Privacy policy

Your privacy is important to us. We value our customers’ right to privacy and are committed to both protecting your privacy, and adhering to the the Australian Privacy Principles under the Privacy Act 1988.

Insho (ABN 91 461 367 048) is a business of Ryde, NSW and referred to within this policy as “we”, “our” or “us”. By accessing and using insho.fashion (referred to as “site”) you acknowledge you have read, understood and accepted our Terms and Conditions and Cookie policy along with the contents of this Privacy policy.

If you are under 18, or considered a minor in your country, you must obtain permission from a guardian or parent prior to registering for an account at this site.

This policy may change periodically so we encourage you to check back regularly. If you have an account with us we will write to you, via email, to notify you of any changes to this policy.

What do we do with your personal information?

We use your personal information for the purposes you intend only. There are the following purposes required for our business:

  • Purchases – when you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address to fulfill your order. 

If you have an account with us, we’ll retain this information with your account. If you choose not to have an account, we retain it for a period for fraud purposes before anonymising the data.

  • Comments or reviews – When you leave a comment or review, it will be associated with the details you provide. If you have an account, we’ll associate the comment with the account.
  • When you contact us – We will collect information you provide, such as name, phone number and email address, to respond to enquiries. 
  • Marketing – With your explicit permission, we may store your email address and name to send you emails about our store, new products and other updates. We will always provide an ability to opt-out of these materials and never send marketing without your permission.

Although we protect personal information, we may hand over personal information where required by law, or to facilitate investigations into a crime. If we are required to hand over your data, we will inform you via the contact details recorded unless legally compelled not to disclose the release.

How do we use non-personal information?

During your transacting or use of this site we may collect non-personal information such as your internet protocol (IP) address as well as device data and the date and time of any accesses. This information is used for the purposes of continuous improvement of our website or for security purposes.

We may also retain information such as pages you’ve viewed to display other web pages we believe you may be interested in. Where you have an account with us, this information will be linked to your account and personal information.

Are there any partners you use I should be aware of?

As part of providing our services we partner with a number of third parties. In the process of using our services you may provide these providers your data, or provide us data you have with them. We can not control their use of your information and encourage you to review their privacy policies. Key partners include:

  • Stripe, used for credit card processing – https://stripe.com/au/privacy – Stripe may retain credit card information on their servers if you choose to save your details. We retain only a reference to your card on our servers and no person details
  • Paypal, used for payment processing – https://www.paypal.com/au/webapps/mpp/ua/privacy-full – PayPal is provided details about your purchase for payment purposes. We may retain references to your PayPal account for fraud purposes.
  • Apple Pay, a payment option – https://www.apple.com/au/privacy/privacy-policy/ – Apple may retain card data you have previously chosen to provide them.
  • ProtonMail, used for encrypted email you send to us through contact forms – https://protonmail.com/privacy-policy – Any information you provide via our contact form could be stored in their encrypted email services. 
  • Facebook, used for logins, post commentary and analytics – https://www.facebook.com/about/privacy/ – Provides email address and name for order and comment purposes. Information provided for analytics includes which pages you’ve looked at and duration. Facebook may use this data for advertising purposes.
  • Google, used for analytics and logins – https://www.google.com.au/intl/en_au/policies/privacy/
  • New Relic – Used to website performance. Collects anonymous data associated with page load performance. This data is not connected to individual profiles.
How do you secure my data?

We take all reasonable steps to ensure that your personal information is protected, but transmission of data via the internet has inherent risks. We will either delete, or de-identify, any of your personal information that is no longer needed. In order to protect your data, we recommend you invest in virus protection and you use strong and unique passwords for this site. To assist in managing passwords we recommend considering a strong password manager.

Some of the core security we use is outlined below:

  • Website – Transport Layer Security (TLS) is used to secure communications between our site and you.
  • Firewall & malware monitoring – We utilise the services of Sucuri to assist in the monitoring and protection of our website from security threats.
  • Password – We do not retain your exact password, instead we compare a hash and salted version of your password for your protection. For further information on what this means please refer to The difference between encryption, hashing and salting
  • Credit cards – We do not store any credit card data within our systems, instead payments are processed directly with our third party payment providers and only a reference is provided to us. Our current payment providers are Stripe, PayPal or Apple.
  • Forms – All forms are protected by TLS between yourself and our website. The contact forms also use PGP (http://openpgp.org) to encrypt submissions for your security. No data from contact forms is retained on the server, nor retained once no longer required. 
  • Emails – Emails sent to you as notifications, or in response to an email request, may not be end to end encrypted depending on your settings. You may enable encrypted notification emails, however, by providing a PGP Public key. You may request we communicate with you in an encrypted format by sending a request via our Contact Us form and include the password you’d like to use.

We endeavour to continuously improve security but should you discover a vulnerability, please write to us at web@insho.fashion.

How do I review or update information?

If you have a customer account, please login and select the Account details section. You may then review and amend the details as appropriate.

If you require assistance, or have questions, please don’t hesitate to contact us.

You ask for my Facebook details when I login, what do you use it for?

When you choose to use your Facebook account as a login, some personal details are provided to us. These details include your name and email address. We use these details to support any orders you make with us, or comments you may leave. We do not store or access any information regarding your connections or activities on Facebook.

If you have any concerns, please feel free to contact us.

I have further questions not listed here, who should I contact?

We are always happy to assist in any way we can. Please don’t hesitate to contact us with any questions via our secure contact page.

Last updated: 8 April 2018