TradeFlow

Privacy Policy

Last updated: 5 May 2026

TradeFlow ("we", "us", "our") is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, hold, use, and disclose personal information.

1. What We Collect

We collect personal information that is reasonably necessary to provide the Service, including:

  • Account information: name, email address, password (hashed), business name, ABN, phone number, and address.
  • Business operational data: records you create about your clients, jobs, quotes, invoices, suppliers, inventory, and team members.
  • Photos and files: images you upload (e.g., job photos, receipts, company logo).
  • Usage data: log data, IP address, browser type, pages visited, and timestamps for security and service-improvement purposes.
  • Payment information: handled by our payment processor (Stripe). We do not store credit card numbers on our servers.
  • Location data: when team members use the timesheet clock in/out feature, GPS coordinates may be recorded with their consent for verification.

2. How We Collect

We collect personal information directly from you when you sign up, use the Service, or contact us. We may also collect information from third-party integrations you authorise (e.g., Google Calendar, Xero).

3. Why We Collect

We collect personal information to:

  • Provide, maintain, and improve the Service;
  • Authenticate users and secure accounts;
  • Process payments and send transactional notifications (e.g., quotes, invoices, booking confirmations);
  • Respond to enquiries and provide customer support;
  • Comply with legal obligations including taxation and recordkeeping;
  • Detect, prevent, and respond to fraud or security incidents.

4. Disclosure to Third Parties

We may disclose personal information to:

  • Service providers who help us operate the Service, including: Supabase (database hosting), Vercel (application hosting), Stripe (payments), Resend (email delivery), Twilio (SMS), Anthropic (AI features), Google (Maps and optional Calendar integration).
  • Accounting integrations you choose to connect (e.g., Xero) to sync data on your behalf.
  • Law enforcement or regulatory authorities where we are legally required.

We do not sell personal information.

5. Cross-Border Disclosure

Some of our service providers (notably Supabase, Vercel, Stripe, Anthropic, Resend, and Twilio) may store or process data on servers located outside of Australia, including the United States and the European Union. By using the Service, you consent to such overseas transfers. We take reasonable steps to ensure these providers handle your information consistently with the APPs.

6. Storage and Security

We implement industry-standard security measures including encryption in transit (HTTPS/TLS), encryption at rest, role-based access control, and row-level security policies on our database. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain personal information for as long as your account is active and for a reasonable period afterward to comply with legal obligations (e.g., taxation records must be retained for at least 5 years under Australian law). You may request export or deletion of your data at any time.

8. Your Rights

Under the Privacy Act, you have the right to:

  • Access the personal information we hold about you;
  • Request correction of inaccurate or incomplete information;
  • Request deletion of your personal information (subject to legal retention requirements);
  • Withdraw consent for optional data uses (e.g., marketing emails);
  • Make a complaint about how we handle your personal information.

To exercise any of these rights, email info@tradeflowmanagement.com.au. We will respond within 30 days.

9. Cookies and Local Storage

We use essential cookies and local storage to keep you signed in and remember your preferences. We do not use advertising cookies or third-party tracking. You can disable cookies in your browser settings, but the Service may not function correctly without them.

10. Children

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children.

11. Client and Third-Party Personal Information

When you upload personal information about your clients, team members, or other third parties to the Service, you act as the data controller and are responsible for ensuring you have the necessary consent under the Privacy Act. We act as a data processor on your behalf.

12. Notifiable Data Breach Scheme

We comply with the Australian Notifiable Data Breaches scheme. If a breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available at /privacy. Material changes will be notified by email or via the Service.

14. Complaints

If you have a privacy complaint, please contact us first at info@tradeflowmanagement.com.au. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.

15. Contact

Privacy Officer
TradeFlow
info@tradeflowmanagement.com.au