CSSAU

Privacy Policy

Version 1.2 — February 2026

CSSAU Pty Ltd (ABN 61 613 671 499), trading as California Superbike School Australia (“CSSAU”, “we”, “us”, “our”), respects your privacy and is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, store, and disclose your personal information. It forms part of our Terms & Conditions.

1. What We Collect

We collect personal information that you provide to us when you:

  • Create an account or make a booking;
  • Complete a Participation Waiver or safety briefing;
  • Hire equipment (bike, gear);
  • Purchase gift vouchers or shop items;
  • Contact us via the website, email, or phone; or
  • Attend one of our events.

The types of personal information we may collect include:

  • Name, email address, phone number, date of birth;
  • Emergency contact details;
  • Medical conditions, injuries, or medications relevant to your safe participation;
  • Riding experience, licence details, and level progression history;
  • Payment information (processed securely by Stripe — we do not store full card numbers);
  • Waiver signatures and IP addresses (for legal verification);
  • Photos, video, or audio recordings taken at events (for training, safety, and incident purposes); and
  • Any other information you voluntarily provide.

For Participants under 18 years of age, we also collect the name, contact details, and relationship of the parent or legal guardian who signs the Minor Participant Waiver.

2. Why We Collect It

We collect and use your personal information for the following purposes:

  • To process and manage your bookings and payments;
  • To verify your identity, age, and eligibility to participate;
  • To ensure your safety and the safety of other Participants;
  • To maintain safety records, incident reports, and audit trails;
  • To track your level progression and issue completion certificates;
  • To communicate with you about your bookings and events (service communications);
  • To send marketing communications (with your consent);
  • To manage hire equipment and damage assessments;
  • To comply with our legal and regulatory obligations; and
  • To improve our services and website.

3. Service Messages vs. Marketing

We draw an important distinction between two types of communications:

Service communications (non-optional)

Booking confirmations, reminders, waiver requests, event logistics, schedule changes, post-event follow-ups, and safety notices. These are essential to delivering the service you have booked and cannot be opted out of while you have an active booking.

Marketing communications (optional)

Upcoming event announcements, promotions, news, and content. Sent only with your consent. You can opt out at any time via your account settings or the unsubscribe link in any marketing email.

4. Disclosures to Third Parties

We may share your personal information with the following third parties, only as necessary to provide our services:

  • Stripe — payment processing (PCI DSS Level 1 certified);
  • Resend — transactional and marketing email delivery;
  • Venue operators — event logistics, safety, and gate access;
  • Insurers — in the event of an incident or claim;
  • Medical and emergency services — in the event of an incident requiring treatment; and
  • Regulatory authorities — where required by law.

We do not sell your personal information to third parties. We do not share your information with third parties for their independent marketing purposes.

5. Storage and Security

Your personal information is stored securely in our database hosted by Supabase in the Sydney, Australia region (ap-southeast-2). We use encryption in transit (TLS) and at rest. Access to personal data is restricted to authorised CSSAU staff and contractors on a need-to-know basis.

Payment information is processed and stored securely by Stripe. We do not store full credit card numbers, CVVs, or other sensitive payment card data on our systems. We retain only a transaction reference for our records.

We use essential cookies for authentication and session management. We do not use third-party tracking cookies. Our analytics are privacy-focused and do not track individual users across other websites.

6. Access and Correction

Under the Australian Privacy Principles, you have the right to:

  • Access your personal information that we hold;
  • Request correction of any inaccurate, out-of-date, or incomplete information;
  • Request deletion of your personal data (subject to legal retention requirements, such as tax records and waiver signatures); and
  • Opt out of marketing communications at any time.

You can update most of your personal information directly through your Student Portal. For access or correction requests that cannot be completed through the portal, contact our Privacy Officer (see below).

We will respond to access and correction requests within 30 days. We may ask you to verify your identity before processing a request.

7. Complaints

If you believe we have breached the Australian Privacy Principles or handled your personal information inappropriately, you may lodge a complaint with our Privacy Officer using the contact details below.

We will acknowledge your complaint within 7 days and aim to resolve it within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

8. Contact

For privacy-related enquiries, access requests, or complaints, contact:

Privacy Officer
CSSAU Pty Ltd (ABN 61 613 671 499)
Trading as California Superbike School Australia
Email: privacy@superbikeschool.com.au

Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email to registered users. The current version is always available on this page. By continuing to use our services after changes are published, you accept the updated Policy.