Privacy Policy

This Privacy Policy applies to all personal information collected by us through the Platform, including information provided when you:

• Register for an account (as a Brief Owner, Provider, or Participant).
• Submit a brief, proposal, or other content.
• Use our matching and comparison tools.
• Contact us with enquiries or complaints.
• Browse or interact with the Platform.

We recommend reading this Privacy Policy together with our Terms and Conditions and Financial Services Guide.

We collect personal information:

• Directly from you — when you register, create a brief, submit a proposal, update your profile, or contact us.
• Automatically — through cookies, analytics tools, and server logs when you use the Platform.
• From third parties — identity verification services, public registers (e.g., ASIC, ABR), Google (if you sign in with Google SSO), and other sources where permitted by law.

We will only collect sensitive information (e.g., health, biometric data) with your explicit consent or where required or authorised by law.

We collect and use your personal information for the following purposes:

• To provide, operate, and improve the Platform and its services.
• To create and manage your account.
• To facilitate matching between Brief Owners and Providers.
• To process briefs, proposals, and platform transactions.
• To verify Provider credentials, licences, and insurance.
• To communicate with you about your account, briefs, proposals, and platform updates.
• To respond to enquiries, complaints, and support requests.
• To comply with our legal and regulatory obligations, including under the Corporations Act 2001, AML/CTF Act 2006, and ASIC requirements.
• To detect, prevent, and address fraud, security incidents, and technical issues.
• To conduct analytics and research to improve the Platform.
• For any other purpose disclosed at the time of collection or with your consent.

We will not use your personal information for direct marketing without your consent. You may opt out of marketing communications at any time by following the unsubscribe instructions or contacting us.

We may disclose your personal information to:

• Other Platform users — Brief Owners and Providers may see certain information shared through the brief and proposal process (e.g., name, business details, proposal content).
• Service providers — trusted third parties who assist us in operating the Platform, including cloud hosting, analytics, identity verification, and payment processing providers. These providers are contractually bound to protect your information.
• Professional advisers — lawyers, accountants, auditors, and insurers as necessary.
• Regulators and authorities — ASIC, AUSTRAC, the OAIC, law enforcement, or other regulatory bodies where required by law or to protect our rights.
• Related entities — our related bodies corporate (if any).
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.

We will not sell your personal information to third parties.

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include:

• Encryption of data in transit (TLS/SSL) and at rest.
• Secure password hashing (bcrypt).
• Role-based access controls for staff and systems.
• Regular security assessments and monitoring.
• Secure cloud infrastructure with industry-standard certifications.

While we take all reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee the absolute security of your information.

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Retention periods may be influenced by:

• Legal and regulatory requirements (e.g., financial records must be retained for at least 7 years under the Corporations Act 2001).
• The need to resolve disputes or enforce agreements.
• Legitimate business purposes such as analytics and service improvement.

When personal information is no longer needed, we will take reasonable steps to destroy or de-identify it.

The Platform uses cookies and similar technologies to enhance your experience. These include:

• Essential cookies: Required for the Platform to function (e.g., authentication, session management, security). These cannot be disabled.
• Analytics cookies: Help us understand how users interact with the Platform (e.g., Google Analytics). These collect anonymised usage data.
• Preference cookies: Remember your settings and preferences (e.g., theme, language).

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Platform.

Under the Australian Privacy Principles, you have the right to:

• Access — Request access to the personal information we hold about you.
• Correction — Request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information.
• Erasure — Request deletion of your personal information, subject to our legal obligations to retain certain records.
• Opt-out — Opt out of receiving direct marketing communications at any time.
• Complaint — Lodge a complaint about our handling of your personal information.

To exercise any of these rights, contact us using the details in the Contact section below. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

There is no charge for making an access or correction request, although we may charge a reasonable fee for providing access if the request is manifestly unfounded or excessive.

Some of our service providers (e.g., cloud hosting, analytics) may store or process data outside Australia. Where this occurs, we take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the APPs.

Countries where your data may be processed include [insert — e.g., United States, European Union member states]. By using the Platform, you consent to the transfer of your information to these countries.

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take reasonable steps to delete it promptly.

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

In the event of an eligible data breach under Part IIIC of the Privacy Act 1988(Cth), we will comply with the Notifiable Data Breaches (NDB) scheme. This includes:

• Conducting a reasonable and expeditious assessment of the suspected breach.
• Notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) if the breach is likely to result in serious harm.
• Taking reasonable steps to contain the breach and mitigate its impact.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be notified via email or a prominent notice on the Platform.

The "Effective date" at the top of this page indicates when the policy was last updated. We encourage you to review this policy periodically.

If you believe we have breached the Australian Privacy Principles or have a complaint about our handling of your personal information, please contact us using the details below.

We will acknowledge your complaint within 5 business days and investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

For questions, access requests, correction requests, or complaints about this Privacy Policy, please contact our Privacy Officer: