Privacy Policy

Introduction

Conkr (ACN 123 456 789) ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, "Services").

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as the General Data Protection Regulation (GDPR) for users in the European Economic Area.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not access or use our Services.

Data Controller

For the purposes of the GDPR, Conkr is the data controller of your personal information.

• Personal information: name, email, phone, business name, ABN
• Account credentials: password (hashed), authentication tokens
• Payment information: processed securely via Stripe (we don't store card details)
• Usage data: feature usage, login times, IP address, device information
• Customer data you input: job details, customer contacts, quotes, invoices
• Communications: emails, support tickets, SMS delivery logs
• Location data: if you enable technician tracking features

• To provide, maintain, and improve our Services
• To process payments and send billing notifications
• To send service updates, security alerts, and support communications
• To deliver SMS notifications to your customers (with your consent)
• To analyze usage patterns and improve user experience
• To comply with legal obligations (tax, regulatory requirements)
• To detect, prevent, and address technical issues or fraud

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• SOC 2 Type II certified infrastructure (Supabase, Vercel)
• Row-level security (RLS) policies in database
• Regular automated and manual security audits
• Two-factor authentication available for all accounts
• Employee access controls and confidentiality agreements

• Access your personal data we hold
• Correct inaccurate or incomplete information
• Request deletion of your personal data
• Export your data in a machine-readable format
• Opt out of marketing communications
• Make a complaint to the Office of the Australian Information Commissioner (OAIC)

• Data stored in Australia via Supabase (Sydney region)
• Some third-party services (Stripe, Twilio) may process data overseas
• We ensure appropriate safeguards for international transfers
• EU/UK users: Standard Contractual Clauses (SCCs) in place
• Your data is not sold to third parties

• Active accounts: Data retained while account is active
• Canceled accounts: Data retained for 30 days then permanently deleted
• Backup retention: Encrypted backups retained for 90 days
• Legal requirements: Some data may be retained longer if required by law
• Financial records: Retained for 7 years per Australian tax law
• You can request early deletion at any time

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data on the following legal bases:

• Performance of a contract: Processing necessary to provide our Services to you
• Legitimate interests: Improving our Services, fraud prevention, network security
• Legal obligation: Compliance with tax, accounting, and other legal requirements
• Consent: For marketing communications and optional features (you can withdraw consent at any time)

Your GDPR Rights (EU/UK Users)

If you are in the EEA or UK, you have the following rights:

• • Right to access: Request copies of your personal data
• • Right to rectification: Request correction of inaccurate data
• • Right to erasure: Request deletion of your data ("right to be forgotten")
• • Right to restrict processing: Request limitation on how we use your data
• • Right to data portability: Receive your data in a structured, machine-readable format
• • Right to object: Object to processing based on legitimate interests
• • Right to withdraw consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us at support@conkr.com.au. We will respond within 30 days.

Third-Party Service Providers

We use trusted third-party services to operate our platform. These providers have access to your information only to perform specific tasks on our behalf and are contractually obligated not to disclose or use it for any other purpose:

Data Breach Notification

In the unlikely event of a data breach that is likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Privacy Act. We will provide notification as soon as practicable after we become aware of the breach.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Services and store certain information. We use:

• • Essential cookies: Required for the Service to function
• • Preference cookies: Remember your settings and preferences
• • Analytics cookies: Help us understand how visitors interact with our website

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.

Marketing Communications

With your consent, we may send you marketing communications about new features, tips, or promotional offers. You can:

• • Opt out at any time by clicking the unsubscribe link in any email
• • Update your preferences in your account settings
• • Contact us directly to opt out

Even if you opt out of marketing, we will still send you service-related communications such as security alerts, billing notifications, and policy updates.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and sending you an email notification. You are advised to review this Privacy Policy periodically for any changes.