Privacy Policy

Last Updated: September 16, 2025

1. Introduction

Brand Access LLC of 3790 EL Camino Real #854 Palo Alto, CA 94306 (we, us, our or Brand Access) are committed to protecting your privacy.

This Privacy Policy (Privacy Policy or Policy) outlines how your information is collected, used and disclosed when you access or use our services, including without limitation visiting our website at https://ozlosleep.au (Website), purchasing a product through our Website (including the purchase of any product of Drowsy Digital, Inc. and its subsidiaries and affiliates (Ozlo)), submitting an enquiry about our products or subscribing to our marketing communications (together, the Services). Brand Access is the seller of all Ozlo products and is solely responsible for all aspects of your purchase. Brand Access is the data controller of the Services offered through this Website.

Your information is collected, used and disclosed in accordance with the Privacy Act 1988 (Cth) (Privacy Act). You agree to comply with all Terms when accessing or using our Services, including this Privacy Policy.

By submitting Personal Information through our Website or Services, you acknowledge that we handle your Personal Information under the terms of this Privacy Policy, and you understand that our collection, use and disclosure of your Personal Information is as set out in this Privacy Policy. Further, you acknowledge and agree that your Personal Information or other data processed through the device and mobile app is subject to Ozlo's Privacy Policy. This Privacy Policy also sets out your rights regarding your Personal Information. Our online store found on our Website is powered by Shopify. The Shopify Privacy Policy applies in relation to any Personal Information collected, stored and processed on Shopify servers. You are required to read the Shopify privacy policy carefully in addition to this Policy to ensure that you are happy with the manner in which your Personal Information is collected, stored and processed by Shopify. We bear no responsibility or liability for how Shopify collects or uses your Personal Information. If you are concerned with any of their use and storage of your Personal Information, please contact Shopify directly.

2. What information do we collect and how is it collected?

We collect Personal Information, as defined in the Privacy Act (including Sensitive Information as defined in the Privacy Act), when you access or use our Services

2.1. Personal Information provided by you

We collect information that you provide to us via use of our Services as well as through any other means used to contact us.

The Personal Information we collect include:

• Your contact details and personal identifiers, including your name, email address, telephone number, shipping address, billing address, date of birth and username;
• Your purchase and transaction data, including date and time of purchase, customer number, order number and invoice number;
• Payment data, including your bank account and credit/debit card details, payment and receipt details, tax identification number, and refund or credit details;
• Records of your interactions with us, including any feedback, enquiries or complaints; and
• Your marketing preferences.

Shopify also collects your username and password in accordance with the Shopify Privacy Policy.

We reserve the right to maintain, store and use any information or data where we reasonably believe that such action is required to comply with any legal or regulatory obligations, to prevent criminal or other unlawful activity whether immediate or in the future, or where we have a legitimate business reason to do so, including collection of amounts owed, resolving disputes, enforcing our Terms or for record keeping integrity.

2.2. Automatically collected Personal Information

We automatically record information from your device and its software when you access our Services, including your IP address, browser and device type, internet service provider, mobile phone carrier, platform type, the website from which you came and the website to which you are going when you leave our Services, date and time stamp and cookies that may uniquely identify your browser or account.

When accessing our Services using a mobile device, we may also receive and collect identification numbers associated with your device, mobile carrier, device type and manufacturer, and, if enabled, geographical location data (including GPS). Please note that some of the information we collect, for example an IP address, can sometimes be used to approximate a device's location.

2.3. Personal Information collected via cookies

Our Services may use small pieces of data called cookies to identify a user who engages with our Services and to compile records of a user’s history of engaging with our Services. Cookies are stored by a users’ browser while the user browses a website. Cookies do not usually contain information that personally identifies a person, but each time the user visits the website, the browser sends the cookie data back to the server to notify the system of the user's previous activity. If you wish to disable cookies, you may do so through your browser settings, however please be aware that if you choose to do this, some functionality of our Website will not be available to you.

The Shopify platform is governed by its own Shopify Cookie Policy. We bear no responsibility for how Shopify uses your data for cookies. If you are concerned with any use and storage of your data for cookies by Shopify, please contact Shopify directly at Shopify Support.

2.4. Personal Information collected via Google Analytics 

We use Google Analytics, which allows us to anonymously track the use of our Services by recording the number of users who have visited, the number of pages viewed, navigation patterns, what systems users have and the date and time of visits through cookies. This information is collected for statistical purposes only and cannot be used to identify you.

We may use a range of services and functions offered by Google Analytics. We also use Google Analytics to partner with third parties and advertise online. Our third-party partner may use technologies such as cookies and third party Tracking Technologies to gather information about your activities on our website and other sites in order to provide you advertising based on your browsing activities and interests.

Please see this link for how your data is collected and this link for instructions on how to opt-out of any Google Analytics data tracking.

2.5. Personal Information collected via Meta Pixels

We use Meta Pixel (formerly Facebook Pixel). Meta Pixel collects data through cookies about actions you make on our website, such as viewing a page or clicking on a specific link. This helps us track conversions from Facebook advertisements, optimise advertisements for users, and build targeted audiences for advertisements. See clause 2.3 above for more information about our use of cookies.

We may use a range of services and functions offered by Meta Business Tools. Please note we are not liable for the way Meta uses your information and it is your responsibility to familiarise yourself with the Meta terms. You can access Meta Business Tools Terms here.

2.6. Third Party Payment Processor

We use third party payment processors and gateways to process payments made to us in the provision of our Services. All Personal Information, including any financial information such as credit card numbers, is collected and used directly by our third party payment processors and gateways as set out on our website, whose use of your personal information is governed by their own terms and conditions and privacy policy. We do not store or retain any sensitive financial/billing information (being credit card numbers, bank account details, etc.), obtained in connection with processing such payments.

2.7. Anonymity and the use of pseudonyms

When we collect your Personal Information, as far as reasonably practicable, you are permitted to interact and/or contact us anonymously or by using a pseudonym except where:

• we are required or authorised by a law or a court or tribunal order to deal with identified individuals; or
• it is impracticable for us to deal with individuals who have not identified themselves

3. For what purposes do we collect and use Personal Information?

We collect your Personal Information as outlined in this Privacy Policy for the purposes described below:

• for provision of the Services;
• for communication with you and to provide messaging and/or communications to you in association with the functions and features of the Services;
• for communicating to you any announcements and updates, updated terms, conditions and policies, security alerts, technical notices, support and administrative messages;
• for analysis, monitoring, development and improvement of our Services, including other products or services;
• to offer IT support and troubleshooting;
• to invoice you and receive payments from you;
• for security purposes, including to protect the Services and our property from abuse, fraud, malicious, unauthorised access or potentially illegal activities, and to protect our rights, safety and property and that of our other users;
• for sending marketing communications to you, including notifying you of promotional or advertising offers, contests and rewards, upcoming events and other news about products and services offered by us and use of our Services;
• to deal with your inquiries and manage communications from you;
• to perform credit checks;
• to comply with relevant laws and regulations where applicable; and
• for the performance of other functions described at the time of collection or as consented to in relation to our Services.

We may engage in the sale of Personal Information. By using our Services, you acknowledge and agree that we may sell, disclose, or transfer your Personal Information to third parties. We may engage in such sales for various purposes including but not limited to marketing, advertising, analytics, and research.

If you would like to opt-out of the sale of your Personal Information, please let us know. Please note that opting out of the sale of your Personal Information may not affect other aspects of your interaction with our services, but it may result in a less personalized experience.

4. How do we store and protect your information?

4.1. Storage of Personal Information

We take reasonable steps to protect your Personal Information from misuse, interference, loss, unauthorized access, modification or disclosure in accordance with APP 11. The Personal Information we collect from you is transferred and stored electronically via a secured SSL connection, with specific security measures including encryption, access controls, and regular security assessments. Your information is stored in secured servers (and Shopify servers if such information is held on the Shopify system) or in password-protected servers located in the United States, Canada and Australia. You acknowledge and consent to us storing your Personal Information on such servers, subject to the overseas transfer safeguards outlined in section 5.5.

4.2. Who can access your Personal Information?

Your Personal Information is accessible to our employees, contractors, third-party service
providers such as our website host and technical support providers, and clients including Ozlo. We may also store your Personal Information in password-protected email databases for the purpose of sending out communications and marketing emails in accordance with this Privacy Policy.

While we take reasonable steps to protect your Personal Information as required by APP 11, no method of electronic transmission or storage is 100% secure. We regularly assess and update our security measures to ensure they remain appropriate given the nature of the information and potential risks. You should take care when transmitting information over Internet and only enter information through our secure platforms. It is your responsibility to ensure that you keep your Personal Information safe, including keeping your software up to date to prevent security breaches.

We reserve the right to maintain and store any information or data where, we reasonably
believe, in our sole discretion, that such action is required to comply with any legal or regulatory obligations, to prevent criminal or other unlawful activity whether immediate or in the future, or where we have a legitimate business reason to do so, including collection of amounts owed, resolving disputes, enforcing our Terms or for record keeping integrity.

We destroy or de-identify your Personal Information when it is no longer needed for any
purpose for which it may be used or disclosed, and we are not required by law or a
court/tribunal order to retain it. We maintain specific retention schedules for different types of Personal Information and will inform you of applicable retention periods where reasonable to do so. Where we are required to keep your personal information for legal or regulatory purposes, we will maintain appropriate measures in accordance with APP 11.

5. To whom your Personal Information is disclosed?

Your Personal Information may be disclosed to individuals and companies, including Ozlo, for the purposes described in this Policy, as outlined below:

5.1. Brand Access and Related Bodies Corporate

Your Personal Information may be accessed by us, including our directors, employees, officers and contractors. You consent to us providing your Personal Information, including Sensitive Information to our Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth)).

5.2. Parties required by law

Your Personal Information may be disclosed by us to any party to whom we are required by law to provide your Personal Information and to any party to whom disclosure is permitted under the Australian Privacy Principles, or where we reasonably believe that disclosure is required to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify you if we are required by law to disclose your Personal Information.

5.3. Direct marketing

You agree and expressly and indefinitely consent to us using or disclosing Personal Information (other than Sensitive Information) to Ozlo to keep you informed about our products and services and other products and services that we consider may be of interest to you. We or Ozlo may communicate with you via phone, email, social media, SMS, or regular mail. If you have indicated a preference for a method of communication, we will endeavour to use that method wherever practical to do so.

You can opt-out of direct marketing communication activities undertaken by us at any time by clicking the “unsubscribe” or “opt-out” link on email communications from us, replying ‘Stop’ to a promotional SMS or by contacting us by phone or email.

5.4. Other third parties

We may share your Personal Information with third parties if it is reasonably related to the provision of our Services. The third parties that we may share your Personal Information with includes the vendors whose products you are purchasing via our Website, consultants, contractors, sub-contractors, accountants, credit agencies, debt collection agencies, law enforcement agencies, government agencies, marketing agencies, Ozlo, and other service providers to us that perform services on our behalf. Such services we procure may include identifying and disseminating advertisements, providing fraud detection and prevention services, processing payments or providing analytics services. We may also share your Personal Information with our business partners who offer goods or services to you jointly with us (for example, contests or promotions).

We may share your Personal Information where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities.

We may also share your Personal Information with third parties with your consent in a separate agreement, in connection with any company transaction (such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business by another company or third party) or in the event of bankruptcy, dissolution, divestiture or any related or similar proceedings.

Note that we reserve the right to share your Personal Information with other third parties where, in our sole discretion, it is required to:

• investigate and defend ourselves against any third party claims or allegations;
• protect against harm to the rights, property or safety of us, our users or the public as required or permitted by law; and
• detect, prevent or otherwise address criminal (including fraud or stalking), security or technical issues.

5.5. Overseas disclosure

Please note that some of the parties listed above to whom your Personal Information may be disclosed, may be located overseas, including in the United States, Europe and Canada.

We use reasonable steps to ensure that these parties are either governed by substantially similar, accessible and enforceable laws to the Australian Privacy Principles or adhere to the Australian Privacy Principles, however to the maximum extent permitted by law, we are not liable for the privacy practices of such parties.

Before transferring your Personal Information overseas, we will take reasonable steps to ensure that any overseas recipient will handle the information in accordance with the Australian Privacy Principles. We will either obtain your express consent for such transfers or ensure that the overseas recipient is bound by laws or binding schemes that provide similar protection to the APPs. You acknowledge that such overseas transfers may occur, and we will inform you of the specific countries where your data may be transferred.

6. Third party websites and social media

Our Services may, from time to time, contain links to and from websites which are owned or operated by other parties. You acknowledge and agree that we have no control over, and shall not be liable for, the privacy practices or content of these third party websites and we do not make any representation about the privacy practices of, any third-party websites, whether or not linked from or transferred from our Services. You are responsible for checking the privacy policy of any such websites and applications so that you can be informed of how they will handle Personal Information.

Ozlo runs pages on a number of social media platforms, including Facebook, Instagram, X (formerly Twitter), LinkedIn and TikTok (Social Media Platforms). By accessing, interacting with and using the Ozlo social media pages, you agree to the terms and privacy policy of those Social Media Platforms. You acknowledge and agree that these Social Media Platforms may collect your information and that the privacy practices of those Social Media Platforms are not controlled by us and that we hold no responsibility for such privacy practices.

Social Media Platforms also allow public access to your public social media profile, which may include your username, age range, country/language, list of friends or other information that you make publicly available and you understand that such information may therefore be accessible by us if you interact with its social media pages.

We and Ozlo may collect and use analytics data from social media interactions, including views, navigation patterns, likes, comments, and shares, for marketing and promotional purposes. This information will be handled in accordance with APP 6, and you may opt-out of such collection and use at any time by contacting our Privacy Officer. We will not use this information for any other purpose without your express consent.

7. How can you access or update your Personal Information?

At any time, you may request access to Personal Information we hold about you. We may refuse to provide access if the law allows us to do so, in which case we will provide reasons for our decision as required by law.

We take reasonable steps to keep your Personal Information accurate, complete and up-to-date. If, at any time, you discover that information held about you is incorrect, you may contact us to have the information deleted or corrected.

You may request access to the information we hold about you, or request that we delete, update or correct any Personal Information we hold about you, by setting out your request in writing and sending it to us in accordance with paragraph 10.

We will respond to your request within 30 days. If we need additional time due to complexity or volume, we will notify you within this period and explain the delay. If we refuse your request, we will provide written notice explaining the grounds for refusal, how to make a complaint, and any other matters prescribed by the Privacy Act.

8. How can you make a complaint about our privacy practices?

You may submit a written complaint about how we handle your Personal Information to our Privacy Officer via the details below. If you are not satisfied with our handling of your complaint or we have not replied to you within a reasonable period of time, then you are entitled to make a complaint to the Office of the Australian Information Commissioner or, if you are in the EU, a data protection authority or supervisory authority.

9. Amendments

We will notify you of any changes to this Privacy Policy by email and by posting a notice on our Services at least 30 days before the changes take effect. Any changes will be clearly
highlighted, and you will have the opportunity to review and accept the updated Privacy Policy or withdraw your consent. Previous versions of our Privacy Policy will remain accessible on our website. This page contains our most accurate and up to date version of our Privacy Policy.

10. Contact us

All requests for access or corrections to your Personal Information and complaints should be directed to our Privacy Officer. If submitting a complaint, please provide our Privacy Officer with full details of your complaint and any supporting documentation:

• by contact form at https://ozlosleep.au;
• by e-mail at privacy@brandaccess.com; or
• by letter to The Privacy Officer, 3790 EL Camino Real #854 Palo Alto, CA 94306

If you are not satisfied with our handling of your complaint or we have not replied to you within a reasonable period of time, then you are entitled to make a complaint to the Office of the Australian Information Commissioner.