Legal

Privacy Policy

Effective 14 May 2026 · v1.0

Plain English

We collect the minimum information needed to generate your compliance pack, store it on Australian infrastructure, never train models on your business data, and let you delete everything at any time.

1. Overview

PolicyPack Pty Ltd (ABN 00 000 000 000) (“PolicyPack”, “we”, “us”, “our”) operates the PolicyPack platform at getpolicypacks.com. This Privacy Policy describes how we collect, hold, use, and disclose personal information in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. What we collect (APP 3, APP 5)

We collect only personal information that is reasonably necessary for our functions. Categories include:

  • Account & billing. Trading name, ABN, contact name, email, billing address, last four digits of payment instrument (full card data is processed by our PCI-compliant payment provider and never reaches our servers).
  • Pack inputs. Industry, headcount, jurisdictions, services, hazards, brand assets, and document selections you provide via the build flow.
  • Usage telemetry. Aggregated and de-identified analytics about feature use to improve the product. We do not use behavioural tracking pixels.
  • Support correspondence. Emails, chat transcripts, and submitted feedback.

3. How we use it (APP 6)

We use personal information to:

  • generate, deliver, and version your compliance documents;
  • process payments and issue tax invoices;
  • monitor relevant regulatory changes and notify you;
  • provide customer support;
  • meet our legal obligations and protect against fraud.

We do not use your business inputs to train AI models. We do not sell your information to third parties.

4. Who we share with (APP 6, APP 8)

We share information only with vendors who help us deliver the service, bound by contractual confidentiality and security obligations:

  • cloud hosting (Australian region);
  • payment processing;
  • transactional email delivery;
  • regulatory monitoring data sources;
  • support and analytics tooling.

Where any vendor is located outside Australia, we will take reasonable steps to ensure the recipient does not breach the APPs.

5. Storage & security (APP 11)

Personal information is stored on Australian infrastructure with encryption in transit (TLS 1.2+) and at rest (AES-256). Access is limited to staff with a legitimate business need, controlled by SSO and role-based permissions, and logged. We periodically review and test these controls.

6. Retention

Single Pack data is retained for 30 days after delivery unless you upgrade to Vault or Subscription, in which case it is retained while your account is active. You can delete your workspace and associated data at any time. Some records may be retained for the period required by law (for example, tax records under the Income Tax Assessment Act).

7. Access, correction, complaints (APP 12, APP 13)

You may request access to or correction of your personal information by emailing privacy@policypack.au. We respond within 30 days. If you are dissatisfied, you may complain to the Office of the Australian Information Commissioner (oaic.gov.au).

8. Cookies

We use a small set of first-party cookies and local-storage entries for essential functions (authentication, theme preference, build-flow progress) and optional product analytics. We do not use third-party advertising cookies. See our cookies page for the full breakdown and to change your preferences at any time.

9. Children

PolicyPack is for businesses and is not directed to individuals under 16. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email and an in-app banner before they take effect.