Privacy Policy
Effective: [PLACEHOLDER — Ken to fill on first production release]
Last updated: [PLACEHOLDER — Ken to fill]
Version 1.0
Legal disclaimer: This policy was drafted using the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) as the primary framework. Before going to production, have an AU-admitted privacy lawyer review this document. Key review areas: cross-border disclosure clauses (APP 8), retention periods, the NDB response timeline, and any payment-data clauses added when payments are introduced. Budget AUD $1,500–3,500 for a one-time review. [VERIFY WITH LAWYER] markers indicate clauses requiring professional confirmation.
Your Rights — At a Glance
- Access: You can request a copy of your personal information at any time.
- Correction: You can correct your data in-app or by contacting us.
- Deletion: You can delete your account in Settings → Account → Delete.
- Opt-out of marketing: Unsubscribe at any time via in-app settings or the link in any marketing email.
- Complaints: Contact our Privacy Officer first; escalate to the OAIC if unresolved.
1. About This Policy
(APP 1 — Open and transparent management of personal information)
1.1 This Privacy Policy explains how Jobdun Pty Ltd (ABN: [PLACEHOLDER]) ("Jobdun", "we", "us", "our") collects, uses, stores, and discloses personal information.
1.2 This policy applies to all users of the Jobdun mobile app — Builders, Trades/Crews, and Admins — and to anyone who contacts us for support.
1.3 We are committed to managing personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1.4 Our Privacy Officer can be reached at: [PLACEHOLDER — privacy@jobdun.com.au]
1.5 This policy is available in-app (Settings → Legal → Privacy Policy) and linked from the registration screen.
2. What Personal Information We Collect
(APP 3 — Collection of solicited personal information)
We collect the following categories of personal information:
2.1 Identity Data
- Full name
- Date of birth (where provided for verification purposes)
- Copies of identity documents (where voluntarily submitted)
2.2 Contact Data
- Email address
- Mobile phone number (Australian format: +61)
- Business or home address (where provided)
2.3 Trade Verification Data
(Collected only from users who submit verification)
- Trade licence numbers and issuing authority (e.g., NSW Fair Trading, QBCC)
- Insurance certificates (public liability, professional indemnity)
- Australian Business Number (ABN)
- Business or trading name
- Qualifications and certifications
Register-confirmed business details. When you verify an ABN or licence, we
record a curated set of facts returned by the relevant public register — your
verified legal/entity name, ABN status, GST registration status, entity type,
and business state/postcode, together with the date the check was performed
("as at"). These are sourced from the public registers in clause 3.3, not typed
by you, and are shown as a "verified business" trust signal (see clause 6.1). We
retain the full register response as an internal audit record; it is not shown
to other users.
2.4 Profile Data
- Profile photo or avatar
- Trade specialties and skills
- Service area (suburb-level by default)
- Hourly rate or quoting preferences (optional)
- Portfolio images and project descriptions (optional)
- Ratings and reviews submitted by other users
2.5 Job and Application Data
- Job posts you create (as a Builder)
- Applications you submit (as a Trade)
- In-app messages between users
- Application status history
2.6 Technical Data
- Device identifier and model
- Operating system version
- App version
- IP address (collected at sign-in and key events)
- Crash logs and error reports (via Sentry — PII is scrubbed before transmission where technically feasible)
- Session tokens and authentication data
2.7 Location Data
- Approximate location (suburb-level): collected from your profile settings for job matching. You provide this directly.
- Precise location: collected only if you grant location permission for the "Jobs Near Me" feature. You can withdraw this permission at any time in your device settings.
2.8 Payment Data
Not collected at this stage. If payment processing is introduced, this policy will be updated with at least 30 days' notice.
2.9 Legal Acceptance Data
- Record of your acceptance of these terms (document type, version, timestamp, app version). Required for legal compliance and dispute resolution.
3. How We Collect Your Information
(APP 3 — Collection; APP 5 — Notification of collection)
3.1 We collect personal information directly from you when you:
- Register an account
- Complete or update your profile
- Submit verification documents
- Post a job or apply for one
- Send in-app messages
- Contact our support team
3.2 We collect information automatically when you use the app, including device and technical data (see clause 2.6).
3.3 We collect information from third parties only with your consent, for example:
- Google: if you sign in with Google, we receive your name and email address from Google's OAuth service.
- Apple: if you use Sign in with Apple, we receive your name and Apple-generated email (or relay address).
- Australian Business Register (ABR): when you submit an ABN for verification, we query the ABR's public web services and receive your business's registered details (entity name, ABN status, GST registration, entity type, business state/postcode).
- State licensing registers (e.g., NSW Fair Trading, QBCC): when you submit a licence for verification, we check the relevant state regulator's public register to confirm the licence details.
Submitting an ABN or licence for verification constitutes your consent to these checks.
3.4 This policy serves as our notification of collection as required by APP 5.
4. Why We Collect and How We Use Your Information
(APP 6 — Use or disclosure of personal information)
We use your personal information for the following purposes:
4.1 Primary Purposes (to operate the platform)
- Create and manage your account
- Verify trade licences and credentials
- Display your profile to other users
- Match Builders with relevant Trades and vice versa
- Facilitate in-app messaging
- Process job posts and applications
- Send transactional notifications (application updates, messages, job status changes)
- Provide customer support
4.2 Safety and Integrity
- Prevent fraud and abuse
- Investigate reports of prohibited conduct
- Comply with legal obligations and court orders
4.3 Platform Improvement
- Analyse aggregated, de-identified usage patterns to improve features
- Monitor app performance and fix errors (via Sentry crash reports)
4.4 We will not use your personal information for a secondary purpose that is unrelated to the primary purpose without your separate consent, except where required or permitted by law.
5. Direct Marketing
(APP 7 — Direct marketing)
5.1 We will only send you marketing communications (job alerts, platform updates, promotional emails, push notifications) if you have opted in at registration or subsequently in your account settings.
5.2 Every marketing email contains an unsubscribe link. You can also manage notification preferences in Settings → Notifications at any time. Withdrawal of consent takes effect within 5 business days.
5.3 Transactional messages — such as notifications about an application you submitted, a message you received, or a job you posted — are not considered "marketing" under the Spam Act 2003 (Cth) and may be sent without a separate opt-in, as they are directly related to your use of the service.
6. Who We Share Your Information With
(APP 6 — Disclosure; APP 8 — Cross-border disclosure)
We share personal information only as follows:
6.1 Other Users (necessary for platform function)
- Builders see your public Trade profile when you apply for a job.
- Trades see your public Builder profile and job posting.
- In-app messages are visible to both parties in the conversation.
- Ratings and reviews are visible to all users.
6.2 Third-Party Service Providers (subprocessors)
| Provider | Purpose | Region | Privacy Policy |
|---|---|---|---|
| Supabase Inc. | Database, authentication, file storage | US/EU (data may be stored in Singapore or Sydney — [PLACEHOLDER — confirm with Supabase support]) | supabase.com/privacy |
| Sentry | Crash and error monitoring | US/EU | sentry.io/privacy |
| Google LLC | Sign in with Google; Firebase Cloud Messaging (push); Google Maps | US/global | policies.google.com/privacy |
| Apple Inc. | Sign in with Apple | US/global | apple.com/legal/privacy |
6.3 We do not sell your personal information to third parties. Ever.
6.4 We do not share your information for third-party advertising or data broker purposes.
6.5 We may disclose your information where required by Australian law, a court order, or a lawful request from a regulator (e.g., OAIC, ACCC, AFP, state police).
7. Cross-Border Disclosure
(APP 8 — Cross-border disclosure)
7.1 Your data is primarily stored on infrastructure operated by Supabase Inc. Data may be stored in [PLACEHOLDER — confirm Supabase region: Singapore or Sydney] and processed in the United States and/or European Union by Supabase's subprocessors (AWS, Cloudflare).
7.2 Error logs are processed by Sentry, which operates in the United States and European Union.
7.3 If you use Google or Apple sign-in, your name and email are transmitted to and from Google's or Apple's servers in the United States.
7.4 Before disclosing your personal information to overseas recipients, we take reasonable steps to ensure the recipient handles it in a manner consistent with the Australian Privacy Principles. By accepting this policy, you consent to these cross-border disclosures. [VERIFY WITH LAWYER — the APP 8.2(b) consent carve-out vs. the APP 8.2(a) reasonable steps pathway]
8. Security of Your Personal Information
(APP 11 — Security of personal information)
8.1 We implement the following security measures:
- Row Level Security (RLS): All database tables have RLS policies enforced. Users can only access their own data except where the platform requires broader access (e.g., public profiles, job listings).
- Private storage buckets: Verification documents, insurance certificates, and ID documents are stored in private, access-controlled buckets. Access requires a time-limited signed URL generated per request.
- Authentication: Supabase Auth manages credential storage with bcrypt hashing. We never store passwords in plain text.
- Transport encryption: All data in transit uses TLS (HTTPS).
- Encryption at rest: Supabase storage and database use encryption at rest.
- Access logging: Admin access to sensitive data is logged.
8.2 No system is completely secure. If we become aware of a security incident affecting your data, we will notify you and, if required by the Notifiable Data Breaches (NDB) scheme, the OAIC — see clause 11.
9. Data Retention
(APP 11 — Security; APP 13 — Correction)
| Data Type | Retention Period | Reason |
|---|---|---|
| Active account data | While account is active | Operate the service |
| Deleted account — basic profile | 30 days post-deletion | Allow account restoration within grace period |
| Deleted account — in-app messages | 90 days post-deletion | Dispute resolution and legal claims |
| Verification documents (licences, insurance) | 7 years post-account deletion | Legal compliance, trade dispute history, regulatory requirements [VERIFY WITH LAWYER] |
| Crash logs (Sentry) | 90 days | Debugging and platform improvement |
| Database backups | Up to 30 days rolling | Disaster recovery |
| Legal acceptance records | 7 years | Legal compliance — proof of consent |
9.1 After retention periods expire, data is deleted or de-identified.
10. Quality of Personal Information
(APP 10 — Quality of personal information)
10.1 You can update most of your personal information at any time via your profile settings in the app.
10.2 For data you cannot edit directly (e.g., email address linked to a social sign-in), contact our Privacy Officer at [PLACEHOLDER — privacy@jobdun.com.au].
10.3 We do not independently reverify your personal details beyond what is described in clause 5 (Trade Verification), except where we have reason to believe information is inaccurate or misleading.
11. Access to Your Personal Information
(APP 12 — Access to personal information)
11.1 You have the right to request a copy of the personal information we hold about you.
11.2 To make an access request, email our Privacy Officer at [PLACEHOLDER — privacy@jobdun.com.au] with:
- Your full name
- The email address associated with your Jobdun account
- A description of the information you are seeking
- Proof of identity (a photo of your ID document)
11.3 We will respond within 30 days. In complex cases, we may request a 30-day extension and will notify you.
11.4 We may decline to provide access in limited circumstances permitted by the Privacy Act 1988 (Cth), such as where providing access would pose an unreasonable impact on another person's privacy or would prejudice law enforcement. We will explain any refusal.
11.5 We do not charge a fee for access requests.
12. Correction of Personal Information
(APP 13 — Correction of personal information)
12.1 You can correct most personal information directly in the app (profile settings).
12.2 If you believe we hold personal information about you that is inaccurate, out-of-date, incomplete, or misleading, and you cannot correct it in-app, contact our Privacy Officer.
12.3 We will take reasonable steps to correct the information within 30 days of your request. If we disagree with the correction, we will tell you why and note your request for correction alongside the relevant information.
13. Deletion of Account and Data
13.1 You can delete your account at any time in: Settings → Account → Delete Account.
13.2 Account deletion results in:
- Day 0–30: Soft-delete (your account is deactivated but recoverable). Your profile is no longer visible to other users.
- After 30 days: Hard-delete of profile data, job posts, and applications. Data is deleted except where retention is required by clause 9.
- Messages: In-app messages are deleted after 90 days (to allow dispute resolution).
- Verification documents: Retained for 7 years as described in clause 9.
- Legal acceptance records: Retained for 7 years.
13.3 To restore your account during the 30-day grace period, log in and follow the prompts.
14. Cookies and Tracking
14.1 Jobdun is a native mobile app. We do not use traditional browser cookies.
14.2 We use the following SDK-level identifiers and tracking:
- Supabase session tokens: stored securely on device to maintain your login session.
- Firebase Cloud Messaging (FCM) token: a device-level token used to send push notifications. Not linked to advertising.
- Sentry SDK: collects a device identifier for crash grouping. PII is scrubbed from crash reports where possible.
14.3 We do not use advertising networks, cross-app tracking, or third-party advertising SDKs.
15. Children's Privacy
15.1 Jobdun is not intended for use by anyone under 18 years of age.
15.2 We do not knowingly collect personal information from minors. If we become aware that a user is under 18, we will immediately suspend the account and delete any data collected.
15.3 If you believe a minor has created a Jobdun account, please notify us at [PLACEHOLDER — privacy@jobdun.com.au] immediately.
16. Data Breach Notification
(Notifiable Data Breaches (NDB) scheme — Part IIIC of the Privacy Act 1988)
16.1 If we become aware of a data breach that is likely to result in serious harm to you, we will:
- Promptly investigate the breach.
- If required, notify the Office of the Australian Information Commissioner (OAIC) within 30 days of the breach being assessed as notifiable. [VERIFY WITH LAWYER — confirm current NDB assessment timeline under the Act]
- Notify affected individuals as soon as practicable, including details of the breach and recommended steps to protect yourself.
16.2 To report a suspected security or privacy incident: [PLACEHOLDER — privacy@jobdun.com.au]
17. Your Privacy Complaints
(APP 1 — Complaints handling)
17.1 If you believe we have not handled your personal information in accordance with the Australian Privacy Principles, you may make a complaint.
Step 1 — Contact us directly:
Email: [PLACEHOLDER — privacy@jobdun.com.au]
We will acknowledge your complaint within 5 business days and respond within 30 days.
Step 2 — If unresolved, escalate to the OAIC:
Office of the Australian Information Commissioner
Website: oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
18. Changes to This Policy
18.1 We may update this Privacy Policy from time to time. For material changes (changes that meaningfully affect your rights), we will:
- Notify you via email at least 30 days before the changes take effect.
- Display an in-app banner linking to the updated policy.
- Require you to acknowledge the updated policy before continuing to use the app.
18.2 For minor clarifications, we may update the policy immediately.
18.3 The "Last updated" date at the top of this document indicates when it was last changed.
19. Contact Us
For all privacy enquiries:
Privacy Officer — Jobdun Pty Ltd
ABN: [PLACEHOLDER — Ken to fill]
Email: [PLACEHOLDER — privacy@jobdun.com.au]
Address: [PLACEHOLDER — Ken to fill]
Australian Privacy Principles Reference
| APP | Topic | Clauses in This Policy |
|---|---|---|
| APP 1 | Open and transparent management | 1, 17, 18 |
| APP 3 | Collection of solicited PI | 2, 3 |
| APP 5 | Notification of collection | 3.4 |
| APP 6 | Use or disclosure | 4, 6 |
| APP 7 | Direct marketing | 5 |
| APP 8 | Cross-border disclosure | 6.2, 7 |
| APP 10 | Quality of PI | 10 |
| APP 11 | Security of PI | 8, 9 |
| APP 12 | Access to PI | 11 |
| APP 13 | Correction of PI | 12 |
APPs 2, 4, and 9 are not directly applicable to Jobdun at this stage: APP 2 (anonymity) — Jobdun requires identity for safety reasons; APP 4 (unsolicited PI) — address if/when unsolicited PI is received; APP 9 (government identifiers) — not applicable unless TFN handling is added. [VERIFY WITH LAWYER]
Jobdun Pty Ltd — [PLACEHOLDER — ABN] — [PLACEHOLDER — privacy@jobdun.com.au]
Questions about this policy: ken@jobdun.com.au
See also: Delete your account