Privacy Policy

Harmonize Trade (ABN 82 982 480 271), trading as Auto-SOPA, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

1. Information We Collect

We collect different types of information depending on how you interact with Auto-SOPA:

Account Information

When you create an account (via Clerk authentication), we collect:

• Full name
• Email address
• Account preferences

Claim Data

When you create a payment claim, we collect the information you enter:

• Business names and trading names
• Australian Business Numbers (ABNs)
• Business addresses
• Contact details (names, phone numbers, emails)
• Contract details (reference numbers, dates, site addresses)
• Claim amounts and line item descriptions
• Reference Dates you select

Audit Trail Data

When you confirm a Reference Date, we automatically record:

• IP address
• Browser type and version (user agent)
• Timestamp of confirmation
• The confirmation text you acknowledged

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or banking details on our servers. Stripe may collect payment information in accordance with their privacy policy.

Technical Information

We automatically collect certain technical information when you use our service:

• Device type and operating system
• Browser type and version
• Pages visited and features used
• Error logs and diagnostic data

2. How We Collect Information

We collect information in the following ways:

• Directly from you: When you create an account, fill out forms, or enter claim details
• Automatically: Through cookies, server logs, and similar technologies when you use our service
• From service providers: Our authentication provider (Clerk) and payment processor (Stripe) may share information with us as necessary to provide their services

3. Why We Collect Information

We collect and use your information for the following purposes:

• To provide the service: Creating your payment claim documents
• To maintain audit trails: Recording evidence of your Reference Date confirmations for your legal protection
• To process payments: Facilitating secure payment transactions
• To communicate with you: Responding to enquiries and sending service-related notifications
• To improve our service: Analysing usage patterns to enhance features and user experience
• To ensure security: Detecting and preventing fraud or unauthorised access
• To comply with legal obligations: Meeting our obligations under Australian law

4. How We Store Information

Your information is stored using reputable, industry-standard service providers:

• Supabase: Database hosting for claim data and audit trails (PostgreSQL)
• Clerk: Authentication and account management
• Stripe: Payment processing
• Vercel: Application hosting

All data is encrypted in transit (TLS/SSL) and at rest. Our service providers maintain SOC 2 compliance and implement industry-standard security measures.

5. Who We Share Information With

We only share your information with:

• Service providers: Third parties who help us operate our service (Clerk, Supabase, Stripe, Vercel) under strict confidentiality agreements
• Legal requirements: When required by law, court order, or government request
• Business transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
• With your consent: When you explicitly authorise us to share information

We do not sell your personal information to third parties. We do not share your information with advertisers or marketing companies.

6. Audit Trail Data

When you confirm a Reference Date in Auto-SOPA, we create an immutable audit trail record. This record includes your IP address, browser information, timestamp, and the confirmation text you acknowledged.

Why we collect this: This audit trail exists to protect you. It provides evidence of when and how you confirmed your Reference Date, which may be important in adjudication or legal proceedings.

Disclosure: Audit trail data may be disclosed:

• To you, upon request
• In legal proceedings related to your payment claim
• When required by court order or subpoena

Modification: Audit trail records cannot be modified or deleted, even at your request. This immutability is essential to maintain the evidentiary value of the records.

7. Data Retention

We retain your information for the following periods:

• Account information: Until you close your account, plus a reasonable period for backup and legal compliance
• Claim data: 7 years from the date of claim creation (to align with limitation periods for construction disputes)
• Audit trail data: 7 years minimum (may be retained longer if required for ongoing legal matters)
• Payment records: 7 years (for Australian tax law compliance)
• Technical logs: 90 days (for troubleshooting and security purposes)

8. Your Rights

Under the Australian Privacy Principles, you have the following rights:

• Access: You can request a copy of the personal information we hold about you
• Correction: You can request that we correct inaccurate or incomplete information
• Deletion: You can request deletion of your personal information (subject to legal retention requirements and excluding audit trail data)
• Data portability: You can request an export of your claim data in a standard format
• Complaints: You can lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, contact us at the details provided below. We will respond to your request within 30 days.

Note: Audit trail data cannot be deleted or modified due to its evidentiary nature. This is for your protection.

9. Cookies and Analytics

Auto-SOPA uses cookies and similar technologies for:

• Essential cookies: Required for the service to function (authentication, session management)
• Preference cookies: To remember your settings and preferences
• Analytics cookies: To understand how users interact with our service (using privacy-respecting analytics)

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using Auto-SOPA.

10. Security

We implement appropriate technical and organisational measures to protect your information:

• Encryption of data in transit and at rest
• Secure authentication with industry-standard providers
• Regular security assessments and updates
• Access controls limiting who can access personal information
• Monitoring for suspicious activity

While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. International Data Transfers

Our service providers may store or process your information in countries outside Australia, including the United States. When we transfer your information overseas, we take reasonable steps to ensure that the overseas recipient complies with the Australian Privacy Principles or is subject to a law or binding scheme that has the effect of protecting your information.

12. Children's Privacy

Auto-SOPA is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date
• Sending you an email notification (for significant changes)

We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or wish to make a complaint, please contact us:

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):