Version date: 29 November 2025
Tide Foundation (ACN: 630 011 371) of Level 2, 65-71 Belmore Road Randwick NSW 2031, Australia (Tide, we, us and our) is committed to keeping all personal information collected through the https://tide.org website (Website) and associated applications confidential, secure, and private.
This Privacy Policy explains how we collect, use, manage, and disclose your personal information. It also outlines your rights regarding that information.
By accessing, browsing, or using the Website, you agree to be bound by this Privacy Policy. If you do not agree with any aspect of this Privacy Policy, please do not continue to use the Website.
We may modify or amend this Privacy Policy from time to time to reflect changes in the law or our business practices. We will display a notice on the Website indicating when any such revisions have been made.
We are bound by the Privacy Act 1988 (Cth) (Privacy Act) and adhere to the Australian Privacy Principles (APPs) in the collection and protection of your personal information.
The type of personal information that we may collect from you will depend on our relationship with you and the circumstances of collection.
Information you provide to us: We may collect personal information when you contact us (via email, telephone, or post), register for updates, or interact with our services. This may include:
Name and job title;
Email address and telephone numbers;
Wallet addresses or public keys (where associated with an identifiable person);
Information required or authorised by law; or
Opinions about our products, services, and/or staff.
Information we collect automatically (Technical Data): When you access and use our Website, we automatically record specific information for statistical and security purposes, including:
Your IP address and geolocation data;
The date and time of your visit;
The pages you accessed and documents downloaded;
The previous site you visited; and
The type of browser and operating system you are using.
Third-Party Sources: There may be occasions when we collect information about you from a third party (e.g., public blockchain ledgers or business partners). In such instances, we will determine whether we would have been entitled to collect such information directly from you. If we determine we were not entitled to collect it, we will destroy or de-identify such information as soon as reasonably practical.
We use cookies and similar tracking technologies to monitor activity on our Website and store certain information. Cookies are small data files transferred to your device that allow our system to recognize you and remember your preferences.
Essential Cookies: Required for the operation of our Website.
Analytics Cookies: Help us understand how visitors interact with the Website.
You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Website.
We will only use your personal information for the purposes for which it was collected or for a secondary purpose that is reasonably related to the primary purpose. Our primary uses include:
Providing you with our products, services, and technical documentation;
Tracking usage to evaluate and improve the performance of our Website;
Managing account settings and technical authentication;
Responding to your questions, suggestions, or complaints;
Conducting marketing activities and market research (where you have consented); and
Complying with our legal and regulatory obligations.
Marketing: We may send you email notifications regarding special promotions, updates, or offers. You may opt out of receiving such materials at any time by using the "unsubscribe" facility included in the email or by contacting us directly.
We do not sell, rent, or trade your personal information to third parties.
We will not disclose your personal information to any third party unless:
Group Companies: The third party is a group company of ours, in which case they must comply with this Privacy Policy;
Service Providers: The third party is a contractor engaged to provide goods or services to us (e.g., IT hosting, analytics, customer support). We require these providers to keep your information confidential and use it only for the specific service provided;
Business Transfers: The disclosure is in connection with the sale, assignment, or reorganization of some or all of our business assets; or
Legal Requirements: We are required to do so by law, or the disclosure is permitted by the Privacy Act (e.g., to prevent a serious threat to life, health, or safety, or to investigate suspected unlawful activity).
Overseas Disclosure: We may use service providers located outside of Australia (for example, cloud storage providers in the United States or European Union). When we disclose data overseas, we take reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to the information, or that they are subject to laws substantially similar to the APPs.
Access: You have a right to request access to the personal information we hold about you. We will process your request within a reasonable time (usually 30 days). We may require proof of identity before releasing information.
Correction: We take reasonable steps to ensure your personal information is accurate, complete, and up-to-date. If you believe the information we hold is inaccurate, incomplete, or out-of-date, please contact us, and we will correct it.
Deletion (Right to Erasure): You may request that we delete personal information we hold about you. We will comply with this request unless we are required by law to retain the information (e.g., for tax or legal compliance purposes).
The security of your data is a priority. We employ a range of technical and organizational measures to protect your personal information from misuse, interference, loss, and unauthorized access, modification, or disclosure. These measures include:
Encryption of data in transit and at rest;
Network firewalls and access control procedures; and
Physical security for our premises.
Notifiable Data Breaches (NDB) Scheme: In the event of a data breach that is likely to result in serious harm to you, we are legally mandated to notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Privacy Act 1988. We have an internal response plan to assess and mitigate such breaches immediately.
When you choose to use Tide's QR code-based Authenticator App for sign-in, the following privacy safeguards apply:
Local Processing: The App accesses your device’s camera solely to detect a QR code using the phone’s native scanning capabilities. QR detection and parsing occur locally on your device.
No Image Storage: No images, video frames, or biometric data are uploaded, stored, or retained by us or the Tide Cybersecurity Fabric.
Data Minimization: From the QR code, the App derives a single URL. Only this URL is used by the Secure Web Enclave to initiate an authentication flow against the Tide Cybersecurity Fabric.
Permissions: Camera access is permission-based and limited to the active scan session. You may revoke camera permissions at any time in your device settings.
If you have any queries, requests for access/deletion, or complaints regarding our collection, use, or management of your personal information, please contact:
ATTN: Privacy Officer Tide Foundation
Address: Level 2, 65-71 Belmore Road Randwick, NSW 2031, Australia
Complaints: If you wish to make a complaint about an alleged breach of the Privacy Act, please send your complaint in writing using the contact form above. We endeavor to respond to complaints within a reasonable period (usually 30 days).
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au