Dibsy Privacy Policy
Effective date: 5 May 2026 Last updated: 5 May 2026 Operator: Omar Azam Ali Zaher, ABN 93 730 174 953, sole trader trading as “Dibsy”, based in Western Australia, Australia.
This Privacy Policy explains how Dibsy (“we”, “us”, “Dibsy”) collects, uses, stores, and discloses your personal information when you use the Dibsy mobile application (the “App”). Dibsy is a peer-to-peer platform for giving away unwanted household items to neighbours.
We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
1. What personal information we collect
We collect only what’s needed to operate the dibs loop and keep the community safe.
| Category | Items | Why we collect it |
|---|---|---|
| Account | Mobile phone number, display name, optional avatar, optional banner image, optional home suburb, optional bio, optional pickup preferences | Identify you, prevent duplicate accounts, send chat notifications |
| Listing content | Item title, description, category, photos, listing location (suburb-level public; exact location private to you and the user whose dibs you accept) | Run the listing/dibs marketplace |
| Communications | Messages you send to other users via in-app chat | Enable arrangement of pickup |
| Device | Expo push notification token, device platform (iOS/Android), app version | Send you notifications when someone dibses or messages you |
| Diagnostic | Crash reports, anonymised performance metrics | Fix bugs and improve reliability |
| Trust & safety | Reports you submit or that are submitted about you, blocks, review thumbs, moderation actions | Operate trust and safety, enforce community guidelines |
We do NOT collect:
- Your real name (unless you choose to put it in your display name)
- Your email address
- Your home address (we use suburb only; exact location of a listing is shared only with the user whose dibs you accept)
- Payment information (Dibsy is free; there are no transactions in the App)
- Browsing history outside the App
- Your contacts list
- Advertising or marketing identifiers (IDFA, etc.)
2. How we collect it
- Directly from you: when you sign up, create a listing, send a message, save a search, submit a review, or update your profile.
- Automatically: push token, device platform, app version, and diagnostic data are collected when you use the App.
- From third parties: we use Twilio to deliver SMS one-time-passwords for phone verification, and Supabase as our database and authentication provider. Neither of these third parties uses your data for advertising.
We do not purchase, scrape, or otherwise acquire personal information about you from third-party data brokers.
3. How we use your information
We use your personal information only to:
- Authenticate you and maintain your account.
- Show your listings to nearby users on the map.
- Connect you with other users when someone calls dibs on your item, or you call dibs on theirs.
- Send you push notifications about activity on your listings, dibs, chats, and saved searches.
- Compute and display public trust signals: tier rank, achievement badges, two-way pickup reviews, response time.
- Investigate reports of misuse and enforce our Terms of Service and Community Guidelines.
- Comply with legal obligations.
We do not use your information for advertising, profiling for marketing purposes, or training third-party AI models.
4. How we share your information
| Recipient | What is shared | Why |
|---|---|---|
| Other Dibsy users | Your display name, avatar, banner, listing photos, listing description, suburb, public stats (items given, items picked up, days since you joined, tier, badges, % positive reviews). Your exact pickup location is shared only with users whose dibs you have accepted. | To run the marketplace |
| Twilio (USA) | Your mobile phone number, only at sign-in/sign-up | SMS one-time-password delivery |
| Supabase (Singapore region) | All account, listing, message, and device data | Database hosting, authentication, push delivery |
| Expo (USA) | Your Expo push token (an opaque string), notification content | Push notification delivery |
| Apple / Google | Push payloads relayed via APNs / FCM | Operating-system-level push delivery |
| Law enforcement / regulators | Only what is legally required, in response to a valid court order, warrant, or written legal demand | Legal compliance |
We do not sell your personal information. We do not share it with advertisers or data brokers.
5. Cross-border data transfers
Some of our service providers store data outside Australia (Twilio in the United States, Supabase in Singapore, Expo in the United States, Apple and Google in the United States). Where data leaves Australia, we take reasonable steps to ensure the recipient handles it consistently with the APPs, including reviewing the provider’s published data-protection commitments.
By using Dibsy you consent to this cross-border transfer.
6. How long we keep your information
| Data | Retention |
|---|---|
| Account profile | Until you delete your account, then permanently within 30 days |
| Listings | 30 days after the listing reaches expired, completed, or removed status, then deleted |
| Messages | 90 days after the associated dibs is completed or cancelled, then deleted |
| Device push tokens | Until you sign out on that device or revoke notification permission |
| Diagnostic data | 30 days |
| Reports of misuse | 12 months after resolution, for safety-record purposes |
| Records we are legally required to retain | For the period required by law |
Backups are retained for up to 30 days after the deletion of live data.
7. Your rights
Under the APPs you have the right to:
- Access the personal information we hold about you.
- Correct information that is inaccurate, out-of-date, or incomplete.
- Delete your account and the personal information associated with it.
- Withdraw consent to push notifications (in your phone’s settings) or to data processing (by deleting your account).
- Complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we’ve mishandled your information.
To exercise any of these rights, email hellodibsy@gmail.com. We respond within 30 days.
You can delete your account directly in the App: Profile → Delete my account. Deletion is permanent and removes your profile, listings, dibs, messages, photos, push tokens, and reviews.
8. Security
We use industry-standard security measures, including:
- TLS encryption for all data in transit
- Encryption at rest in our database
- Row-level security policies that restrict access on a per-user basis
- Phone-based authentication (no passwords for users to lose or reuse)
- Restricted admin access on a need-to-know basis
- Routine security review of dependencies
No system is perfectly secure. If a data breach occurs that is likely to result in serious harm, we will notify you and the OAIC in line with the Notifiable Data Breaches scheme.
9. Children
Dibsy is for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has signed up, please contact us at hellodibsy@gmail.com and we will delete the account.
10. Changes to this policy
We will update this Privacy Policy as the App evolves. When we do, we will:
- Update the “Last updated” date at the top
- Notify you in-app the next time you open Dibsy
- For material changes (new categories of data collected, new third-party recipients, changes to retention), give you at least 14 days’ notice before the change takes effect
Continued use of the App after a policy change constitutes acceptance of the new policy.
11. Contact us
For privacy questions, complaints, or to exercise your rights:
- Email: hellodibsy@gmail.com
- Operator: Omar Azam Ali Zaher (sole trader), ABN 93 730 174 953, Western Australia, Australia
- Privacy contact: Omar Azam Ali Zaher
If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner: www.oaic.gov.au | 1300 363 992.