Privacy Policy

1. Who we are

TradieKit.io is operated by Simon Harris, a sole trader in Australia (TradieKit, we, us, our). This Privacy Policy explains how we collect, hold, use, and disclose personal information and how you can exercise your rights. It applies to the tradiekit.io website, our tools, and any subdomains or integrations we operate.

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We also observe relevant principles of the EU General Data Protection Regulation (GDPR), UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA) where they apply to our users.

2. Scope & consent

By using our Service you consent to the collection and handling of personal information as described here. If you do not agree, please do not use the Service.

3. Information we collect

Category	Examples
Account information	Name, email address, password (hashed), business name, trade type, profile photo
Business profile	ABN (if supplied), business address, phone number, licence numbers, logo, service areas, about text
Content you create	Quotes, invoices, line items, notes, portfolio photos, job records, website content, review requests
Client data you upload	Names, email addresses, phone numbers, addresses, and job details of your clients (see section 10)
Payment information	Handled entirely by our third-party payment processor (Stripe) — we receive billing status, plan, last 4 digits, country, and tax info, but not full card numbers or CVVs
Technical data	IP address, browser type, device type, OS, referrer, timestamps, error logs
Usage data	Pages visited, features used, actions taken, session length
Communications	Emails you send us, support tickets, chat messages, feedback
Affiliate data	If you join the partner program: payout email, tax country, commission records (via our affiliate-tracking provider, Rewardful)

We do not intentionally collect "sensitive information" as defined under the Privacy Act (e.g. health, racial origin, political opinions). Please do not upload such information through our tools.

4. How we collect it

Directly from you when you sign up, fill in your profile, create a quote or invoice, upload a photo, or contact us.
Automatically when you use the Service, via cookies, log files, and analytics.
From third parties such as Stripe (our payment processor) and Rewardful (our affiliate-tracking provider) (billing and affiliate events) and, if you use social login in future, the identity provider you choose.

5. How we use your information

to provide, operate, and maintain the Service;
to authenticate you and secure your Account;
to process subscriptions, renewals, refunds, and affiliate payouts;
to generate documents (quotes, invoices, portfolios, public business websites, review pages) on your instruction;
to provide customer support and respond to enquiries;
to send service emails (receipts, important changes, security alerts);
to send marketing emails about new features or tips — only where you have opted in, with an unsubscribe link in every message (Spam Act 2003);
to analyse usage so we can fix bugs, improve features, and measure performance;
to detect and prevent fraud, abuse, or breach of our Terms;
to comply with legal and regulatory obligations.

6. Legal bases for processing

Where GDPR applies, our lawful bases include: (a) contract — to provide the Service you signed up for; (b) legitimate interests — to run, secure, and improve the Service and to protect against fraud; (c) consent — for optional marketing and non-essential cookies; and (d) legal obligation — to meet tax, accounting, and regulatory requirements.

7. Disclosure & sub-processors

We do not sell your personal information. We share it only with trusted service providers who help us run the Service, under contracts that require confidentiality and appropriate protection:

Provider	Purpose	Location
Supabase	Authentication, database, file storage	United States / EU (region-dependent)
Vercel	Web hosting, CDN, edge functions	Global edge / United States
Stripe	Payments, subscriptions, invoicing, and tax collection where applicable	United States / Global
Rewardful	Referral tracking and commission calculation for the partner program	United States / Global
Email delivery provider	Transactional and marketing email	United States / EU
Analytics provider	Aggregated, privacy-preserving usage analytics	EU / United States

We may also disclose personal information: (a) to professional advisers (lawyers, accountants) under confidentiality; (b) in connection with a sale, merger, or reorganisation of our business; (c) to comply with a subpoena, court order, or lawful request; or (d) to protect the rights, property, or safety of TradieKit, our users, or others.

8. Overseas transfers

Some of our providers are located outside Australia, including in the United States and the European Union. When we send personal information overseas, we take reasonable steps to ensure that the recipient handles the information consistently with the APPs, including by entering into contractual protections such as the EU Standard Contractual Clauses where appropriate.

9. Cookies & analytics

We use cookies and similar technologies to keep you signed in, remember preferences, secure the Service, and measure usage.

Strictly necessary cookies (authentication, CSRF, session) — always on.
Analytics cookies — to understand aggregate usage. You can opt out via your browser or the cookie banner where shown.
Affiliate attribution cookies — set when a visitor arrives via a partner link, used by Rewardful to credit commissions (typically a 30–60 day window; see the partner program terms for the current setting).

Most browsers let you block or delete cookies. Blocking strictly-necessary cookies may break parts of the Service.

10. Client data you upload

When you enter your clients' details (for example, to generate a quote or invoice), you are the controller of that data and we act as your processor / APP entity handling it on your behalf. You represent that you have the right to upload that information and to instruct us to process it, and that you have provided any notice required by law to the individuals concerned. On your written request, we will assist you with data subject requests relating to client data you have uploaded, at your cost if the request is disproportionate.

11. Marketing communications

We will only send you marketing emails where you have agreed to receive them. Every marketing email contains a functional unsubscribe link. Transactional emails (receipts, password resets, important Service notices) cannot be unsubscribed from while your Account is active.

12. Data retention

We keep your personal information for as long as your Account is active and for a reasonable period afterwards to meet legal, tax, and accounting obligations (typically up to 7 years for financial records under Australian law). After that, we will delete or de-identify it. You can request deletion at any time (see section 14), subject to our legal retention obligations.

13. Security

We take reasonable technical and organisational measures to protect personal information, including TLS encryption in transit, encrypted storage, hashed passwords, access controls, audit logging, least-privilege access to administrative systems, and careful vendor selection. No system is 100% secure; you use the Service at your own risk and should use a strong, unique password.

14. Your rights

Under the Australian Privacy Principles, you have the right to:

access the personal information we hold about you;
correct information that is inaccurate, incomplete, or out of date;
request deletion of your Account and associated personal information, subject to legal retention;
withdraw consent where processing is based on consent (e.g. marketing);
complain to us or to the Office of the Australian Information Commissioner (see section 19).

To exercise any of these rights, email bizkitconnect@outlook.com. We will respond within 30 days. There is no charge unless the request is excessive or repetitive.

15. EU, UK and California users

If you are located in the EU or UK, you also have rights under the GDPR / UK GDPR, including the rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your local supervisory authority.

If you are a California resident, you have rights under the CCPA/CPRA including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell personal information as that term is defined under the CCPA.

To exercise these rights, contact us at the email above. We will verify your identity before acting on your request.

16. Children

The Service is not directed at children under 16 and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.

17. Data breaches

If an eligible data breach occurs under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act), we will notify the affected individuals and the Office of the Australian Information Commissioner as soon as practicable.

18. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified via an in-Service notice or by email. The "Last updated" date at the top of this page will always show when the policy was last changed.

19. Complaints

If you have a privacy concern, please email us first at bizkitconnect@outlook.com with "Privacy complaint" in the subject line. We will acknowledge within 7 days and aim to resolve within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au or by calling 1300 363 992.

20. Contact us

TradieKit.io — Privacy Officer
Operated by Simon Harris (sole trader), Australia
Email: bizkitconnect@outlook.com
Website: tradiekit.io

Contents