Cake! Network
Legal

Privacy Policy

Last updated 19 June 2026. Effective 19 June 2026.

1. Who we are

This privacy policy is published by The Cake Network Pty Ltd (ABN 91 691 434 821), trading as Australian Cake Decorating Network, referred to in this policy as "we", "us", "our", or "Cake! Network".

We operate cakenetwork.com (and its subdomains), the legacy domains austcakedecoratingnetwork.com and acdn.me, and the Cake! Network App for iOS and Android.

This policy governs how we collect, hold, use, and disclose personal information when you interact with any of those surfaces, when you become a member, and when you contact our support team. It is written to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

If you have questions about this policy or the personal information we hold about you, please contact:

The Privacy Officer
Reach the Privacy Officer via our contact form, selecting the Privacy category.

2. Information we collect

The categories of personal information we may collect about you include:

  • Identity and contact information: name, email address, postal address, phone number, and the user identifier from any third-party platform you use to sign in.
  • Account information: username, authentication identifiers, hashed passwords (where applicable), and profile photo if you upload one.
  • Membership and transactional information: your membership tier, start and end dates, subscription status, the courses or events you've enrolled in, and the history of orders and payments associated with your account.
  • Payment information: we do not store full credit card numbers. Payment details are collected by our payment processors on our behalf.
  • Support and communications information: the content of emails, messages, and support tickets you send to us; metadata about those communications (timestamps, threading); recordings of any calls you opt to make with us.
  • Content you submit: photos, videos, comments, recipes, competition entries, and other material you upload to our community spaces or websites.
  • Technical information: IP address, device type, operating system, browser version, referring URL, the pages you visit on our sites, the time and duration of your visits, and similar technical data automatically collected by web servers and analytics tools.
  • Marketing-preference information: your subscription status to our newsletter, the email categories you've opted into, and your interaction history with our emails (open and click events).

We do not routinely collect sensitive information (as defined in the Privacy Act). If you volunteer sensitive information to us (for example, dietary requirements when registering for an in-person event), we treat it according to §5.

3. How we collect personal information

We collect personal information directly from you when you:

  • create an account on any of our websites or apps;
  • subscribe to our newsletter or other email lists;
  • enrol in a course, masterclass, or membership tier;
  • purchase a ticket, product, or membership;
  • contact us by email, support form, or messaging channel;
  • submit competition entries, content, or comments;
  • attend an in-person event;
  • respond to a survey or research request;
  • interact with our presence on third-party platforms (e.g. Facebook, Instagram, YouTube).

We may also collect information about you indirectly, for example, from our payment processors when you transact, or from a third-party platform when you sign in via that platform.

Where we collect personal information from a third party, we take reasonable steps to make sure you're aware of the collection and the purpose, unless doing so would be unreasonable in the circumstances.

4. Why we collect personal information

The primary purposes for which we collect, hold, use, and disclose personal information are:

  • to provide our services (memberships, courses, events, community access);
  • to fulfil orders and process payments;
  • to authenticate you and keep your account secure;
  • to communicate with you about our services, including transactional emails (receipts, course-access notices, event details);
  • to provide member support;
  • to host and operate the Cake! Network community;
  • to administer competitions and events;
  • to send marketing communications you've opted into;
  • to analyse and improve our services;
  • to comply with our legal obligations (taxation, consumer law, the Privacy Act itself).

We may use your personal information for secondary purposes that are directly related to a primary purpose, in circumstances where you would reasonably expect us to do so. For example, we may use your enrolment history to recommend courses we think you'll enjoy.

5. Sensitive information

If you provide sensitive information to us (for example, dietary or health information when registering for an in-person event), we will use it only:

  • for the primary purpose for which it was provided (e.g. catering at the event);
  • with your consent for any other use; or
  • where required or authorised by law.

Sensitive information is held only for as long as necessary for that purpose and is then destroyed or de-identified.

6. Cookies, tracking, and analytics

Our websites use cookies and similar technologies to operate, secure, and analyse the service. Cookies in use fall into the following broad categories:

  • Strictly necessary: required for sign-in, cart, and security; cannot be disabled.
  • Analytics: help us understand how the site is used so we can improve it.
  • Marketing: used to measure the effectiveness of our marketing.

You can control cookies through your browser settings. Disabling some cookies may affect your ability to sign in or use parts of our service.

The Cake! Network App uses its own analytics and crash-reporting infrastructure provided by the platform on which it is published; that processing is governed by that platform's own privacy policy (see §15).

6.1 Bot protection (Cloudflare Turnstile)

To protect our forms and sign-in pages from automated abuse, spam, and fraud, we use Cloudflare Turnstile, a service provided by Cloudflare, Inc. Turnstile runs in the background of your browser (in "invisible" mode, with no puzzle for you to solve) and assesses signals such as your IP address, browser characteristics, and interaction patterns to distinguish humans from bots. This processing is necessary for the security of our service.

Cloudflare processes this information as our service provider for the purpose of bot protection. Cloudflare's handling of the information collected through Turnstile is described in the Cloudflare Turnstile Privacy Addendum, which forms part of this policy in respect of that processing.

7. Who we share your information with

We share personal information only:

  • With our service providers, where they need it to deliver a service to us (for example, payment processing, cloud hosting, email, and the community platform).
  • With government, regulatory, or law-enforcement bodies where we are required or authorised to do so by law.
  • With a purchaser or successor entity in the event of a sale, merger, or restructure of our business, limited to information necessary for the transaction and subject to ongoing privacy obligations.

We do not sell personal information to third parties for their own marketing purposes.

Some of our service providers store and process personal information outside Australia. Where an Australian region is available, we choose it. Depending on the service, your personal information may be stored or processed in Australia, the United States, and other countries in which our providers and their sub-processors operate.

We take reasonable steps to ensure overseas recipients handle personal information consistently with Australian privacy law.

8. AI and automated processing

We may use artificial intelligence and machine-learning tools to help us deliver our services, including in responding to your support enquiries. A team member reviews any AI-assisted output before it affects you. The contents of your communications with us are not used to train any third-party AI model.

If you would prefer your support communications to be handled without AI assistance, reply to our acknowledgement email with "no AI please" and a team member will handle your message manually.

9. Security of personal information

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. Our protections include encryption in transit and at rest, role-based access control, multi-factor authentication on administrative accounts, and a cyber-insurance policy that includes breach-response services.

No method of internet transmission or storage is 100% secure. While we take reasonable steps consistent with industry practice, we cannot guarantee absolute security.

10. Retention

We hold personal information only for as long as it is necessary for the purposes set out in this policy, or as required or authorised by law. Some categories of information, such as transaction and payment records, are retained for longer periods to meet taxation and corporations-law obligations. When personal information is no longer needed, we take reasonable steps to destroy or de-identify it.

11. Access, correction, and erasure

You have the right to request access to the personal information we hold about you, and to ask us to correct anything that is inaccurate, out-of-date, incomplete, irrelevant, or misleading. Requests should be made in writing to our Privacy Officer (§1).

We will respond within 30 days. We will not charge a fee for an access or correction request. We may require identification before releasing information.

You may also request erasure of the personal information we hold about you. Erasure may not be possible where:

  • we are required by law to keep the information (e.g. taxation records);
  • the information is necessary for an ongoing dispute or investigation;
  • erasure would prevent us from honouring an opt-out you have made.

Erasing your account information will end your access to memberships, courses, and the community. We will explain the practical effect before processing the request.

12. Notifiable Data Breaches

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. If we suspect a data breach is likely to result in serious harm to any individual, we will:

  • assess the breach within 30 days of becoming aware of it;
  • contain the breach as quickly as possible;
  • notify the Office of the Australian Information Commissioner; and
  • notify affected individuals as soon as practicable, unless an exception applies.

If you believe a breach affecting your personal information has occurred, please contact our Privacy Officer immediately.

13. Children's privacy

Our services are not directed at minors. We do not knowingly collect personal information from anyone under 18 without parental or guardian consent. If you believe someone under 18 has provided us with personal information without that consent, please contact our Privacy Officer and we will take steps to remove the information.

14. Changes to this policy

We may update this policy from time to time. The version and effective date are stated at the top of the policy. The current version is always available at cakenetwork.com/privacy-policy/. Continued use of our services after a change indicates your acceptance of the updated policy.

15. Third-party platform integration

Our community and Cake! Network App are operated for us by a third-party platform provider (Mighty Software, Inc, trading as Mighty Networks). When you sign in to or use the community or app, you also interact with that provider's systems, and the provider is an independent data controller in respect of the information they collect and process. Their handling of that information is governed by their own Terms of Use and Privacy Policy.

This privacy policy applies to the information we collect and process. It does not override the third-party provider's policy in respect of the information they handle as platform operator. If you delete your account with us, your account on that platform is also deactivated; some platform-side records may persist in line with their retention policy.

16. Complaints

If you have a complaint about how we have handled your personal information, please contact our Privacy Officer (§1) in the first instance. We will respond within 30 days.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner at https://www.oaic.gov.au or on 1300 363 992.