ever a data breach, we’ll tell you.
We’ll notify both you and the OAIC promptly, and work to fix the issue right away.3 Hats is for adults and artists aged 16+.
We don’t knowingly collect information from children under 16.Questions? Reach out.
You can contact us anytime at support@3hats.io for privacy questions, complaints, or access requests.
Privacy Policy
This Privacy Policy explains how 3Hats Pty Ltd (“3 Hats”, “we”, “us”, “our”) collects, uses, discloses, and protects personal information when you use our website (3hats.io) and our mobile applications (collectively, the “Platform”).
This Policy applies to all users of the Platform worldwide, including artists, collectors, and visitors.
By using the Platform, you consent to the collection and use of your information in accordance with this Policy and applicable privacy laws, including the Privacy Act 1988 (Cth), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).
We do not knowingly collect data from anyone under the age of 16, and the Platform is not directed to children. Users under 16 must not create an account or provide personal information.
© 2025 3Hats Pty Ltd. ABN: 85 682 336 938. All rights reserved.