Privacy Policy

Standardsmate™ ("we", "our" or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services. By using Standardsmate™, you agree to the collection and use of information in accordance with this Privacy Policy.

2.1 Information You Provide

• We collect information that you provide directly to us, including:
• Account Information: name, email address, password, and company details.
• Profile Information: job title, industry, location, and professional qualifications.
• Payment Information: billing details and payment card information (processed securely by Stripe, our PCI-DSS compliant payment processor).
• Procurement Data: delivery addresses, purchase order details, and order history when using procurement features.
• Referral Information: referral codes shared, referred users, and referral credit balances.
• Communications: messages, questions, and feedback you send to us.
• Marketing Preferences: your consent to receive updates and communications about our platform.
• Payment data security: All payment information is processed through Stripe, a PCI-DSS Level 1 certified payment processor. We do NOT store complete credit card numbers on our servers. Payment data is encrypted in transit using TLS/SSL encryption. We adhere to GDPR and Australian Privacy Principles for all payment data handling. All financial information is held to the highest levels of security protection.

2.2 Information Automatically Collected

• When you use our service, we automatically collect:
• Usage Data: pages viewed, features used, time spent, and interaction patterns.
• Device Information: browser type, operating system, and device identifiers.
• Location Data: approximate geographic location based on IP address.
• Cookies and Tracking: data collected through cookies and similar technologies.

2.3 Geolocation Data Collection

• Marketing-page geolocation: when you visit our public pages we resolve an approximate geographic region (country, region, city, timezone, languages) from your IP address through a third-party service. This is used solely to localise content. We do not store this data on our servers. It is held in your browser's localStorage for up to 30 days and you can clear it at any time by clearing your browser cache.
• Precise GPS on site diary entries: when you sign in and use the site diary feature on a project, we record the precise GPS coordinates (latitude + longitude) reported by your browser at the moment you save a diary entry. This is used to verify that on-site time is logged from the site address (geofence) and to provide an evidentiary record of where the work was performed. GPS capture only happens with your browser's permission and is stored as part of the diary entry on our servers for the lifetime of the project. You can deny or revoke the location permission in your browser settings at any time; doing so disables the geofence check but does not block diary use.

2.4 Information from Third Parties

• We may receive information from:
• Authentication Providers: Google (when you sign in using OAuth).
• Analytics Services: usage statistics and performance data.
• Payment Processors: transaction confirmation and billing information.

2.5 Customer Approvals and Electronic Signatures

• When a customer approves a quote, variation, or scope of works through a unique approval link we send them, we capture the following as evidence of consent: the typed full name of the signer, a PNG image of the handwritten signature drawn on the canvas, the IP address the approval was submitted from, and the timestamp.
• These artefacts are retained as part of the project record for the lifetime of the project and may be produced as evidence in the event of a dispute. We retain them in line with standard Australian e-signature evidence practice (cf. DocuSign / Adobe Sign). Customers can request access to or correction of their signature record by contacting us.

2.6 Uploaded Files and Photos

• Documents you upload to a project (contracts, SWMS, certificates, drawings, insurance, permits), photos you attach to diary entries or material records, and files you attach to chat conversations are stored in encrypted cloud object storage (Amazon S3 in the Sydney region, AES-256 server-side encryption). Access is gated by short-lived signed URLs that rotate every five minutes.
• Document contents are also parsed into searchable text fragments so the in-app AI assistant can quote them when answering questions inside that project. These fragments are stored alongside the document on our servers and are only retrievable within the scope of the project that uploaded them.

2.7 Time Tracking and Hours Logs

• When you use the time-tracking feature, we record the start time, end time, computed duration, optional notes, optional hourly rate, billable flag, and member attribution for each entry. This data is used to calculate billable hours on the project, populate invoice line items, and provide weekly rollup summaries. Hourly rates are snapshotted at write time so retroactive rate changes do not alter previously logged history.

2.8 Push Notification Subscriptions

• If you enable push notifications, your browser generates a unique endpoint URL and a pair of encryption keys (p256dh + auth). We store these alongside your user account so we can send you push messages when a task deadline is approaching, a project deadline is approaching, or you are mentioned. You can disable push notifications at any time from the Settings page or your browser's site settings; disabling soft-deletes the subscription on our side so we will stop sending pushes within seconds.

• We use your information to:
• Provide, maintain, and improve our service.
• Process your transactions and send related information.
• Send you technical notices, updates, and support messages.
• Respond to your comments, questions, and customer service requests.
• Send you marketing communications (only if you have opted in).
• Monitor and analyse trends, usage, and activities.
• Detect, prevent, and address technical issues and fraud.
• Personalise and improve your experience.
• Comply with legal obligations.
• Train and improve our AI systems to provide better compliance answers and recommendations.
• Enhance platform features based on user behaviour and feedback.

3.1 AI Training and Platform Improvement

• We use data collected on the platform to train and improve our AI systems and enhance user experience. This includes:
• Questions and Queries: questions you ask help us understand common compliance needs and improve answer accuracy.
• Usage Patterns: how you interact with features helps us optimise the platform layout and functionality.
• Search Behaviour: what you search for helps us improve search relevance and content recommendations.
• Calculator Inputs: anonymised calculation data helps us refine our compliance calculators and audit tools.
• Feedback and Corrections: your feedback helps train our AI to provide more accurate responses.
• Privacy protection: when using data for AI training we (a) remove personally identifiable information (name, email, contact details) before training, (b) anonymise and aggregate data where possible, (c) do not share individual user queries or data with third parties for their AI training, (d) maintain strict security protocols to protect all training data.
• You can opt out of having your data used for AI training by contacting us (though this may limit some personalisation features).

• If you opt in to receive marketing communications, we may send you:
• Platform updates and new feature announcements.
• Educational content about Australian Standards and compliance.
• Tips and best practices for using Standardsmate™.
• Special offers and promotions.
• Your choice: you can opt out of marketing communications at any time by clicking the "unsubscribe" link in any email or updating your preferences in your account settings. Note that you will still receive transactional emails related to your account and purchases.

5.1 Service Providers

• Third-party vendors who perform services on our behalf, including:
• Payment processing (Stripe).
• Cloud hosting (AWS Sydney, ap-southeast-2).
• Email delivery services.
• Analytics providers.
• Customer support tools.
• AI and Machine Learning Services: we use commercial AI models (such as Anthropic Claude, OpenAI, and other leading providers) to power our compliance Q&A functionality, standards guidance, and platform intelligence.
• AI service provider commitments: data is processed in accordance with their privacy policies and our agreements; personal identifying information is removed before being sent to external AI providers where possible; all AI providers comply with applicable data protection laws.

5.2 Trade Suppliers and Business Partners

• When you use our material ordering and procurement features, we share necessary information with: trade suppliers (building materials suppliers, electrical wholesalers and other trade vendors) to fulfill your orders and provide pricing information; delivery partners (logistics and delivery companies) to ship your orders; payment processors for processing transactions with suppliers; procurement partners that facilitate material sourcing and price comparison.
• We only share information necessary to fulfill your orders (such as delivery address, contact details, and order specifications). We do not sell your personal information to suppliers or partners.
• Anonymised data sharing: we may share anonymised and aggregated data with trade suppliers to improve service quality, pricing, and inventory availability. Anonymised purchase trends, market insights, inventory optimisation, pricing analysis. All personal identifying information is removed before data is shared with suppliers. Data is aggregated and anonymised so individual users cannot be identified. Suppliers receive statistical trends only, never individual user data. No financial information, payment details, or contact information is shared in this process.

5.3 Standards and Compliance Data Providers

• To provide accurate standards information, we may work with:
• Standards Australia: for access to Australian Standards content and updates.
• Regulatory Bodies: for current compliance requirements and regulatory information.
• Industry Associations: for best practices and industry-specific guidance.
• Content Providers: for educational materials and compliance resources.

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5.5 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

5.6 With Your Consent

We may share your information for any other purpose with your explicit consent.

• We implement appropriate technical and organisational security measures to protect your personal information, including:
• Encryption of data in transit (TLS/SSL) and at rest.
• Production data hosted on AWS infrastructure in Sydney (ap-southeast-2).
• Secure password hashing (bcrypt/Argon2).
• Regular security assessments and updates.
• Access controls and authentication.
• Monitoring for unauthorised access.
• No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

6.1 Data Breach Notification

• In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:
• Notify affected users without undue delay (within 72 hours where feasible).
• Notify relevant supervisory authorities as required by law.
• Provide information about the nature of the breach, data affected, and mitigation steps.
• Take immediate action to contain and remediate the breach.
• Offer guidance on steps you can take to protect yourself.

• We retain your personal information for as long as necessary to: provide our services to you; comply with legal obligations; resolve disputes; enforce our agreements.

7.1 Retention Periods

• Active Account Data: retained while your account is active.
• Deleted Account Data: completely deleted immediately upon account deletion with no data retention.
• Transaction Records: retained for 7 years for tax and accounting purposes.
• Referral and Credit Data: retained for 7 years for tax and financial record purposes.
• Marketing Data: deleted within 30 days of opting out.
• Professional Verification Documents: retained while account is active plus 2 years.
• Anonymised AI Training Data: may be retained indefinitely as it cannot identify you.
• Legal Hold Data: retained until legal matters are resolved.
• When your information is no longer needed, we will securely delete or anonymise it.

• You have the right to:
• Access: request a copy of your personal information.
• Correction: update or correct inaccurate information.
• Deletion: request deletion of your personal information.
• Portability: receive your data in a structured, commonly used format.
• Objection: object to processing of your information.
• Restriction: request restriction of processing.
• Withdrawal: withdraw consent at any time.
• To exercise these rights, please contact us using the information provided below.

8.1 Self-Service Data Management

• As an authenticated user, you can manage your data directly through your account settings:
• Download Your Data: visit your Settings page to export all your personal data in JSON format.
• Delete Your Account: use the "Delete Account" feature in Settings to permanently remove your account and all associated data.
• Update Your Information: modify your profile information, email preferences, and account settings at any time.
• Quick access: logged-in users can access these features by going to Dashboard → Settings.

• We use cookies and similar tracking technologies to collect and track information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.
• Types of cookies we use:
• Essential Cookies: required for the service to function.
• Analytics Cookies: help us understand how you use the service.
• Preference Cookies: remember your settings and preferences.
• Marketing Cookies: track your visits and show relevant ads (if applicable).

9.1 Third-Party Links

Our service may contain links to third-party websites, services, or resources that are not owned or controlled by Standardsmate™. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected by our service.

Our service is intended for users who are 16 years of age or older. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child under 16 has provided us with personal information, please contact us and we will delete such information.

• Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ.
• We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy, including:
• Using Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to countries outside the EEA.
• Ensuring our service providers comply with applicable data protection frameworks.
• Implementing appropriate technical and organisational safeguards.
• Conducting due diligence on all international data processors.

11.1 Automated Decision Making

• We may use automated decision making in certain contexts, including:
• Credit Limit Assessment: automated evaluation of credit applications for procurement (subject to manual review).
• Content Recommendations: AI-powered suggestions for relevant standards and compliance information.
• Fraud Detection: automated analysis to identify suspicious transactions or activities.
• Your rights: you have the right to request human review of any automated decision that significantly affects you, to express your point of view, and to contest the decision.

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us: Standardsmate™. Privacy Team, Brisbane, Queensland, Australia. Email: sales@standardsmate.com.au.

Standardsmate™ is committed to compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). We handle personal information in accordance with these principles and applicable Australian privacy laws.

14.1 Privacy Complaints Process

• If you believe we have breached the Australian Privacy Principles or you wish to make a privacy complaint:
• Contact our Privacy Team at sales@standardsmate.com.au with details of your complaint.
• We will acknowledge your complaint within 7 business days.
• We will investigate your complaint and respond within 30 days.
• If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
• For more information about your privacy rights in Australia, visit the OAIC website at www.oaic.gov.au.