Privacy Policy

Tradewin App (“we”, “our”, “us”), also referred to as Tradewin, is committed to protecting the privacy of users of the Tradewin App platform (the “Service”). This Privacy Policy explains what personal information we collect, how we use and disclose it, and the rights you have in relation to that information.

We handle personal information in accordance with the Australian Privacy Principles (“APPs”) set out in the Privacy Act 1988 (Cth). By using the Service, you consent to the collection, use, and disclosure of your personal information as described in this Policy.

We collect the following categories of information:

Account & profile information — name, email address, password (hashed), Australian Business Number (ABN), business or trading name, primary trade, and approximate location based on your postcode.

Usage data — information about how you use the Service and data you create or store within your account.

Client data — information relating to your clients that you choose to enter into the Service.

Technical data — IP address, browser type, device information, and access timestamps collected automatically when you use the Service.

Communications — any messages, support requests, or other content you send to us.

We use the information we collect to:

• Provide, operate, secure, and improve the Service;
• Authenticate your account and protect it against unauthorised access;
• Provide pricing tools and recommendations;
• Send communications to your clients on your behalf where you request it;
• Send transactional emails such as account confirmation, password reset, team invitations, and service notifications;
• Develop aggregated, de-identified insights to improve and maintain the Service;
• Detect, investigate, and prevent fraudulent or abusive activity;
• Comply with legal obligations and respond to lawful requests;
• Communicate with you about updates, new features, or changes to the Service.

We may derive statistical indicators from aggregated, anonymised information drawn from use of the Service. Identifiers are removed before aggregation so that this data does not identify you, your business, or your clients, and cannot reasonably be used to do so.

By using the Service, you consent to the use of anonymised data derived from your account activity. You may contact us to withdraw consent for this use; historical aggregated data that has already been combined with other information cannot be individually removed.

We do not sell your personal information. We may disclose information to trusted third-party service providers engaged under contract to help us operate the Service. This includes providers in the following categories:

• Cloud infrastructure providers — host and store account data and files you upload to the Service;
• Payment processors — handle paid subscriptions. Payment details are handled directly by the processor and are not stored on our servers;
• Accounting software integrations — optional connections to export accepted work to your accounting system. Integration credentials are stored encrypted on our servers solely for this purpose. You can disconnect at any time from Account Settings;
• Email delivery providers — transactional email delivery;
• AI processing providers — process natural-language inputs you submit for features such as job description parsing. Submissions are not used to train these providers' models under their commercial terms;
• Mapping and geocoding providers — translate location inputs into approximate coordinates;
• SMS messaging providers — optional SMS functionality on eligible plans;
• Government identity verification services — verify business identifiers against authoritative public registers.

All providers are bound to handle your data consistently with this Policy and applicable privacy laws. We may also disclose information if required by law, in response to a valid legal process, to protect our rights or safety, or in connection with a corporate transaction such as a merger or sale of assets.

Your data is stored on infrastructure provided by third-party service providers. Some of these providers may store or process data outside Australia, including in the United States and Europe. By using the Service, you consent to your information being transferred to and processed in these jurisdictions.

We take reasonable steps to ensure that any overseas recipients handle your data consistently with the APPs and applicable data protection laws.

We take the security of your information seriously and apply industry-standard safeguards including:

• Encryption in transit (TLS) for all data exchanged between your device and our servers;
• Encryption at rest for stored data via our database provider;
• Encryption for any third-party integration credentials stored on our servers;
• Row-level security (RLS) in our database so users can only access their own data;
• Scoped access controls limiting each service component to the minimum data it requires;
• Routine security reviews of our infrastructure and dependencies.

No system is completely immune to attack. You are responsible for keeping your account password confidential and notifying us promptly of any suspected unauthorised access to your account.

We retain your personal information for as long as your account is active, plus a reasonable period thereafter to satisfy legal, accounting, and regulatory obligations. Aggregated and de-identified data may be retained indefinitely.

When you delete your account, we permanently delete or de-identify your personal information from our active systems within 30 days, except where retention is required by law.

Subject to limited exceptions under Australian law, you have the right to:

• Access the personal information we hold about you;
• Correct any inaccurate, out-of-date, or incomplete information;
• Delete your account and associated personal information at any time via your account settings;
• Withdraw consent to certain uses of your information by adjusting your settings or by contacting us;
• Lodge a complaint with the Office of the Australian Information Commissioner (“OAIC”) if you believe we have breached the APPs.

To exercise any of these rights, contact us at the email address below.

We use cookies and similar technologies strictly necessary to operate the Service — primarily authentication cookies that keep you logged in. We do not use third-party advertising or behavioural tracking cookies.

The Service is intended for use by Australian businesses and is not directed at children under 16 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us so we can remove it.

After you create an account we send a short series of onboarding tips to help you get value from Tradewin App, and we may occasionally send product updates and announcements to your account email. These emails always include an unsubscribe link, and unsubscribing stops all such tips and updates immediately. Transactional emails essential to the operation of your account (such as service notifications, password reset, and billing notices) cannot be unsubscribed from while your account remains active.

We may update this Privacy Policy from time to time. The current version is always available at this page, with the effective date noted at the top. Material changes will be communicated via email or in-app notice.

For questions about this Policy, to exercise your privacy rights, or to raise a complaint, contact us at:

Email: privacy@tradewin.com.au

You may also lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.