Privacy Policy

1. Information We Collect

The personal information we collect depends on how you use CircleTrust. This may include:

• Name and contact details (email, phone number)
• Account credentials (username, password)
• Business information (company name, ABN, business address)
• Payment and billing information (credit card, bank account details)
• Usage data and analytics (IP address, browser type, device info, pages visited)
• Communication records (support enquiries, feedback, correspondence)
• Professional information relevant to the services provided through the platform

2. Types of Information

Under the Privacy Act 1998 (Cth), “Personal Information” means information or an opinion about an identified or reasonably identifiable individual, whether true or not, and whether recorded in material form or not.

“Sensitive Information” includes details such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, criminal record, or health information. We only use sensitive information for the primary purpose it was collected, a directly related secondary purpose, or with your consent.

3. How We Collect Your Information

• Directly from you when you input information into the website or app
• Via cookies to help customise your experience (cookies generally cannot identify you personally)
• Occasionally from third parties, in which case we will take steps to inform you

4. Purpose of Collection

We collect personal information to provide you with the best service experience and to keep you informed about our business. We may disclose your information to:

• Payment processors for credit card and bank processing
• Cloud infrastructure providers for data storage
• Analytics providers for usage tracking
• Email service providers for communications

All service providers are contractually required to comply with the Australian Privacy Principles and maintain equivalent security standards.

5. Data Retention

• Payment and billing information: 7 years
• Usage analytics and IP data: 12 months
• Communication and support records: 3 years
• Account credentials: duration of account plus 12 months
• Business information: duration of service relationship plus 2 years

Upon expiry of these periods, we securely destroy or de-identify data within 30 days.

6. Access and Correction

Under Australian Privacy Principles 12 and 13, you may request access to the personal information we hold about you and request corrections to inaccurate information. Contact us to make a request.

7. Overseas Transfer

Your personal information will not be disclosed to recipients outside Australia unless you expressly request it. If transferred overseas at your request, the overseas recipient will not be required to comply with the Australian Privacy Principles.

8. Data Breach Notification

If we discover a data breach likely to result in serious harm, we will notify you and the Office of the Australian Information Commissioner within 14 days of discovery. Notification will be provided via email or SMS and will include details of the breach, the data affected, and recommended protective steps.

9. Complaints

If you have a complaint about how we handle your personal information, please contact us. All complaints will be considered by Directors. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.