Legal

Privacy Policy

Last updated: 28 March 2026

Cardinkum ("we", "us", "our") is an Australian open vehicle data platform operated by Cardinkum Pty Ltd. This policy explains what information we collect, how we use it, and your rights. If you have questions, email us at privacy@cardinkum.com.au.

1. What data we collect

  • Usage analytics. We use Cloudflare Web Analytics, which is cookieless and privacy-preserving. It collects aggregated page views and referrer data only โ€” no personal identifiers, no cross-site tracking.
  • API usage. If you use our API with an API key, we log request counts and endpoints accessed for rate-limit enforcement and abuse prevention. We do not log request bodies or personal query content.
  • Community submissions. If you submit vehicle data, corrections, or owner reports, we collect your email address (for verification and follow-up) and the submitted content. Submitted content may be published on the platform attributed to "Verified Australian Owner" or similar.
  • Payment data. If you purchase a paid product (e.g., an EV Match Report), payment is processed by Stripe. We do not store card numbers. Stripe's privacy policy applies to payment processing.
  • Contact enquiries. If you email us, we store your email address and message content to respond to your enquiry.

2. We do not sell personal data

We do not sell, rent, or trade your personal information to third parties. Full stop.

3. Cookies

We use only essential cookies required for the site to function (e.g., session state for authenticated API users). We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Cloudflare Web Analytics is cookieless and does not set any cookies on your device.

4. Third-party services

  • Cloudflare. Our platform is hosted on Cloudflare Pages and Cloudflare Workers. Cloudflare processes network requests and may log IP addresses for security and DDoS protection. See Cloudflare's privacy policy.
  • Stripe (future). Payment processing for paid products will be handled by Stripe Inc. See Stripe's privacy policy.

5. How we use your data

  • To operate and improve the platform
  • To enforce API rate limits and fair-use terms
  • To verify and publish community-submitted vehicle data
  • To respond to enquiries and support requests
  • To process payments (via Stripe)

We do not use your data for advertising or behavioural profiling.

6. Your rights

Under the Australian Privacy Act 1988 and, where applicable, the EU General Data Protection Regulation (GDPR), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Delete your personal data (right to erasure)
  • Object to how we process your data
  • Export your data in a portable format

To exercise any of these rights, email privacy@cardinkum.com.au. We will respond within 30 days.

7. Data retention

We retain contact enquiries for up to 2 years. API usage logs are retained for 90 days. Community submissions are retained indefinitely as part of the platform dataset unless you request deletion. Payment records are retained as required by Australian law (7 years).

8. Security

We use industry-standard security practices including HTTPS for all data in transit, and access controls for data at rest. No method of transmission or storage is 100% secure. If you believe your data has been compromised, please contact us immediately.

9. Changes to this policy

We may update this policy from time to time. Material changes will be noted with a revised "last updated" date. Continued use of the platform after changes constitutes acceptance.

10. Contact

Privacy enquiries: privacy@cardinkum.com.au
Cardinkum Pty Ltd, Australia