Privacy Policy

Last Updated: June 2026

At Apao.shop (accessible via our digital merchant infrastructure, hereafter referred to as the "Site"), hosted and operated by AGL RETAIL ENERGY LIMITED (ACN: 748 394 64; ABN: 21 074 839 464, located at Level 24, 200 George Street, Sydney, NSW, 2000, Australia), we hold the privacy and data integrity of our consumer base in the highest regard. This comprehensive and legally structured Privacy Policy outlines our strict protocols regarding the systematic collection, utilization, data sharing, protection, and disclosure of your Personal Information when you browse, interact with, or complete transactional purchases on the Site.

By interacting with our commercial interfaces, you explicitly acknowledge and agree to the frameworks detailed in this disclosure document. If you do not agree with these provisions, please discontinue use of our Site and support systems immediately.

1. Systemic Classifications of Personal Information We Collect

To deliver a seamless consumer experience, execute standard physical dispatches, and maintain robust platform security, we collect diverse categories of personal parameters across three distinct operational milestones:

A. Information Voluntarily Provided by the User

• Identity & Contact Matrix: Including your legally valid first name, surname, shipping destination addresses, official billing records, email addresses, and active direct telecommunication channels (+61485986643 or corresponding localized customer numbers).
• Commercial & Transactional Logs: Details of the specific products viewed, added to cart, or bought (e.g., electronic lifestyle goods or custom utilities), unique order IDs, and internal customer care communications transmitted to support@apao.shop.
• Payment Reference Records: Highly secure tokens required to process payment gateways (all underlying raw credit card information is encrypted via compliant PCI-DSS 128-bit configurations and handled strictly by our upstream integrated processors; our corporate servers maintain absolute zero structural visibility over your core secure payment digits).

B. Information Automatically Tracked via Site Infrastructures

• Device Identification Matrix: Your standard Internet Protocol (IP) address, localized geographic tracking parameters, operating system types, native web browser layouts, language preferences, and network access service tags.
• Navigational Behavior Metrics: Timestamps of visits, individual page interaction trajectories, referring Uniform Resource Locators (URLs), search engine keywords that guided you to Apao.shop, and diagnostic clickstream tracking.

C. Core Automated Data Processing Technologies (Cookies and Identifiers)

We implement structural analytical tags to enrich store load speeds and adapt individual settings. These include:

• Cookies: Textual fragments stored natively on your hardware device to streamline shopping cart permanence across distinct sub-sessions.
• Log Files & Web Beacons: Administrative metrics recording mechanical site incidents, latency issues, and electronic tracking pixels designed to count consumer traffic densities.

2. Explicit Legal Objectives for Personal Information Utilization

AGL RETAIL ENERGY LIMITED strictly limits the parsing of consumer records to lawful, transparent, and explicitly declared operational tasks. We leverage your collected data points for the following frameworks:

1. Fulfillment of Purchase Obligations: To execute payment confirmations, organize internal warehouse routing, compute authentic shipping weights, print logistical cargo waybills, and transmit automated order tracking notifications.
2. Customer Relationship Management: Processing return claims within our 30-day window, issuing necessary direct account status reports, and handling manual customer care tickets.
3. Risk Mitigations & Gateway Safety: Analyzing incoming transactions against automated fraud metrics, guarding the checkout interface against systematic unauthorized bot injections, and validating the legitimacy of processing tokens.
4. Regulatory and Tax Compliance: Maintaining accurate commercial purchase records, computing localized consumer tax thresholds, and complying with international customs mandates.

3. Structural Third-Party Data Sharing Frameworks

We do not lease, trade, or sell our consumers' data profiles to external brokerages for separate monetary gain. To operate our e-commerce models efficiently, we disclose highly specific data fragments exclusively to compliant enterprise service vendors:

• Core Infrastructure Host: Our entire store ecosystem operates via the Shopify platform framework, which parses automated server queries under strict localized corporate safety guidelines.
• Logistical Fulfillment Partners: Verified international and domestic postal carriers who receive your target destination data, contact numbers, and structural name matrices solely to execute final 7-13 day physical drop-offs.
• Payment Processors: Standard banking interfaces (such as Visa, Mastercard, American Express) that absorb secured transaction payloads to authenticate payments.
• Regulatory Frameworks: If formally mandated by state judiciaries, international customs enforcement panels, or explicit administrative warrants, we may disclose specific logs to align with governing statutes.

4. Targeted Legislative Frameworks: United States Regional Addendum (CCPA/CPRA)

As this online marketplace actively processes consumer requests originating within the United States market, we adhere precisely to the core tenets of the California Consumer Privacy Act (CCPA) as updated by the California Privacy Rights Act (CPRA) and equivalent state-level privacy statues. If you are a resident of California, Virginia, Colorado, or Utah, you maintain the following non-revocable consumer data privileges:

• The Right to Disclosure and Access: You can formally request a historical breakdown detailing the exact classifications of information we have archived over the prior 12-month window.
• The Right to Rectification & Correction: You possess the absolute authority to request immediate alterations to structurally incorrect, out-of-date, or missing contact variables.
• The Right to Permanent Erasure ("The Right to be Forgotten"): You can direct our team to completely purge your archival purchase footprint and registration emails from our physical enterprise database, barring specific transactional elements required for ongoing financial accounting audits or active tax reporting cycles.
• The Right to Non-Discrimination: We do not limit web features, degrade fulfillment times, or charge distinct tier pricing structures to any customer exercising their regulatory data protection rights.

To assert these statutory protections, please submit an official request to our Data Compliance Officer via support@apao.shop with the subject line "U.S. Data Rights Request."

5. International Data Relocations and Cross-Border Transfers

Please note that as Apao.shop is managed directly by an Australian entity (AGL RETAIL ENERGY LIMITED) and employs global cloud hosting setups, your personal parameter sets will cross international boundaries (including routing through data nodes situated within Australia, Canada, and the United States). We rely on contractually mandated Standard Contractual Clauses (SCCs) to ensure that your sensitive consumer information remains subject to a parallel, high-tier standard of security, regardless of its underlying geographic location.

6. Absolute Data Retention Guidelines

When you complete an transaction through Apao.shop, we retain your complete purchase details within our commercial records as required to fulfill legal tax obligations, settle potential financial chargeback windows, and satisfy regional consumer protection statutes. We will immediately securely wipe or anonymize your metrics upon the conclusion of these mandatory retention timelines, or upon the verified processing of a legitimate customer erasure mandate.

7. Structural Protection Measures & System Security

We deploy standard procedural, physical, and electronic defense architectures designed to isolate your files against malicious leakages, external network sniffing, or internal theft. However, please recognize that no system transmitting details across the open World Wide Web can guarantee an absolute 100% barrier. We strongly recommend accessing our checkout systems only within fully secured private networks.

8. Protection of Minors

Apao.shop does not intentionally solicit, profile, or market commercial materials to individuals under the age of 18. If a parent or legal guardian discovers that a minor has submitted personal tracking information to our databases without consent, please notify our team instantly. We will immediately purge the record from our live file groups.

9. Direct Administrative Contact and Data Escalate Channels

For extensive clarifications regarding our compliance parameters, to log explicit complaints, or to assert your operational data privacy privileges, please choose from our verified corporate entry points: