Privacy Policy

How Barking Iguana (ABN 59 728 461 877) collects, uses, and protects your personal information when you use Discotheque.

Last updated: 13 April 2026

Who we are

Discotheque is operated by Barking Iguana (ABN 59 728 461 877), a sole trader based in Australia. In this policy "we", "us", and "our" refer to Barking Iguana. We are the data controller for personal information collected through Discotheque and the discoreports.com domain.

Our commitments (APP 1)

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy is the openly-available statement required by APP 1.

What we collect (APP 3)

  • Account details — email address, password hash (bcrypt), TOTP secret for two-factor authentication.
  • Assessment responses and results — the answers you provide and the scores derived from them.
  • Payment records — purchase history, Stripe payment IDs, amounts, credit balances. Card numbers are handled by Stripe and never touch our systems.
  • Attribution data — if you arrive via a link with UTM parameters, we store those parameters in a signed, HTTP-only cookie for up to 30 days so we can understand which marketing activities are working.
  • Aggregate traffic counts — we record (date, URL path) → count in our own database. We do not record IP addresses, user agents, or any per-visitor identifiers for analytics purposes, and we do not use Google Analytics, Meta Pixel, LinkedIn Insight Tag, or any other third-party tracker. This is why you do not see a cookie-consent banner.

How we use it (APP 6)

We use your personal information to deliver the assessments you request, score them, generate your reports, process payments, send the transactional emails associated with your account (welcome, receipt, optional follow-up), and keep the service secure. We do not sell your personal information. We do not use it to train AI models.

Who we share it with (APP 8)

  • Amazon Web Services — hosting (Lambda, DynamoDB, CloudFront, SES). Data is stored in the us-east-1 region.
  • Stripe — payment processing. Governed by Stripe's own privacy policy.
  • Delivery Machine — inbound email forwarding for the discoreports.com domain.

We do not otherwise disclose personal information to third parties except where required by law.

Consent for sharing between products (ADR-004)

Discotheque is built as a suite of products. Data from one product is never shared with another without your explicit, per-product consent. You can review and revoke your sharing preferences at any time from your account settings.

How we protect it (APP 11)

Passwords are stored using bcrypt. Two-factor authentication via TOTP is available and required for administrative access. All traffic is served over TLS 1.2+. DynamoDB storage is encrypted at rest by AWS. Session tokens are signed and HTTP-only.

Access and correction (APP 12 / APP 13)

You can view and correct your account details at any time from your dashboard. To request a copy of all personal information we hold about you, or to ask us to correct or delete it, email sales@discoreports.com. We aim to respond within 30 days.

Retention

Assessment results and payment records are retained while your account is active. If you delete your account we retain payment records for seven years as required by Australian tax law, and delete everything else within 30 days.

Complaints

If you believe we have mishandled your personal information, please contact us first at sales@discoreports.com. If we can't resolve it, you can complain to the Office of the Australian Information Commissioner (oaic.gov.au).

Changes

We'll post any material changes to this policy on this page and update the "last updated" date above. Continued use of Discotheque after a change constitutes acceptance of the revised policy.

Contact

Barking Iguana
ABN 59 728 461 877
Email: sales@discoreports.com