Privacy policy
Written to be consistent with the Australian Privacy Principles (Privacy Act 1988). This is a first draft — please have it checked before relying on it, particularly the cross-border storage section below.
1. What we collect
- Office account holders: name (optional), email address, and a securely hashed password (we never store your plain-text password).
- Worker records you enter: name, email, and phone number for each worker your company adds — collected by you, about your own employees, for the purpose of running your tool register. You are the one who decides what to collect from your workers; we simply store what you enter.
- Tool movement history: which tool, who took/returned it, when, and where — this is the core register data.
- Billing information: handled entirely by Stripe, our payment processor. We receive only a confirmation that payment succeeded, never your card number.
- Technical logs: request logs (IP address, page requested, timestamp) kept briefly for security and debugging.
2. How we use it
To operate the take/return and compliance features you signed up for, to bill your subscription, to send account-related emails (password resets, subscription notices), and to keep the service secure and working. We do not use your data for advertising and do not sell it.
3. Who we share it with
We use a small number of service providers to run SiteWarden, each only processing data on our behalf:
- Stripe (payment processing) — receives billing/contact details needed to charge your subscription.
- Resend (transactional email) — receives the email address and content needed to send you account emails.
- Railway (hosting) — stores the database and runs the application.
We don't share your data with other SiteWarden customers, and we don't sell it to anyone.
4. Where your data is stored — cross-border disclosure
Your data is currently hosted on servers located in the United States (via our infrastructure provider, Railway, region: San Francisco), not in Australia. Under Australian Privacy Principle 8, this is a cross-border disclosure of personal information. [This section needs specific legal input: what reasonable steps are being taken to ensure the overseas recipient doesn't breach the APPs, and whether this needs to be more prominently disclosed at sign-up. Do not finalise this policy without addressing this properly.]
5. How long we keep it
We keep your account and register data for as long as your account is active, plus a reasonable period after cancellation in case you want to reactivate or export it. Movement history is kept indefinitely by design — it's the audit trail your test-and-tag compliance relies on. You can ask us to delete your data on account closure.
6. Security
Passwords are hashed (never stored in plain text), traffic is encrypted (HTTPS), and each company's data is isolated from every other company's at the database level. We take daily backups.
7. Your rights
You can ask to see, correct, or delete the personal information we hold about your company or, if you're a worker whose details were entered by your employer, about you. Email us at support@sitewarden.com.au. If you're not satisfied with our response, you can complain to the Office of the Australian Information Commissioner.
8. Cookies
We use one cookie to keep you signed in (a session identifier). We don't use tracking or advertising cookies.
9. Changes to this policy
We may update this policy from time to time; material changes will be flagged on this page.