Privacy Policy

Effective Date: 19 April 2026
Last Updated: 19 April 2026

JLever Espresso Pty. Ltd. (ACN 686 602 817) ("JLever Espresso", "we", "us", or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, store, and protect your personal information when you visit our website at jleverespresso.com ("Website"), interact with our Kickstarter campaign, or otherwise engage with our products and services (collectively, the "Services").

This Policy is designed to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"), the EU General Data Protection Regulation ("GDPR"), the UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act / California Privacy Rights Act ("CCPA"), other US state privacy laws, and the Canadian Personal Information Protection and Electronic Documents Act ("PIPEDA").

If you do not agree with any part of this Privacy Policy, please do not use our Services.

1. What Personal Information We Collect

"Personal information" means any information about an identified or identifiable individual. We collect two types of information: information you provide voluntarily, and information collected automatically.

1.1 Information You Provide Voluntarily

When you interact with our Services, you may provide:

  • Contact details: name, email address, postal/shipping address, phone number;
  • Account information: username, password (stored in encrypted form), account preferences;
  • Order and transaction information: products purchased, order history, billing and shipping addresses;
  • Payment information: payment card details are processed directly by our payment processors (Stripe and PayPal) and are not stored on our servers. We receive transaction confirmations and limited details such as the last four digits of your card;
  • Kickstarter backer information: if you pledge to our Kickstarter campaign, we may receive your name, email address, shipping address, reward selection, and pledge details from Kickstarter or through authorised backer-management tools;
  • Communications: any information you provide when contacting us via email, social media, contact forms, or support enquiries;
  • Marketing preferences: your subscription status for newsletters and promotional communications;
  • User-generated content: product reviews, questions, comments, or other content you submit to our Website.

1.2 Information Collected Automatically

When you visit our Website, we automatically collect:

  • Log and device data: IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, time and date of access, time spent on pages, and error reports;
  • Cookies and similar technologies: small data files placed on your device. See our Cookie Policy for full details;
  • Usage data: how you interact with our Website, including clicks, scrolling behaviour, and navigation paths.

This information may not identify you personally on its own, but may be combined with other information to identify you.

2. How and Why We Use Your Personal Information

We use your personal information only for purposes that are legitimate and reasonably necessary. These purposes include:

  • Providing, operating, and maintaining our Website and Services;
  • Processing and fulfilling your orders, including Kickstarter pledges and their rewards;
  • Managing your account and authenticating your access;
  • Communicating with you about orders, shipping, customer support, and service updates;
  • Sending marketing and promotional communications (only with your consent, where required by law);
  • Improving our Website, products, and Services through analytics and market research;
  • Personalising your experience on our Website;
  • Complying with our legal, tax, and regulatory obligations (including retaining financial records for 7 years as required under Australian law);
  • Detecting, preventing, and investigating fraud, security incidents, and misuse;
  • Enforcing our Terms and Conditions, and resolving disputes.

3. Legal Bases for Processing (EU/UK Residents)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases to process your personal information:

  • Consent: where you have given us specific consent (for example, for marketing communications). You may withdraw consent at any time;
  • Contract: where processing is necessary to perform a contract with you (for example, fulfilling your order);
  • Legal obligation: where we must process information to comply with the law;
  • Legitimate interests: where processing is necessary for our legitimate business interests (such as improving our Services, security, and fraud prevention), provided these interests are not overridden by your rights.

4. How We Share Personal Information

We do not sell your personal information. We share it only with the following categories of recipients, and only to the extent necessary:

4.1 Service Providers

We engage trusted third parties to provide services on our behalf. These include:

  • BigCommerce — e-commerce platform and hosting;
  • Stripe and PayPal — payment processing;
  • Kickstarter — crowdfunding campaign platform (during and after active campaigns);
  • Google Analytics — website analytics;
  • Mailerlite — email marketing and newsletter delivery;
  • Wistia — video hosting and playback;
  • Cloudflare — content delivery and website security;
  • Australia Post and other national and international shipping and logistics providers — order fulfilment and delivery;
  • Professional advisors — including accountants, auditors, and legal advisors, where necessary.

Each of these providers has its own privacy policy. We recommend you review the privacy policies of any third-party services that are relevant to you.

4.2 Legal and Regulatory Disclosures

We may disclose your personal information where required or permitted by law, including:

  • To comply with court orders, subpoenas, or lawful requests from regulatory authorities;
  • To establish, exercise, or defend our legal rights;
  • To prevent or investigate fraud, security incidents, or illegal activity;
  • To protect the rights, safety, or property of JLever Espresso, our customers, or others.

4.3 Business Transfers

If we are involved in a merger, acquisition, restructure, or sale of all or part of our business, your personal information may be transferred to the successor entity as part of that transaction. We will notify you of any such transfer and of any choices you may have regarding your personal information.

5. International Transfers of Personal Information

Your personal information may be transferred to, stored, or processed in countries other than your own, including Australia, the United States, the United Kingdom, and countries within the European Economic Area, depending on the location of our service providers.

Where personal information is transferred outside your jurisdiction, we take reasonable steps to ensure it receives an adequate level of protection, including through:

  • Standard Contractual Clauses approved by the European Commission (for EU/EEA data);
  • The UK International Data Transfer Agreement or Addendum (for UK data);
  • Contractual protections with our service providers requiring them to handle your data consistently with this Privacy Policy.

You acknowledge that data protection laws in some destination countries may differ from those in your country, and that by providing your information to us you consent to such transfers where legally required.

6. Data Retention

We keep your personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account information: retained for as long as your account is active, and deleted within 30 days of account deletion (subject to legal retention requirements);
  • Transaction and financial records: retained for a minimum of 7 years to comply with Australian tax and record-keeping laws;
  • Marketing preferences: retained until you unsubscribe, and preserved thereafter only as needed to honour your opt-out;
  • Support and correspondence: retained for up to 3 years to handle potential disputes and improve our Services.

When personal information is no longer required, we will delete it or anonymise it so it can no longer be associated with you.

7. Security of Your Personal Information

We implement reasonable commercial and technical measures to protect your personal information against loss, theft, unauthorised access, disclosure, alteration, or destruction. These measures include encrypted data transmission (HTTPS), secure password storage, access controls, and reliance on reputable service providers with their own security standards.

Despite our efforts, no method of electronic transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials. If you believe your account has been compromised, please contact us immediately.

8. Your Rights and Choices

You have rights in relation to your personal information. These rights vary depending on the jurisdiction you reside in.

8.1 Rights Available to All Users

  • Access: request a copy of the personal information we hold about you;
  • Correction: request correction of inaccurate or incomplete information;
  • Deletion: request deletion of your personal information (subject to legal retention obligations);
  • Withdraw consent: withdraw consent at any time where we rely on consent as the legal basis;
  • Opt out of marketing: unsubscribe from marketing emails using the "unsubscribe" link in any email, or by contacting us directly.

To exercise any of these rights, please contact us using the details in the Contact Us section. We may need to verify your identity before acting on your request. We will respond within the timeframes required by applicable law (typically 30 days).

9. Additional Rights for Residents of the European Economic Area and United Kingdom (GDPR / UK GDPR)

If you reside in the EEA, UK, or Switzerland, you have the following additional rights:

  • Right to restrict processing: request we limit how we use your personal information in certain circumstances;
  • Right to object: object to processing based on our legitimate interests, including direct marketing;
  • Right to data portability: receive your personal information in a structured, commonly used, machine-readable format, or request that we transfer it to another controller where technically feasible;
  • Right to lodge a complaint: lodge a complaint with your local data protection authority. For UK residents, this is the Information Commissioner's Office (ico.org.uk).

Data Controller: JLever Espresso Pty. Ltd. is the Data Controller for personal information collected through our Services.

10. Additional Rights for California and Other US State Residents

If you are a resident of California, Colorado, Virginia, Utah, Florida, Delaware, or another US state with a comprehensive privacy law, you have rights under applicable state law, which may include:

  • Right to know: the categories of personal information we have collected, the sources, the purposes, and the categories of third parties we share it with;
  • Right to delete: request deletion of your personal information;
  • Right to correct: request correction of inaccurate personal information;
  • Right to opt out of sale or sharing: we do not sell your personal information. We do not share personal information for cross-context behavioural advertising;
  • Right to non-discrimination: we will not discriminate against you for exercising your privacy rights.

California Notice of Collection

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers (name, email, phone number, IP address, account ID);
  • Customer records (billing and shipping address, partial payment information);
  • Commercial information (products purchased, order history);
  • Internet activity (interactions with our Website).

To exercise your California rights, contact us using the details below. We will verify your identity before processing your request.

11. Additional Disclosures for Australian Residents (Privacy Act 1988)

If you reside in Australia, your rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) include:

  • APP 1 — Open and transparent management: we publish this Privacy Policy and make it available on our Website;
  • APP 6 — Use and disclosure: we use personal information only for the purposes described in this Policy, or where otherwise permitted by law;
  • APP 8 — Cross-border disclosure: we take reasonable steps to ensure overseas recipients of your personal information handle it consistently with the APPs;
  • APP 11 — Security: we take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification, or disclosure;
  • APP 12 — Access: you may request access to the personal information we hold about you;
  • APP 13 — Correction: you may request correction of inaccurate personal information.

To make a privacy complaint, first contact us using the details below. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner:

Office of the Australian Information Commissioner (OAIC)
GPO Box 5288, Sydney NSW 2001
Phone: 1300 363 992
Website: oaic.gov.au

Direct marketing: our marketing communications comply with the Spam Act 2003 (Cth). All marketing emails include an unsubscribe link, and we honour opt-out requests promptly.

Notifiable Data Breaches: if we become aware of a data breach likely to result in serious harm, we will notify affected individuals and the OAIC in accordance with the Notifiable Data Breaches scheme.

12. Additional Disclosures for Canadian Residents (PIPEDA)

If you reside in Canada, we handle your personal information in accordance with PIPEDA and applicable provincial privacy laws. Your rights include:

  • Access to your personal information;
  • Correction of inaccurate or incomplete information;
  • Withdrawal of consent for specified uses (subject to legal and contractual restrictions).

Our email communications comply with Canada's Anti-Spam Legislation (CASL). We do not send commercial electronic messages without your express or implied consent, and all such messages include clear sender identification and an unsubscribe mechanism.

If you are not satisfied with our response to a privacy concern, you may contact the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, QC K1A 1H3
Toll Free: 1.800.282.1376
Website: priv.gc.ca

13. Children's Privacy

Our Services are not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

14. Third-Party Links

Our Website may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

15. "Do Not Track" Signals

Some browsers offer a "Do Not Track" signal. There is currently no consistent industry standard for responding to such signals, and we do not currently respond to them. However, you can manage your cookie preferences through our Cookie Consent Manager at any time. See our Cookie Policy for details.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make material changes, we will update the "Last Updated" date and notify you where required by law (for example, by email or a prominent notice on our Website).

We encourage you to review this Policy periodically. Your continued use of our Services after changes take effect constitutes acceptance of the revised Policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

JLever Espresso Pty. Ltd.
ACN 686 602 817
Email: info@jleverespresso.com
Website: jleverespresso.com

Nothing in this Privacy Policy excludes, restricts, or modifies any rights you may have under the Australian Consumer Law, the Privacy Act 1988 (Cth), or equivalent consumer and privacy protection legislation in your jurisdiction that cannot be lawfully excluded.

!