Legal

Privacy Policy

Last updated: 22 May 2026

traqR (“we”, “us”, “our”) is committed to protecting your privacy. This policy covers how we collect, use, and protect personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1

Information We Collect

1.1 Information You Provide Directly

Account & Identity

  • Full name
  • Email address
  • Phone and mobile number
  • Profile photograph

Employment Information

  • Job title and role
  • Employment type
  • Start / end date
  • Hourly and overtime rate
  • Employee ID

Personal Details

  • Date of birth
  • Residential address

Emergency Contact

  • Name, phone number, and relationship

Sensitive Financial Information

  • Tax File Number (TFN)
  • Superannuation fund name and member number
  • Bank account name, BSB, and account number

TFN and bank details are collected solely for payroll administration. They are encrypted at rest and never used for any other purpose.

Compliance Documents

  • Licences, certificates, right-to-work documents
  • Issue date and expiry date

Job & Work Data

  • Timesheet entries (date, hours, job)
  • Purchase orders and invoices
  • Task completions and job notes

1.2 Information Collected Automatically

Device & Usage Data

  • Device type, OS, app version
  • IP address and general location (country/city)
  • Features accessed and timestamps

Location Data (with your permission)

Precise GPS location is collected via the mobile app for job site check-ins. Location is only collected while the app is in use and is never tracked in the background.

1.3 Information From Third Parties

SupabaseAuthentication credentials and session tokens
StripeSubscription and billing data for business accounts
XeroJob financial data (if your organisation has connected Xero)
2

How We Use Your Information

PurposeLegal Basis
Creating and managing your accountPerformance of contract
Delivering platform featuresPerformance of contract
Processing timesheets and payroll dataContract / legal obligation
Sending shift, timesheet, and task notificationsLegitimate interest / consent
Verifying compliance documentsLegitimate interest / legal obligation
GPS check-in and attendance verificationConsent
Transactional emailsPerformance of contract
Improving the platformLegitimate interest
Complying with legal obligationsLegal obligation

We do not use your information for advertising, sell your data to third parties, or apply automated decision-making that produces legal effects without human review.

3

Disclosure of Your Information

Your Employer: Business administrators of your organisation can access your profile, timesheets, and compliance documents.

Service Providers

ProviderPurposeLocation
SupabaseAuth, database, file storageUnited States / EU
VercelWeb and API hostingUnited States
ResendTransactional emailUnited States
StripeSubscription billingUnited States
Apple APNsiOS push notificationsUnited States
Google FCMAndroid push notificationsUnited States
XeroAccounting integration (if enabled)NZ / Australia

We may also disclose information where required by law, court order, or regulatory authority.

4

Data Storage & Security

All data is stored on Supabase (PostgreSQL) and Vercel infrastructure with the following protections:

  • Encrypted in transit using TLS 1.2+
  • Encrypted at rest within Supabase's infrastructure
  • Access restricted to authenticated application processes and authorised personnel
  • Regular automated backups
5

Data Retention

Data TypeRetention Period
Active account dataDuration of your account
Timesheet and payroll records7 years (Fair Work Act / ATO requirement)
Compliance documentsUntil expiry + 2 years
TFN and bank account detailsDuration of employment record
Notification history90 days
Location dataNot persistently stored; real-time check-in only
Deleted account data30 days, then permanently deleted
6

Your Rights

Under the Privacy Act 1988 and the APPs, you have the right to:

Access: Request a copy of the personal information we hold about you. We will respond within 30 days.
Correction: Request correction of inaccurate or incomplete information.
Withdraw Consent: Withdraw consent for location access or push notifications at any time via device settings or in-app.
Complaints: Lodge a complaint with us first; if unresolved, escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.
7

Mobile App Permissions

PermissionWhy It's Needed
LocationGPS verification at job sites during check-in
CameraCapture photos of job sites, receipts, and documents
Photo LibraryUpload existing photos and compliance documents
Push NotificationsReceive alerts for shifts, timesheet updates, and tasks

All permissions can be managed in your device's Settings app at any time.

8

Children's Privacy

traqR is not intended for individuals under 16. We do not knowingly collect information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification, and the “Last Updated” date above will be revised. Continued use of traqR after changes are posted constitutes acceptance of the updated policy.

Contact Us

For privacy questions, access requests, or complaints, contact our Privacy Officer. We aim to respond within 5 business days.

📧 [YOUR PRIVACY CONTACT EMAIL]📍 [YOUR REGISTERED ADDRESS]📞 [YOUR PHONE NUMBER]

Prepared in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and the Privacy (Tax File Number) Rule 2015.