CaratHunter
Plans

Privacy Policy

Last updated: 2026년 4월 23일

Contents

  1. 1. Introduction
  2. 2. Information We Collect
  3. 3. How We Use Your Information
  4. 4. Disclosure of Information
  5. 5. Cookies & Tracking
  6. 6. Data Retention
  7. 7. Third-Party Services
  8. 8. Data Security
  9. 9. Children's Privacy
  10. 10. International Transfer
  11. 11. Your Rights (Australia)
  12. 12. Your Rights by Region
  13. 13. Data Breaches
  14. 14. Changes to This Policy
  15. 15. Contact & Complaints

1. Introduction

Digital Adventures Pty Ltd (ACN 697 144 531, ABN 93 697 144 531), trading as Carat Hunter ("we", "us", "our") operates the website carathunter.com and related services (collectively, the "Service"). We are committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth), as amended, the Australian Privacy Principles (APPs), and applicable international data protection laws including the EU General Data Protection Regulation (GDPR), UK Data Protection Act 2018, and other laws described in Section 12.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

We collect minimal personal information to operate our Service:

Information you provide:

  • Email address (when creating an account, submitting feedback, or requesting diamond reports)
  • Name (optional, when submitting feedback or bug reports)
  • Any information you include in feedback, bug reports, or AI chat messages

Information collected automatically:

  • Usage analytics via Microsoft Clarity (anonymised interaction data, heatmaps, session recordings)
  • Authentication token stored as a secure cookie (carathunter_auth)
  • Region preference stored as a cookie (carathunter-region)
  • Search preferences stored in your browser's localStorage
  • IP address and browser user agent (standard web server logs)
  • AI chat transcripts: conversations with Lucy, our AI diamond assistant, including messages you send and responses generated. If you are logged in, transcripts are linked to your account for service improvement

We do collect financial information, payment card details, or sensitive personal information as defined under the Privacy Act.

3. How We Use Your Information

We use information collected for the following purposes:

  • To provide and maintain the Service, including diamond search and comparison features
  • To authenticate your access to the Service
  • To respond to your feedback, bug reports, and enquiries
  • To generate and deliver diamond reports you request
  • To improve our Service through anonymised usage analytics
  • To detect and prevent abuse or misuse of the Service
  • To review AI chat interactions for quality assurance and service improvement

We do sell, rent, or trade your personal information to third parties for marketing purposes.

4. Disclosure of Information

We may share your information with the following categories of recipients:

  • Authentication and account management. Supabase stores your email address and account data, and hosts AI chat transcripts. See
  • Payment processing. Paddle acts as our merchant of record for purchases. Carat Hunter does not receive or store your payment card details. See
  • CDN and security services (processes requests and may store access logs)
  • Anonymised website analytics and session recordings
  • Email delivery service (processes emails you request, such as diamond reports and feedback)

We may also disclose information where required by law, to comply with legal process, or to protect our rights and safety.

5. Cookies & Tracking

We use cookies and similar technologies to operate our Service. For detailed information about the specific cookies we use, please see our .

In summary, we use essential cookies for authentication and region preferences, and analytics cookies (Microsoft Clarity) to understand how visitors interact with our Service. Payment processing via Paddle may set additional cookies during checkout. We do not use advertising or tracking cookies.

6. Data Retention

We retain your information for the following periods:

  • 12 months from creation, then deleted
  • 90 days
  • Retained until you request deletion
  • Retained as required by applicable tax law (typically 5-7 years)

You may request early deletion of your data at any time by contacting [email protected]. We will process deletion requests within 30 days, except where retention is required by law.

7. Third-Party Services

Carat Hunter aggregates publicly available diamond pricing from third-party retailers. When you click through to a retailer's website, you leave our Service and become subject to that retailer's privacy policy. We are not responsible for the privacy practices of third-party websites.

Our AI chat assistant (Lucy) is powered by large language model technology. Chat messages you send are processed by the underlying model to generate responses. The model has a training data cutoff and responses are not human-reviewed in real time.

We encourage you to review the privacy policies of any third-party sites you visit through links on our Service.

8. Data Security

We implement reasonable security measures to protect your information, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Secure authentication via Supabase with industry-standard encryption
  • Rate limiting on all form submissions to prevent abuse
  • Cloudflare DDoS protection and Web Application Firewall
  • Restricted database access with encrypted credentials

While we take reasonable steps to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will take steps to delete such information.

10. International Transfer

Our Service uses infrastructure and third-party services that may process data outside your home country, including in the United States (Cloudflare, Resend, Supabase) and other jurisdictions (Microsoft Clarity, Paddle). Our servers are located in Australia.

In accordance with Australian APP 8 and applicable international transfer requirements (including GDPR Article 46), we take reasonable steps to ensure overseas recipients comply with applicable privacy standards. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border data transfers.

11. Your Rights (Australia)

Under the Australian Privacy Act, you have the right to:

  • Request access to the personal information we hold about you (APP 12)
  • Request correction of inaccurate, out-of-date, or incomplete information (APP 13)
  • Request deletion of your personal information where we no longer need it, including stored chat transcripts
  • Lodge a complaint if you believe we have breached the APPs

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

12. Your Rights by Region

Depending on your location, you may have additional rights under local data protection laws. This section summarises your rights in each region we serve.

European Union & EEA (GDPR)

If you are in the European Economic Area (EEA), including France, Germany, and Ireland, you have rights under the General Data Protection Regulation (GDPR). Our legal basis for processing is legitimate interest (service operation) and consent (analytics cookies). You have the right to:

  • Receive your personal data in a structured, machine-readable format
  • Request restriction of processing of your personal data
  • Object to processing of your personal data
  • Request deletion of your personal data ("right to be forgotten")
  • Withdraw consent for analytics cookies at any time via our cookie banner
  • Lodge a complaint with your local Data Protection Authority (e.g. CNIL in France, BfDI in Germany, DPC in Ireland)

United Kingdom (UK GDPR & PECR)

If you are in the UK, you have equivalent rights under the UK GDPR and Data Protection Act 2018. Non-essential cookies require your consent under the Privacy and Electronic Communications Regulations (PECR). You may lodge complaints with the Information Commissioner's Office (ICO) at ico.org.uk.

United States (CCPA/CPRA & State Laws)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, delete, and opt out of sale of personal information. We do not sell personal information. Residents of Colorado (CPA), Connecticut (CTDPA), Virginia (VCDPA), and other states with privacy laws have similar rights to access, correct, and delete personal data.

Canada (PIPEDA)

If you are in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) governs how we handle your data. You have the right to access and correct your personal information, and to withdraw consent. Complaints may be filed with the Office of the Privacy Commissioner of Canada (priv.gc.ca).

New Zealand (Privacy Act 2020)

If you are in New Zealand, the Privacy Act 2020 and its 13 Information Privacy Principles apply. You have the right to access and correct your personal information. Complaints may be filed with the Office of the Privacy Commissioner (privacy.org.nz).

Singapore (PDPA)

If you are in Singapore, the Personal Data Protection Act 2012 (PDPA) applies. You have the right to access and correct your personal data. Complaints may be filed with the Personal Data Protection Commission (pdpc.gov.sg).

Hong Kong (PDPO)

If you are in Hong Kong, the Personal Data (Privacy) Ordinance (PDPO) applies. You have the right to access and correct your personal data. Complaints may be filed with the Office of the Privacy Commissioner for Personal Data (pcpd.org.hk).

India (DPDPA 2023)

If you are in India, the Digital Personal Data Protection Act 2023 (DPDPA) applies. You have the right to access, correct, and erase your personal data, and to nominate a representative to exercise these rights. We process your data based on consent and legitimate use.

Japan (APPI)

If you are in Japan, the Act on the Protection of Personal Information (APPI) applies. You have the right to request disclosure, correction, and deletion of your personal information. We comply with cross-border transfer requirements under APPI.

South Korea (PIPA)

If you are in South Korea, the Personal Information Protection Act (PIPA) applies. Non-essential cookies require your explicit consent. You have the right to access, correct, and delete your personal information. Complaints may be filed with the Personal Information Protection Commission (pipc.go.kr).

UAE (Federal Decree-Law 45/2021)

If you are in the UAE, the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data applies. You have the right to access, correct, and request deletion of your personal data.

To exercise any of these rights regardless of your location, contact [email protected]. We will respond within 30 days.

13. Data Breaches

In the event of an eligible data breach, we will comply with the Australian Notifiable Data Breaches (NDB) scheme, the GDPR's 72-hour notification requirement, and any other applicable breach notification laws. This includes:

  • Conducting an assessment within 30 days of becoming aware of a suspected breach
  • Notifying affected individuals as soon as practicable if a breach is likely to result in serious harm
  • Notifying the Office of the Australian Information Commissioner (OAIC)

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal or regulatory reasons. We will post the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact & Complaints

For privacy-related enquiries, access requests, or complaints, contact us at:

Email: [email protected]

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):