Privacy Policy for TradesField

Effective Date: 30 July 2025

TradesField Pty Ltd (ABN 41 686 483 536) (“TradesField”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in connection with our workforce management and onboarding platform (the “Services”). By using our Services, you agree to this Privacy Policy and our Terms of Service. This policy applies to both Client Users (staff or representatives of businesses using our platform) and Vendor Users (suppliers, subcontractors, or vendors invited to upload information).

1. Personal Information We Collect

We collect personal information to provide our Services, which help businesses onboard their workforce and detect potential issues efficiently. The types of information we collect depend on whether you are a Client User or a Vendor User.

1.1 Client Users

We collect the following personal information from Client Users (staff or representatives of businesses):

• Full name, email address, and password.
• Date of birth and certification identifiers (if provided).
• Billing information (e.g., organisation’s payment details for subscriptions).
• IP addresses and device information for audit and legal purposes.
• Additional fields as configured by your organisation’s admin (e.g., job titles or custom data).

1.2 Vendor Users

We collect the following personal information from Vendor Users (suppliers, subcontractors, or vendors):

• Names, email addresses, ABN, ACN, and addresses.
• Banking information (e.g., BSB, account number, bank statements).
• Certificate documents (e.g., insurances, licences), including certificate numbers and expiry dates.
• IP addresses and device information for audit and legal purposes.
• Additional information as configured by the Client User’s organisation admin.

1.3 Other Data

We collect additional data to improve our Services:

• Website Analytics: IP addresses, device information, and user activity (e.g., platform interactions) via analytics tools like PostHog and Koala.
• Feedback: Full name and email address when you provide feedback or reviews, though email addresses are not disclosed publicly.

2. How We Collect Personal Information

• Client Users: We collect information directly during signup, through platform use, or when accounts are created on your behalf by TradesField or another Client User. Additional data (e.g., IP addresses) is collected automatically via analytics tools.
• Vendor Users: We collect information when you submit data via an email invitation from a Client User or when your data is imported from an external integration (e.g., an ERP system).
• Anonymity: Due to the compliance-focused nature of our Services, Vendor Users cannot remain anonymous or use a pseudonym. Client Users may use an alias where practicable, but full identification is typically required for account management and billing.

3. Consent

• Client Users: You consent to this Privacy Policy by:
  • Clicking a checkbox during signup.
  • Paying an invoice referencing this policy (for accounts created on your behalf).
  • Using the platform (implied consent for onboarded users).
• Vendor Users: You consent by:
  • Completing a submission via an email invitation.
  • Having your data imported by a Client User, who warrants they have obtained your consent as per our Terms of Service.
• Ensuring Consent: Client Users are responsible for obtaining consent from Vendor Users before sharing their information (e.g., email addresses) with us, as outlined in our Terms of Service.

4. Purposes of Collection

We collect personal information for the following primary purposes:

• Onboarding vendors and integrating data with your ERP system.
• Verifying vendor information against external sources (e.g., ASIC, ABR, trade licence regulators like QBCC).
• Communicating with users (e.g., sending onboarding emails or alerts about issues).
• Managing billing and accounts.
• Improving our Services through analytics tools (e.g., PostHog, Koala).
• Maintaining audit logs for legal and compliance purposes.

We do not use personal information for marketing or promotional activities without explicit consent. If we send product updates to select Client Users, you can opt out by contacting [email protected].

5. Disclosure of Personal Information

We may disclose personal information as follows:

• Internal Sharing: Vendor User information is shared with Client Users within their organisation, based on configuration and permissions. Not all Client Users may have access, depending on settings. Vendor information is not shared with other clients or competitors.
• Third-Party Providers: We share personal information with third parties to provide our Services, including:
  • Stripe (USA) for payment processing.
  • AWS and Digital Ocean (Sydney, Australia) for data hosting.
  • Cloudflare for document storage and WAF services.
  • Australian Courts and government agencies (e.g., ASIC via Alares, ABR, trade licence regulators like QBCC, NSW Fair Trading, VBA, ESV, CBS, DMIRS, CBOS, Access Canberra, BPB) for verification.
  • OpenAI (USA) for document parsing and sentiment analysis.
  • PostHog and Koala (USA) for anonymised analytics.
  • Other government agencies for compliance checks, as needed.
• De-Identified Data: Where possible, we share only de-identified data (e.g., company legal name, ABN) with third parties for verification.
• Legal Requirements: We may disclose information to government bodies if required by Australian law (e.g., for investigations) or to maintain access logs.
• Analytics: Anonymised data is shared with Facebook and LinkedIn Pixel for analytics purposes.

6. Cross-Border Data Transfers

Some personal information is transferred to third parties in the USA, including:

• Stripe for payment processing.
• PostHog and Koala for product analytics.
• OpenAI for document parsing and sentiment analysis.

We ensure these providers comply with standards equivalent to the Australian Privacy Principles (APPs) through contractual agreements. All other data is hosted in Australia (Sydney region) via AWS and Digital Ocean.

7. Data Storage and Security

• Storage: Personal information is stored on secure servers in Sydney, Australia, via AWS and Digital Ocean.
• Security: Data is encrypted at rest and in transit using AES-256 encryption. We take reasonable steps to protect data from unauthorised access, misuse, or loss.
• Retention: We retain personal information for 7 years for legal, audit, and tax purposes, unless you request deletion earlier.
• Deletion: To have your data deleted or anonymised, contact [email protected]. We will process requests in accordance with Australian law.

8. Access and Correction

• Access: Client Users can access their personal information via the platform at admin.tradesfield.com. Vendor Users can access their information through submission invites sent by Client Users. There are no additional fees for access, beyond subscription costs.
• Correction: You can update your information directly via the platform. For corrections to third-party data (e.g., from ASIC or QBCC), contact your account representative or [email protected].
• Contact: For access or correction requests, email [email protected].

9. Complaints and Data Breaches

• Complaints: If you have a privacy concern, email [email protected]. We will respond within 30 days. If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
• Data Breaches: In the event of a data breach likely to cause serious harm, we will notify affected users and the OAIC within 72 hours, as required by the Notifiable Data Breaches scheme.

10. Children’s Privacy

Our Services are designed for business-to-business use and are not intended for individuals under 16. We do not knowingly collect personal information from children.

11. Feedback

If you provide feedback or reviews, we may associate it with your full name and email address to follow up for more information. Email addresses are not disclosed publicly, but we may quote feedback and reference your organisation’s name with your consent.

12. Disclaimer

While we take all reasonable efforts to ensure the accuracy and currency of data, we are not liable for inaccuracies in compliance data (e.g., from third-party sources like ASIC, ABR, or trade licence regulators). Users are responsible for verifying the accuracy of their data and ensuring compliance with relevant regulations.

13. Updates to This Policy

We may update this Privacy Policy to reflect changes in our Services or legal requirements. Updates will be posted at www.tradesfield.com/privacy, and we will notify you when you next access our platform. Continued use of the Services constitutes acceptance of the updated policy.

14. Contact Us

For questions, concerns, or requests regarding your personal information, contact us at:

• Email: [email protected]
• Website: www.tradesfield.com

You can download or save a copy of this Privacy Policy from our website. Thank you for trusting TradesField with your personal information.