Privacy Policy

We collect information that is necessary to provide you with the Service. This includes:

• Account information — your name, email address, phone number, business name, ABN, and address provided during signup and onboarding.
• Business data — information you enter into the platform in the course of running your business, including client details, job records, invoices, quotes, timesheets, and purchase orders. This may include personal information about your own clients, employees, and contractors.
• Usage data — information about how you interact with the platform, including pages visited, features used, browser type, device type, IP address, and timestamps. This data is collected automatically and used in aggregate to improve the Service.
• Payment information — billing details such as your card type and last four digits are handled directly by Stripe, our payment processor. SERVLO does not store full card numbers or sensitive financial data on our own servers.

We collect personal information only by lawful and fair means and, where reasonably practicable, directly from you.

We use the information we collect to:

• Provide, operate, and maintain the SERVLO platform and its features.
• Process subscription payments and manage your billing relationship with us.
• Send transactional emails — including account verification, password resets, invoice delivery, and subscription receipts — via our email service provider Resend.
• Send service-related communications such as product updates, maintenance notices, and changes to these policies.
• Improve and personalise the platform, including developing new features and analysing usage patterns.
• Provide customer support and respond to your enquiries.
• Meet our legal and regulatory obligations under Australian law.
• Detect, investigate, and prevent fraudulent or unlawful activity.

We will not use your personal information for direct marketing without your consent, and you may opt out of any marketing communications at any time.

Your data is stored using Supabase, which provides a managed PostgreSQL database and authentication service. Our infrastructure is configured as follows:

• Primary servers — US-East region (Virginia, United States).
• Backup servers — AU-East region (Sydney, Australia).
• Encryption — all data is encrypted at rest and in transit. Connections to the platform are secured using TLS.

By using SERVLO, you acknowledge that some of your data may be stored and processed in the United States. We take reasonable steps to ensure that any overseas transfer of personal information is handled in accordance with the APPs, including ensuring that recipients are subject to comparable privacy protections.

We engage the following third-party service providers in the operation of the platform. Each provider processes certain personal information on our behalf and is subject to their own privacy policies:

• Stripe — payment processing. Stripe handles all credit card and billing data. Stripe is PCI DSS compliant. See stripe.com/au/privacy.
• Resend — transactional email delivery. Resend processes email addresses and message content for the purpose of delivering emails on our behalf.
• Supabase — database hosting and authentication. Supabase stores and manages your account data and business records.
• Anthropic— AI features. Where AI-powered features are used within the platform, your prompts and relevant context may be processed by Anthropic’s AI models. We do not share identifiable personal data with Anthropic beyond what is necessary to fulfil the specific AI feature you are using.
• Twilio — SMS notifications, when configured. If you enable SMS features, Twilio processes phone numbers and message content for delivery purposes.

We do not sell, rent, or trade your personal information to any third parties for their own marketing purposes.

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights in relation to your personal information:

• Right of access — you may request access to the personal information we hold about you. We will respond to access requests within a reasonable time and provide the information in a format that is accessible to you.
• Right to correction — if you believe that personal information we hold about you is inaccurate, out of date, incomplete, or misleading, you may request that we correct it. You can update most information directly within your account settings.
• Right to deletion — you may request that we delete your personal information. Subject to our legal obligations and the data retention requirements described below, we will take reasonable steps to comply with deletion requests.
• Right to opt out of marketing — you may opt out of receiving direct marketing communications from us at any time by clicking the unsubscribe link in any marketing email or by contacting us directly.

To exercise any of these rights, please contact us at hello@servlo.com.au. We will respond within 5 business days. In some cases, we may need to verify your identity before processing a request.

If you are not satisfied with how we have handled your personal information, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

SERVLO is committed to complying with the thirteen Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). These principles govern how we collect, hold, use, correct, and disclose personal information.

In particular, we commit to:

• Being transparent about how we manage personal information (APP 1).
• Collecting personal information only by lawful and fair means (APP 3).
• Keeping personal information secure (APP 11).
• Only using or disclosing personal information for the primary purpose for which it was collected, or for secondary purposes where permitted by law (APP 6).
• Giving you access to and the ability to correct your personal information (APPs 12 and 13).

We retain your personal information and business data for as long as your account remains active or as needed to provide the Service.

If you cancel your subscription or close your account, your data will be retained for a period of up to 90 days to allow for account recovery or data export. After this period, your data will be permanently deleted from our systems, subject to any legal obligations that require us to retain certain records for longer (for example, financial and tax records may be required to be kept for a minimum period under Australian law).

You may request deletion of your data at any time by contacting us at hello@servlo.com.au. We will action deletion requests within 30 days, subject to any applicable legal obligations.

SERVLO uses cookies and similar tracking technologies to operate the platform and understand how it is used. We use the following types of cookies:

• Essential session cookies — these are required for authentication and to keep you securely logged in. They are set by our authentication provider (Supabase) and cannot be disabled without preventing you from accessing your account.
• Analytics cookies — these are used to collect aggregated information about how visitors use the platform, such as which pages are visited most frequently and how users navigate the application. This helps us improve the Service.

You can disable non-essential cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the platform. Your browser documentation will provide instructions for managing cookie preferences.

If you have any questions, concerns, or complaints about this Privacy Policy or about how we handle your personal information, please contact our Privacy Officer:

We will respond to all privacy enquiries within 5 business days.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by phone on 1300 363 992.