Privacy policy

Last updated: 3 June 2026

BookBag provides simple tools for schools and libraries to manage collections and share wishlists with their communities. This policy explains, in plain language, how information may be handled when you use the public website at bookbag.com.au.

What we may collect

• Account and contact details when you sign in, contact us, sign up a school, or pledge support — for example name, phone number, and email address.
• Messages and operational notes you send through forms or the messaging area, plus related metadata needed to tie a conversation together.
• Pledge and signup information such as chosen books, pledge method selections, subscription interest selections, optional comments, and links to schools or entities.
• Technical and security-related information typical of hosted websites — for example IP address, browser hints, timestamps, SMTP delivery statuses, OTP verification events, and similar records retained for fraud prevention and support.

How we use information

• To operate authentication, OTP email codes, confirmations, reminders, and other service messages you reasonably expect.
• To respond to enquiries, coordinate onboarding, and relay pledge information appropriately to nominated school or library contacts.
• To maintain reliable systems, investigate abuse or errors, comply with lawful requests, and protect users and infrastructure.

Email and communications

By using passwordless login and our forms you should expect transactional email (such as OTP codes or pledge acknowledgements). We do not intend to bombard you with marketing mail; incidental product news may occasionally be sent where it aligns with existing BookBag interactions.

Sharing with third parties

BookBag does not sell personal information. Information may flow to subcontractors strictly as needed for hosting, email delivery, storage, backups, analytics, payment or referral integrations, or other ordinary service operations.

From time to time BookBag might introduce thoughtfully chosen partner offers (for example services that genuinely help librarians or fundraisers). Such programmes would aim to remain relevant rather than intrusive, and you can always contact us about your preferences.

Retention and security

We apply reasonable organisational and technical measures appropriate to the nature of the data. Logs and backups may persist for ordinary business periods before rotation. Perfect security cannot be promised online; if you suspect misuse of your account, please notify us promptly.

Cookies and sessions

This site uses lightweight session cookies separate from internal staff login cookies so donor-facing features can remember your verified visit for a modest time.

Your choices

For access, correction, or concerns about personal information, reach us via the contact tools on this site or the support email shown in transactional messages. We aim to cooperate within practical limits imposed by legitimate security and archival needs.