/* Privacy Policy page (privacy.html) */

const TOC = [
  { id: "collect", title: "What information we collect" },
  { id: "use", title: "How we use your information" },
  { id: "share", title: "Who we share information with" },
  { id: "retention", title: "How long we keep information" },
  { id: "rights", title: "Your rights under the APPs" },
  { id: "security", title: "Security and storage" },
  { id: "cookies", title: "Cookies and analytics" },
  { id: "contact-privacy", title: "Contact for privacy matters" },
];

const PrivacyPage = () => (
  <Page>
    <main className="legal-page">
      <div className="legal-grid">
        <aside className="legal-toc">
          <div className="toc-label">Contents</div>
          <ol>
            {TOC.map((t) => (
              <li key={t.id}><a href={`#${t.id}`}>{t.title}</a></li>
            ))}
          </ol>
        </aside>

        <article className="legal-body">
          <div className="meta">Legal · Privacy Policy</div>
          <h1>Privacy Policy</h1>
          <div className="updated">Last updated: [to be confirmed before launch]</div>

          <div className="legal-disclaimer">
            <b>Draft for review.</b> This document is a structural placeholder. The final wording must be reviewed against the Australian Privacy Principles by a qualified Australian commercial lawyer before this page goes live.
          </div>

          <p>Storage Cartel Pty Ltd ("we", "us", "Storage Cartel") respects your privacy and handles personal information in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).</p>

          <h2 id="collect">1 · What information we collect</h2>
          <p>We collect personal information necessary to provide the storage service. This includes:</p>
          <ul>
            <li>Identification information — name, date of birth, address, government-issued ID</li>
            <li>Contact information — email, phone number, postal address</li>
            <li>Payment information — handled by Stripe, our payment processor; we do not see or store full card numbers</li>
            <li>Account activity — bookings, access requests, support enquiries</li>
            <li>Site security information — CCTV footage of the facility, recorded access events</li>
          </ul>

          <h2 id="use">2 · How we use your information</h2>
          <p>We use your information to set up and maintain your account, manage your storage agreement, process payments, communicate with you about your account, secure the facility, and meet our legal and tax obligations.</p>
          <p>We do not use your information for unsolicited marketing without your consent. Operational communications about your account are sent regardless of marketing preferences.</p>

          <h2 id="share">3 · Who we share information with</h2>
          <p>We share information only as necessary to operate the service:</p>
          <ul>
            <li>Stripe — payment processing</li>
            <li>Email and SMS providers — communications about your account</li>
            <li>Government agencies — where required by law (e.g. tax, regulatory, court orders)</li>
            <li>Professional advisers — our accountants and lawyers, under confidentiality obligations</li>
          </ul>

          <h2 id="retention">4 · How long we keep information</h2>
          <p>We keep account and agreement information for the duration of your storage agreement and for seven years after termination, in line with Australian tax and record-keeping obligations.</p>
          <p>CCTV footage is retained for 30 days unless flagged in connection with an incident.</p>

          <h2 id="rights">5 · Your rights under the APPs</h2>
          <p>You have the right to access the personal information we hold about you and request corrections. Contact our privacy team using the details below.</p>
          <p>If you believe we have mishandled your personal information, you may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC).</p>

          <h2 id="security">6 · Security and storage</h2>
          <p>We store electronic records on infrastructure operated by reputable Australian-region providers. Physical records (including signed agreements) are stored securely at our facility and digitised where appropriate.</p>
          <p>Access to personal information is limited to staff who need it to do their job, and is audited.</p>

          <h2 id="cookies">7 · Cookies and analytics</h2>
          <p>This website uses essential cookies to operate the customer portal, and Google Analytics 4 to understand site usage. Analytics cookies are anonymised. You can disable cookies in your browser; some site functionality may not work without them.</p>

          <h2 id="contact-privacy">8 · Contact for privacy matters</h2>
          <p>Email <a href="mailto:privacy@storagecartel.com.au" style={{ color: "var(--red)" }}>privacy@storagecartel.com.au</a> or write to Storage Cartel Pty Ltd, 45 Hughes Road, Blairgowrie VIC 3942.</p>

          <p style={{ marginTop: 48, fontSize: 14, fontStyle: "italic", color: "var(--ink-2)" }}>
            Storage Cartel Pty Ltd. ABN [to be added]. 45 Hughes Road, Blairgowrie VIC 3942.
          </p>
        </article>
      </div>
    </main>
  </Page>
);

ReactDOM.createRoot(document.getElementById("root")).render(<PrivacyPage />);