Privacy Policy

1. Introduction

ClaimTrack ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you provide directly to us, including:

• Account Information: Email address, name, and password (for authentication purposes)
• Profile Information: First name, last name, phone number, and company details
• Business Information: Company name, ABN, billing address, contact information, and payment details
• Payment Information: Credit card details and billing information processed through Stripe (we do not store full credit card numbers on our servers)
• Contract and Project Data: Contract details, line items, project information, and related documentation
• Claim Information: Progress claims, invoice data, payment schedules, and related financial information
• Documents: Invoices, compliance documents, supporting documentation, contracts, and other files you upload to our Service
• Communication Data: Information you provide when you contact us for support or feedback

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information, including:

• Usage Data: Information about how you access and use our Service, including pages viewed, features used, and time spent
• Device Information: IP address, browser type, device type, operating system, and device identifiers
• Location Data: General location information derived from your IP address
• Cookies and Tracking Technologies: We use cookies and similar tracking technologies to track activity on our Service (see Section 7 for more details)

2.3 Information from Third Parties

We may receive information about you from third-party services, including:

• Facebook: Facebook Click ID (fbclid) when you access our Service through Facebook advertisements
• Authentication Services: Information from authentication providers when you sign in

3. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Maintain Our Service: Process your requests, manage your account, and deliver the features and functionality of our Service
• To Process Documents: Use AI-powered services (Google Gemini) to extract and process data from invoices and other documents you upload
• To Communicate with You: Send you service-related communications, respond to your inquiries, and provide customer support
• To Send Marketing Communications: With your consent, send you newsletters, promotional materials, and updates about our Service (you can opt-out at any time)
• To Improve Our Service: Analyze usage patterns, conduct research, and develop new features and functionality
• To Ensure Security: Detect, prevent, and address technical issues, fraud, and security threats
• To Comply with Legal Obligations: Meet legal requirements, respond to legal processes, and protect our rights and the rights of our users
• For Analytics and Advertising: Track conversions, measure advertising effectiveness, and analyze website usage through Vercel Analytics
• To Process Payments: Process subscription payments and manage billing through Stripe

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Supabase: Our database and backend infrastructure provider. Data stored with Supabase is inherently stored on Amazon Web Services (AWS) infrastructure. Please refer to Supabase's privacy policy and AWS's privacy policy for more information.
• Amazon Web Services (AWS): Cloud storage and infrastructure services. Documents and data stored through Supabase are stored on AWS servers.
• Google Gemini: AI service used to extract and process data from documents you upload. When you upload documents, they may be sent to Google Gemini for processing. Please refer to Google's Privacy Policy for information about how Google handles your data.
• Resend: Email delivery service for transactional and marketing emails
• Stripe: Payment processing service for billing and subscription management. When you make a payment, your payment information is processed directly by Stripe. Please refer to Stripe's Privacy Policy for information about how Stripe handles your payment data.
• Facebook: For conversion tracking and advertising purposes (we may share hashed email addresses and Facebook Click IDs)
• Vercel: Analytics service provider for website usage analytics and performance monitoring

4.2 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

4.4 With Your Consent

We may share your information with third parties when you have given us consent to do so.

5. Data Storage and Security

Your data is stored securely using Supabase, which utilises AWS infrastructure. All data is encrypted in transit and at rest. We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Data Location: Your data is stored on servers located in regions as determined by Supabase and AWS. By using our Service, you consent to the transfer of your information to these locations.

6. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

If you choose to leave our platform, you may request that we delete your personal information. Upon receiving such a request, we will delete or anonymize your personal information, except where we are required to retain it for:

• Legal or regulatory compliance requirements
• Resolving disputes or enforcing our agreements
• Legitimate business purposes (such as maintaining records for accounting or tax purposes)

To request deletion of your data, please contact us using the information provided in Section 12.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

We use cookies and tracking technologies for the following purposes:

• To enable certain functions of the Service
• To provide analytics and track usage patterns (via Vercel Analytics)
• To store your preferences and settings
• For advertising and conversion tracking (including Facebook Pixel)

Vercel Analytics: We use Vercel Analytics to understand how visitors interact with our website. Vercel Analytics collects anonymized usage data to help us improve our Service. For more information, please refer to Vercel's Privacy Policy.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Opt-Out: Opt-out of marketing communications and certain data processing activities
• Objection: Object to processing of your personal information in certain circumstances

To exercise these rights, please contact us using the information provided in Section 12. We will respond to your request within a reasonable timeframe.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our Service, you consent to the transfer of your information to these countries.

Specifically, your data may be processed in:

• Australia (where our primary operations are based)
• The United States (where Supabase, AWS, Google, and other service providers operate)
• Other countries where our service providers maintain facilities

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us: