Skip to content
Story Services Packages Menu Gallery Contact
Book Now
Book Now Story Services Packages Menu Gallery Contact Login

Privacy Policy

Last updated: 28 May 2026

North Coast Catering ("we", "us", "our") respects your privacy. This policy explains what personal information we collect when you use our website and services, why we collect it, who we share it with, and the choices you have. It follows the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth).

1. Who we are

North Coast Catering is a catering business based in Launceston, Tasmania.

  • Trading name: North Coast Catering
  • ABN: 63 875 460 836
  • Address: Launceston, Tasmania 7250
  • Email: contact@northcoastcatering.com.au
  • Phone: 0402 087 848

2. What personal information we collect

We only collect what we need to run our business and serve you. Here is the full list, grouped by where you give it to us:

When you create an account

  • Your name, email address, and phone number
  • A password, which we store as a one-way bcrypt hash (we never see or store the password itself)

When you book an event

  • Event type (wedding, corporate, private, seasonal)
  • Event date and guest count
  • Venue address
  • Any notes or special requests you include

When you place an order

  • Whether you want pickup or delivery
  • Your scheduled date and time
  • Delivery address, if applicable
  • Any notes you include with the order

When you use the contact form

  • Name, email, and phone number
  • Event date, guest count, and event type, if you choose to share them
  • The content of your message

When you pay

Payments are processed by Stripe. Your card details are entered directly into Stripe's secure payment form and never touch our servers. We only store Stripe's payment reference identifiers (used to reconcile payments against your booking or order) and the amount paid.

Technical information

Like most websites, our server records standard technical information in request logs - your IP address, browser type, pages visited, and timestamps. We also set the following cookies and browser-storage items:

  • A session cookie that keeps you logged in and keeps your cart in place between pages
  • A CSRF cookie that protects forms against cross-site request forgery attacks
  • A PostHog identifier stored in your browser (as a cookie and in local storage) that ties together pageviews and clicks within a single visitor, so we can see flows like "viewed menu - started booking - submitted booking". This identifier is not linked to your name or email unless you are logged in.

We do not run advertising trackers and we do not use your data for marketing. The product analytics we do run are described in the next section.

Product analytics and error tracking

We use PostHog to understand how the site is used and to be notified when something breaks. See PostHog's privacy policy. From your browser, PostHog captures:

  • Pageview URLs and timing, and the event when you leave a page
  • Clicks on page elements (buttons, links, menu items)
  • Session replays of your interactions with the page. All form fields - including names, emails, phone numbers, addresses, notes, and the Stripe card field - are masked inside your browser before the recording is sent, so PostHog never receives what you typed into them

From our server, PostHog also receives an event whenever an error occurs while serving one of your requests. Each error event includes the request URL, HTTP method, your browser's user-agent string, and (if you are logged in) your account ID. Errors on health checks and static assets (CSS, JavaScript, images, fonts) are filtered out.

If you are logged in, your events are associated with your account ID, email, and name so we can debug issues specific to your account. If you are not logged in, you are tracked under a randomly generated identifier stored in your browser and no profile is created for you on PostHog's servers.

If your browser sends a Do Not Track (DNT) header, PostHog captures nothing for that visit - no pageviews, no clicks, no session replay, no error events.

PostHog stores this data in the United States.

3. How we use your information

We use your personal information to:

  • Confirm, plan, and deliver your bookings and orders
  • Send you booking confirmations, order updates, and invoices
  • Respond to enquiries you send through the contact form
  • Keep your account secure (login, password reset, session management)
  • Meet our tax and accounting obligations under Australian law

We do not use your information for marketing, profiling, or targeted advertising.

4. Who we share it with

We only share your information with service providers who help us run the business. These are:

  • Stripe, Inc. (United States) - processes your card payments. See Stripe's privacy policy.
  • Resend, Inc. (United States) - sends our transactional email (booking confirmations, contact form replies, invoices). See Resend's privacy policy.
  • PostHog, Inc. (United States) - product analytics and error tracking. From your browser, PostHog records pageviews, clicks, and session replays so we can understand how the site is used. From our server, PostHog also receives the URL, method, and your browser's user-agent string whenever a request errors. Form inputs (names, emails, phone numbers, addresses, notes, card field) are masked in your browser before session replays are sent. Logged-in customers' events are linked to their account ID, email, and name; everyone else is tracked under a random browser-side identifier. If your browser sends a "Do Not Track" header, PostHog captures nothing. The full breakdown is in section 2 above. See PostHog's privacy policy.
  • Google LLC (United States) - reCAPTCHA v3 protects our booking, contact, account, and password forms from automated spam. When you load these pages, Google issues a token that scores how likely you are to be a real person, based on signals from your browser and interaction patterns. We send this token (along with your IP address) to Google to verify the score. Google may use this data for fraud detection across its services. See Google's privacy policy and terms of service.
  • Our hosting provider: HostHatch, which runs the servers that store your data.

We also disclose information where we are required to by law (for example, to the Australian Taxation Office, or in response to a valid court order).

We do not sell your personal information to anyone, ever.

5. Overseas disclosure

Stripe, Resend, PostHog, and Google store and process data in the United States. By using our payment, email, analytics, and form-protection services, your information may be transferred to and processed in the US. All four providers operate under their own privacy and security commitments, linked above.

6. How we protect your information

We take reasonable steps to keep your information secure:

  • All traffic to our site is encrypted in transit using HTTPS
  • Passwords are hashed with bcrypt - we never store the plain text
  • Card details are handled entirely by Stripe; we never see them
  • Our site uses Content Security Policy (CSP) headers to reduce the risk of injection attacks
  • Access to our admin dashboard is restricted and protected by authentication
  • Invoice PDFs are stored on our server and only made available to the customer they relate to and to our staff

7. How long we keep it

  • Account information: while your account is active, and for a reasonable period after your last activity so we can respond to any follow-up enquiries
  • Booking, order, invoice, and payment records: at least 7 years, in line with our obligations under Australian tax record-keeping rules
  • Contact form submissions: up to 12 months, then deleted unless they relate to an active booking
  • Server request logs: up to 30 days, then deleted

8. Your rights

Under the Australian Privacy Principles you can:

  • Access the personal information we hold about you (APP 12)
  • Correct information that is inaccurate, out of date, or incomplete (APP 13)
  • Close your account and request we delete information we are not legally required to keep

To make a request, email us at contact@northcoastcatering.com.au. We will respond within 30 days. There is no charge for a reasonable request.

9. If you have a complaint

If you think we have mishandled your information, please tell us first - email contact@northcoastcatering.com.au and we will investigate and respond within 30 days.

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC):

  • Website: oaic.gov.au
  • Phone: 1300 363 992

10. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If the changes are significant, we will let account holders know by email.

11. Contact

Questions about this policy or how we handle your information? Get in touch:

  • Email: contact@northcoastcatering.com.au
  • Phone: 0402 087 848
  • Post: Launceston, Tasmania 7250

Quick Links

Our Story Services Packages Menu Gallery Contact Privacy Policy Terms of Service Refund Policy

Order & Book

Book an Event View Packages Login

Contact

0402 087 848

contact@northcoastcatering.com.au

Launceston, Tasmania 7250

© 2026 North Coast Catering. All rights reserved.