Privacy Policy

SoloTrade - quoting, time-tracking and invoicing for solo tradies.

Effective date: 1 June 2026  ·  v3.8 (Added Australian Business Register / ABN Lookup web services disclosures for the optional subcontractor / TPAR ABN check: §6 third-party services list gains an ABN Lookup bullet describing what is sent, what is stored, and the government public-register / server-side-key handling.)

Earlier: v3.7 (25 May 2026) - V36.7 release deltas: new §5.9 covers V36.7 Compliance v2 - local-only encrypted licence-card photos (SQLCipher, 256-bit per-device key in Android Keystore / iOS Secure Enclave, photo bytes never leave the device) + opt-in AI scan that sends only the on-device ML-Kit-extracted text to Anthropic, per-tier monthly cap; §1 Voice → quote bullet corrected to disclose Android cloud-STT fallback on devices without on-device recognition; §5.5 expanded with the same Voice → quote cloud-fallback truth - speech recognition runs on-device on modern iOS / on-device-capable Android, but on older Android the OS may route audio to Google's cloud Speech-to-Text service.)

Earlier: v3.6 (23 May 2026) - V36 release deltas: §1 adds Voice → quote transcripts (transient, on-device STT, transcript only to Anthropic), Photo → quote OCR text (transient, on-device ML Kit), Payment Link (operator-pasted, embedded on the invoice PDF + public viewer), and the quote_reply_token + quote_reply_events surfaces that turn on if the operator enables V36.4 Email Reply Parsing; §5.2 Anthropic clause's bullet list extended for the new V36 AI surfaces, and the Anthropic API retention figure corrected from "up to 30 days" to "up to 7 days, with an opt-in 30-day extension available" - reflects Anthropic's API policy change of 14 September 2025; new §§5.5–5.8 added for Voice → quote, Photo → quote, Payment Link, and Email Reply Parsing (dormant by default); §6 sub-processor list extends Anthropic's purpose and adds Resend Inbound as a conditional sub-processor only active if Email Reply Parsing is enabled. v3.5 (18 May 2026) - Tax-hub release deltas: §1 expanded for vehicle records (incl. rego), working-from-home hours log, deduction-bundle audit log, and pinned-category overrides; §2 adds device-local working-from-home focus-time tracker; §6 Google Maps bullet replaced with itemised four-API breakdown including Places Autocomplete + Place Details; §9.1 adds the row-level retention lock that applies once a row has been included in a submitted deduction bundle; §10 discloses server-side OAuth refresh-token storage in Supabase Vault and the operator-private exclusion of vehicle rego from client-facing PDFs. v3.4 (16 May 2026) - §10 Encryption tiers clarified, distinguishing Supabase baseline at-rest encryption (covers ALL Storage buckets) from the additional per-user envelope encryption that Synced-mode receipt photos receive on top. v3.3 (14 May 2026) - V35 release deltas: Anthropic Claude added as a sub-processor for AI drafting / follow-up / Ask-job-history (5.2); §5 "no LLM" claim replaced with accurate AI disclosure; Bureau of Meteorology added; APNs + FCM push delivery added; vehicle logbook §3 restructured; §1 enumeration expanded for V35 surfaces.

1.Information you provide

When you create an account and use the Application, you may provide:

• Account details: email address and password (the password is hashed using a one-way function and never stored in plain text)
• Business profile: business name, trading name, ABN, phone number, business address, and logo
• Payment details (your own): BSB, bank account number, account name, and/or PayID - stored solely to populate payment instructions on your invoices. This information is never shared with any third party.
• Client records: your clients' names, business names, email addresses, phone numbers, and postal addresses - stored on your behalf so the Application can generate quotes and invoices for you (see §7a)
• Job and work records: quotes, invoices, time entries, job notes, and job photos
• Job site details: addresses and GPS coordinates of your saved job sites, plus any "pinned notes" you attach to a site (V35.7 site-based knowledge capture)
• Compliance credentials (V35.1): trade licences, insurance certificates of currency, RCD test certificates, and similar renewal records you choose to track. May include photos / PDFs of the underlying documents (uploaded to your private compliance-documents Supabase Storage bucket; see §10 for the per-user RLS / encryption guarantee).
• Subbie register (V35.10): if you engage subcontractors, the compliance records you track about them on their behalf (subbie's name, ABN, the documents you confirm they have). You act as the controller for that data and are responsible for the subbie's consent to your tracking under the Privacy Act + WHS chain-of-responsibility laws (see Terms of Service).
• SWMS PDFs (V35.11): Safe Work Method Statements generated from the 6 trade-specific templates. May name on-site workers, hazards, and emergency contacts you chose to include.
• Vehicle logbook (V35.3): ATO-compliant trip records (start/end odometer, dates, start/end addresses, distance, work-percentage, purpose, notes). See §3.3–3.4 for the alpha/beta distinction.
• Vehicle records (May 2026). Make, model, year, registration plate (rego), fuel type, and baseline odometer reading for any vehicle you choose to register for work-related claims. Rego is held privately on your account; it is never shown on client-facing quotes, invoices, SWMS, or warranty PDFs (see §10). Each trip in the Vehicle logbook (above) can optionally be attributed to one of your registered vehicles.
• Working-from-home hours (May 2026). One row per calendar date you log, recording the number of hours you worked from home that day, any free-text notes you attach, and whether you entered the row manually or accepted a same-day suggestion. We use this only to populate the ATO fixed-rate-method deduction worksheet at end-of-financial-year; it is never shared.
• Pinned expense categories (May 2026). When you tap "always categorise this merchant as X" on a receipt, we store the pinned (merchant pattern → category) pair on your account so future receipts from that merchant land in the right category automatically. The list is yours alone and can be cleared in Tax → Deductions → Settings → Pinned overrides.
• Deduction-bundle audit log (May 2026). When you export, email, share, or "Open myTax" a deduction bundle, we record an immutable audit row: the financial-year range, the format chosen (PDF / CSV / both), the destination (email / signed link / accountant email / myTax deep-link), the recipient address if you chose email, and the totals. We cannot edit or delete this row at your request because it is your defensible audit trail; if you believe an entry is inaccurate you can ask us to attach a statement of disagreement under Australian Privacy Principle 13.4 (see §8).
• Warranty records (V35.9): warranty terms you offer on completed jobs, surfaced on the public quote / invoice trust footer.
• AI usage log (V34.B, V36): per-month counts of AI drafting / Voice-to-quote / Photo-to-quote / Email-reply-parsing calls you make (used to enforce per-tier monthly caps; see Terms of Service §4 for the current cap table), plus a surface key (quote_line, followup_quote, quote_lines_voice, quote_lines_photo, quote_reply_parse) and the input/output token counts of each call. We do not store the content of what was sent to or returned from Anthropic.
• AI follow-up drafts (V34.C): generated draft emails sitting in your review queue, with the client first-name, quote/invoice number, and dollar total they reference. Drafts are deleted when you approve-and-send, mark "not interested", or after 60 days unsent.
• Voice → quote transcripts (V36.1, transient). If you tap "Voice add lines" on the quote create screen, your spoken memo (up to 90 seconds) is transcribed by your operating system's speech recogniser (Android SpeechRecognizer or iOS SFSpeechRecognizer via the expo-speech-recognition library). The audio is not stored by the App and is not uploaded to our servers. Important - speech recognition itself: on devices that support on-device recognition (modern iOS, recent Android with on-device packs installed) the audio is transcribed entirely on the device. On older Android devices the operating system may route the recognition request to its configured speech-recognition service - most commonly Google's cloud Speech-to-Text - in which case audio leaves the device for transcription by Google under their own privacy policy. SoloTrade does not control this routing; it is determined by your device's OS configuration. The resulting plain-text transcript is sent to Anthropic (see §5.2 and §5.5) to be structured into draft line items, then discarded - we keep only the structured line items you confirm.
• Photo → quote OCR text (V36.3, transient). If you tap "Photo add lines" on the quote create screen, the photo is processed on-device by Google ML Kit Text Recognition (the image itself is not uploaded). The extracted plain text is sent to Anthropic (see §5.2 and §5.6) to be structured into draft line items, then discarded - we keep only the structured line items you confirm. If you also want to keep the photo as a job attachment, you must attach it separately via Job Photos (which goes through the standard photo storage flow).
• Payment Link (V36.2). If you choose to paste a third-party payment link into an invoice (e.g. a Stripe Payment Link, Square checkout URL, or PayID address), we store the URL in invoices.payment_link and embed it on the invoice PDF and the public invoice viewer as a "Pay Now" button. SoloTrade does not process the payment - see §5.7.
• Quote reply tokens & reply events (V36.4 - DORMANT by default). If, and only if, you enable Email Reply Parsing (Settings, when available), each outbound quote email is sent with a unique-per-quote token in the Reply-To address; client replies received at that address are captured by Resend Inbound and stored in quote_reply_events with the AI's classification of the reply intent. See §5.8 for the full mechanic. Until you turn this on, no tokens are minted, no inbound emails are captured, and no reply events are stored.
• Voluntary feedback: messages you send through Settings → Help → Feedback or via email
• Free-text fields you fill in freely: custom expense category names, line-item descriptions, void-reason notes, time-entry edit reasons, and similar free-form text. We store this exactly as you typed it. Don't put information into these fields that you wouldn't want included in your own data exports or in PDFs you share with clients.

What we use this information for

We use your personal information only to:

1. provide and maintain the Application;
2. generate, send and store the quotes, invoices, and work records you create;
3. keep your account secure and detect fraud or abuse;
4. handle billing and subscriptions through Google Play (and, in future, the Apple App Store);
5. respond to your support requests;
6. meet our record-keeping obligations under Australian tax law; and
7. improve the Application by reviewing aggregate, de-identified usage.

We do not use your personal information for advertising, profiling, or any purpose unrelated to the Application.

Identifying yourself

A SoloTrade account is necessarily linked to a person operating an Australian business, so we cannot offer fully anonymous accounts. However, your clients who view a public quote or invoice link do not need to create an account, and we identify them only by the typed signature they choose to provide. This satisfies APP 2 (anonymity and pseudonymity) for the people we hold information about who are not themselves SoloTrade account holders.

Unsolicited information

If we receive personal information we didn't ask for and that we wouldn't have been entitled to collect under APP 3, we will, within a reasonable period, destroy or de-identify it (so far as it is lawful and reasonable to do so), in line with APP 4.

2.Information collected automatically

The Application may automatically collect device information including device type, operating system version, locale, and anonymous usage diagnostics to help diagnose errors and improve performance.

Crash and performance reporting (Sentry). From May 2026, unhandled exceptions and a sampled subset of performance traces are reported to Sentry (US-hosted with German fail-over) so we can diagnose bugs. Reports include the stack trace, app version, OS, and device class. We strip personally identifiable information before sending: email addresses, authorisation headers, cookies, and request bodies are removed by a pre-send filter that runs in the app before transmission. Sentry retains crash data for 90 days on our configured project, after which it is purged. You can opt out by force-quitting the app - there is currently no in-app toggle for crash reporting; that's a planned addition.

Voice notes (optional). If you record a voice note attached to a job or quote, the audio file (MP4/M4A) is uploaded to your private storage area in Supabase. Voice notes are not transcribed automatically and are accessible only to you.

Photo redaction (optional). If you use the redaction tool to permanently mask faces, ID numbers, or licence plates on a photo, the image and the redaction rectangles are sent to our redaction Edge Function on Supabase, which burns black fill into the image bytes (this is permanent - not a reversible blur) and returns the redacted version. The original is replaced; nothing is retained server-side beyond the redacted output.

In-app feedback / bug reports. If you submit feedback or a bug report from Settings → Help → Feedback, we automatically attach diagnostic context (app version + build, platform + OS version, device model, locale, time zone) so triagers don't have to chase it. The submission lands in our own analytics_events table in Supabase - it is not sent to a third-party support tool.

Push notifications. If you grant notification permission, the Application registers a device push token (Apple APNs on iOS, Firebase Cloud Messaging on Android) with our servers so we can deliver short reminders even when the app is closed. Current triggers are: compliance-credential expiry (e.g. "Insurance renewal in 7 days"), weather alerts on scheduled jobs, AI follow-up drafts ready for your review, and job-related operational reminders. Push payloads contain only short labels - detail loads from your account when you tap the notification. The token is stored in your account row; deleting your account or revoking notification permission in your device settings invalidates it. Email-based reminders (overdue invoices, quote-viewed pings, AI follow-up drafts you have approved for send) continue to be delivered via Resend (see §6); the actual sending of an AI follow-up email always requires your explicit per-message approval (see clause 5.2).

Audit and operational metadata. We keep small operational records that exist for compliance and to make the service work:

• a per-user access log of server-side reads/writes to receipts data (receipts.access_log; viewable to you under Settings → Privacy → Recent data activity);
• a notification ledger of every system email we sent you (notification_log; viewable under Settings → Notification history);
• your account lifecycle stage (account_lifecycle_state: active / billing_issue / lapsed / warned_90 / warned_180 / soft_closed) which drives the nightly billing-issue and lapse reminders;
• consent records (user_consents: which Privacy Policy and Terms version you accepted, when, and from which IP) retained for the lifetime of your account plus the period needed for Privacy Act and Spam Act audit defence; and
• (if you do not opt out at deletion time) a minimal post-deletion ABN tombstone so the same ABN can be re-linked if you re-register.

Device-local working-from-home suggestion (May 2026). To support the optional working-from-home suggestion card on your dashboard, the Application keeps a per-date count of how many minutes you have spent with SoloTrade in the foreground. This count is held only in your device's local AsyncStorage; it is not synced to our servers, not shared with any sub-processor, and not used for any purpose other than producing the daily prompt to log your working-from-home hours. You can clear it from Settings or by reinstalling the app. Disabling working-from-home tracking in Settings stops the count from being kept.

Subscription history. RevenueCat sends us a webhook each time your subscription state changes; we store the event in subscription_transactions for 7 years - 5 years to satisfy s 262A Income Tax Assessment Act 1936 plus a 2-year buffer aligned with ATO superannuation record-keeping under the Superannuation Guarantee (Administration) Act 1992. The stored event contains store, product id, period type, period start/end, and event type - no card numbers, no billing address, no real names.

Supabase platform-level logs. Our infrastructure provider Supabase maintains its own platform-level logs (caller IP, user-agent, request path, response status) of API calls to the database, Storage, and Edge Functions. We do not control Supabase's retention; see Supabase's privacy policy.

3.Location information

SoloTrade collects your device's location only when you have granted the relevant location permission, and only for the three specific purposes described below. Location is stored privately in your account; it is never aggregated across users, analysed for marketing, or sold. You can revoke location permission at any time in your device settings; the Application remains fully functional without it (manual-only mode).

3.1 Geofence clock-in / clock-out prompts

If you grant "while-using" location permission and have one or more saved job sites, the Application checks your distance to those sites to suggest clock-in and clock-out times when you arrive and leave. Coordinates are stored in your account history (viewable at Settings → Privacy → Location history; clearable from the same screen). Background location is only used while the app is installed and you have active job sites saved. The geofence radius is 150 m by default.

3.2 Weather-aware rescheduling

If you enable Weather alerts (Settings → Weather alerts), our daily 20:00 UTC scheduled job sends the latitude/longitude of each of your upcoming scheduled jobs (next 24–72 hours) to the Bureau of Meteorology's public forecast API. No personal identifier is sent - only the latitude/longitude. We surface an in-app + push alert if a severe-weather warning is in force for that location. See clause 5.5.

3.3 Vehicle logbook (alpha - manual entry only)

The vehicle logbook feature stores ATO-compliant trip records (start/end odometer, dates, addresses, distance, work-percentage, purpose, notes). In the current alpha, trips are manually entered by you; the Application does not auto-detect trips and does not collect continuous background location for this feature. CSV export is available for handover to your tax agent.

3.4 Vehicle logbook (beta - opt-in continuous background detection, not yet enabled)

A beta of automatic trip detection is being prepared. When the beta becomes available, you will be asked separately and explicitly to opt in. If you opt in, the Application will use continuous background location to detect trips when your vehicle moves, infer your home base, and pre-populate trip rows for your review. The beta is not yet enabled in this release. When it is, this clause will be updated and a 30-day notice will be issued before activation, in line with our notification-of-changes commitment (§13). You will be able to disable the beta at any time and revert to manual-only logging without losing your existing trip records.

3.5 What we still do not collect

• We do not collect continuous background location outside the three purposes above.
• We do not track your movement when no job site / scheduled job / vehicle logbook beta is active.
• We do not share or sell location data with any third party.
• We do not use location for advertising, profiling, or any analytics.
• We do not request "always-on" location permission for the alpha of the vehicle logbook - that permission is only requested if and when you opt in to the beta.

4.Receipt scanning & OCR

If you scan a receipt within the app, you control where the photo is stored. On your first scan you pick one of two modes (changeable any time in Settings → Receipts):

• Synced (default) - the photo is uploaded to your account and processed once by Google Cloud Document AI in the Sydney region (australia-southeast1) under a zero-retention configuration. After OCR completes (typically < 2 seconds), the photo is encrypted at rest using AES-256-GCM with a per-user key held in Supabase Vault, before any other process can read it (see §10). Receipt metadata (merchant, total, GST, suggested category) syncs across all devices on which you sign in.
• Private - the photo is stored only on your device, in encrypted local storage (SQLCipher). OCR runs on-device using Google ML Kit Text Recognition; no network call is made for the photo. Only structured metadata (merchant, total, category) syncs so reports keep working across devices. The photo never leaves the device.

You can pick a retention preference under Settings → Receipts → Retention (90, 180, 365 days, or indefinitely; default 365). The automated nightly sweep that deletes photos older than this preference is on the v1.x roadmap - it has not yet been implemented. Until that lands, your retention preference is recorded but not auto-enforced; if you want to remove receipt photos sooner than the default, you can delete them individually from the Receipts screen. The underlying expense row will be preserved for your accounting record either way. You can wipe your per-merchant categorisation history at any time from the same settings screen; pinned-category overrides (see §1) are cleared from a separate Pinned categories list under Tax → Deductions → Settings → Pinned overrides.

An optional EOFY working-paper PDF is available under Reports → EOFY. It aggregates your invoices and categorised receipts into a document you can hand to your registered tax agent. The working paper is not a tax return, BAS, or any form of lodgement - please review it with a tax agent before relying on it.

5.Artificial intelligence

The Application uses two machine-learning services, each narrowly scoped, each with what they receive limited to what is necessary for the specific feature:

5.1 Receipt OCR - Google Cloud Document AI

If you scan a receipt in Synced mode (clause 4 above), the photo is sent to Google Cloud Document AI in the Sydney region (australia-southeast1) for structured extraction of merchant, totals, GST, and line items. Receipt content is processed only for the duration of the API call and is not retained for training or other purposes, subject to the Google Cloud Data Processing Addendum and the AI/ML Service Specific Terms applicable to Document AI. If you choose Private mode instead, first-pass OCR runs on-device via the bundled ML Kit library and the photo never leaves your phone - Google's ML Kit Terms permit Google to collect anonymous library-performance metrics (operation timing, library version, device model) for the purpose of improving the library itself; that metadata is about the library's operation, not your receipt content.

5.2 AI drafting, voice/photo capture, and follow-ups - Anthropic Claude Haiku 4.5

If you use any of the optional AI-assisted surfaces, the Application calls Anthropic's API (Claude Haiku 4.5 model). Each call sends only the data necessary for the surface you are using:

• Quote-line description helper: your trade type, your chosen writing tone (Professional / Friendly / Tradie), and a short free-text prompt you type.
• AI follow-up drafts: the client's first name, the quote or invoice number, the dollar total, the issue/due date, and your business name + chosen writing tone. Sent only at the point a draft is generated for your review; no draft is ever sent to a client without your explicit per-message approval.
• Ask job history: a 24-month sweep of titles, descriptions, and notes from your own jobs, quotes, invoices, and job-notes that match your search query, plus the question you typed.
• Voice → quote line items (V36.1): the plain-text transcript of your voice memo (up to ~3 KB after a 90-second recording - see §5.5 for the on-device STT path) plus your trade type and writing tone. The audio itself is never sent.
• Photo → quote line items (V36.3): the plain-text OCR output from your photo (up to ~3 KB after on-device extraction - see §5.6) plus your trade type and writing tone. The photo bytes themselves are never sent.
• Email reply parsing (V36.4 - DORMANT, only active if you enable it): the body of a client's reply to one of your quote emails (up to ~8 KB after stripping quoted history), the subject and from-address of that reply, and minimal context about the quote (number, title, total, status). See §5.8 for the full mechanic and the opt-in gate.

We never send authentication credentials, payment data, photos, audio recordings, GPS coordinates, or your clients' contact details beyond first name. Anthropic processes your inputs in the United States. Anthropic's published API policy (as updated on 14 September 2025): customer API inputs and outputs are retained for up to seven (7) days for trust-and-safety review, then automatically deleted; commercial customers may opt in to a 30-day retention window via the Data Processing Addendum, or to zero-retention mode at the enterprise tier. Customer API content is not used to train Anthropic's foundation models - this is a contractual prohibition, not a setting we toggle. Our sub-processor disclosure at /subprocessors records Anthropic's role; the Anthropic Data Processing Addendum and Commercial Terms govern Anthropic's handling.

5.3 What we do not use AI for

AI drafting is operator-facing only. It produces draft text for you to review, edit, and approve. Nothing the AI produces is sent to a client or any third party without your explicit per-message approval. We do not use AI to make automated decisions that significantly affect your rights or interests - pricing suggestions, expense categorisation hints, and similar surfaces use deterministic rules engines that are identical for every user and that you can override at any time. We will update this policy if that changes, including the additional disclosures required by Schedule 1 of the Privacy and Other Legislation Amendment Act 2024 (Cth) when those automated-decision-making provisions commence on 10 December 2026.

5.4 Opting out of AI features

All AI features are opt-in or operator-toggleable:

• The quote-line helper sits behind a "✨ AI" pill - you only call Anthropic when you tap it.
• AI follow-up sequences are disabled by default; you must enable them in Settings → Follow-ups before any draft is generated.
• Ask job history is a separate tool you choose to open.
• The Voice → quote and Photo → quote pills (V36) are also tap-to-invoke - you only call Anthropic when you tap them and confirm the captured material.
• Email reply parsing (V36.4) is disabled by default and only activates after the operator turns it on; until then no inbound emails are routed through the parser.
• You can disable all AI features by turning off Follow-ups, leaving the AI pills untouched, and (when available) leaving Email reply parsing in its default off state. Document AI receipt processing is bypassed by choosing Private mode.

5.5 Voice → quote line items (V36.1, optional)

If you tap "Voice add lines" on the quote create screen, your spoken memo is transcribed by your operating system's speech recogniser via the expo-speech-recognition library - Android SpeechRecognizer or iOS SFSpeechRecognizer. The audio is not stored by the App and SoloTrade does not upload it to our servers.

Where the transcription happens depends on your device. On modern iOS (17+) and recent Android devices that support on-device recognition with the language pack installed, the audio is transcribed entirely on the device - it never leaves your phone. On older Android devices that do not have on-device recognition installed, the OS routes the speech-recognition request to the device's configured speech-recognition service - most commonly Google's cloud Speech-to-Text (part of the Google app). When that happens, the audio leaves the device en route to Google's servers and is processed under Google's privacy policy. SoloTrade does not control this routing; it is determined by your device's operating-system settings. If on-device recognition is a hard requirement for you, you can confirm your device supports it under Settings → Apps → Speech recognizer (Android) or by checking that Apple's on-device dictation is enabled (iOS).

The resulting plain-text transcript (up to ~3 KB after a 90-second recording) is then sent to Anthropic to be structured into draft quote line items - see §5.2 for what reaches Anthropic and on what terms.

The first time you tap "Voice add lines" the App shows a one-time acknowledgement reminding you that Australian surveillance-devices laws apply to recordings of private conversations. The rules are state-by-state - see Terms of Service §5.2 for the breakdown - and you remain responsible for obtaining any consent that your jurisdiction requires. SoloTrade is the tool, not the recorder.

Per-month usage caps apply (currently Free 3, Pro 75–100, Pro+ 400–500 transcripts per calendar month, depending on your subscription product). Counts are kept in the AI usage log described in §1; the content of your transcript is not.

5.6 Photo → quote line items (V36.3, optional)

If you tap "Photo add lines" on the quote create screen, you can capture or pick a photo (typically a handwritten estimate, supplier price list, or material tag). The photo bytes are processed entirely on your device by Google ML Kit Text Recognition - the same on-device library used for Private-mode receipt OCR (see §5.1). The image itself is not sent to Google's servers; ML Kit may collect anonymous library-performance metrics per its own terms (timing, version, device model), and nothing else.

The extracted plain text is then sent to Anthropic - see §5.2 - to be structured into draft line items, the same way Voice → Quote works. The photo is not auto-attached to your quote by this feature; if you want to keep it as a job record, use the separate Job Photos surface, which goes through the standard photo storage flow.

Per-month usage caps apply (currently Free 0, Pro 15–20, Pro+ 50–60 OCR-then-parse calls per calendar month). Counts are kept in the AI usage log; the OCR text and the photo are not retained.

5.7 Payment Link (V36.2, optional)

When you create an invoice you can paste your own payment link from a third-party provider - for example a Stripe Payment Link, a Square checkout URL, or a PayID address. We store this URL in invoices.payment_link (length 8–500 characters, validated as a URL) and embed it on:

• the invoice PDF emailed to your client, as a "Pay Now" button at the foot of the document; and
• the public invoice viewer at solotrade.com.au/i/<token>, as a "Pay Now" button on the page.

SoloTrade does not process the payment. When your client clicks "Pay Now" they leave the invoice and are taken to your provider's site. Any personal or payment information they enter there is handled by your provider under their own privacy policy - not ours. We do not see, record, or learn the outcome of the payment. We do not receive funds. We are not a payment facilitator and do not hold an Australian Financial Services Licence; we provide a tool to display the link you generated with your provider.

You are responsible for ensuring the link is correct and points to your own collection method. We strongly recommend testing the link in a private browser before sending the invoice.

5.8 Email reply parsing (V36.4, optional, off by default)

This feature is not active until the operator turns it on. While it is off, no client emails are routed through the parser, no reply tokens are minted, and no quote_reply_events rows are written. The skeleton described below is documented in advance so that if and when the operator enables the feature, this disclosure already covers it.

When enabled, outbound quote emails sent through the App carry a Reply-To address of the form reply+<token>@reply.solotrade.com.au, where <token> is a random 128-bit hex identifier unique to that quote. Replies sent to that address are captured by Resend Inbound (acting as a sub-processor for the inbound path; see §6) and forwarded to our Tokyo-region Edge Function, which:

• verifies the cryptographic signature on the inbound webhook (Svix HMAC-SHA256), discards anything that doesn't match;
• extracts the token from the to-address and looks up the matching quote;
• sends the reply body, subject, from-address and from-name to Anthropic - see §5.2 - together with minimal context about the quote (number, title, total, status), so the model can classify the reply intent into one of {approved, declined, changes requested, question, unclear};
• when the model's confidence is at or above 0.85 on an approved/declined classification, automatically updates the quote status; otherwise leaves the quote unchanged and queues the reply for your manual review;
• logs every parsed reply to quote_reply_events (described in §1) for your audit trail.

Important caveats:

• Only the first reply to a tokenised email is parsed. If you reply to your client from your own email account outside SoloTrade, the client's next reply may not be tokenised and so won't be auto-classified.
• Your client's reply body is sent to Anthropic in the United States. The same overseas-transfer notice in §11 applies. If your client's reply contains sensitive material you don't want sent overseas, you can keep this feature off - it is opt-in and off by default.
• Automatic quote-status changes can be manually reverted from the quote detail screen at any time. You remain responsible for the legal effect of a status change (for example, whether your acceptance of an "approved" classification creates a binding contract is a question for your own legal advice, not for the AI).
• Per-month usage caps apply (currently Free 50, Pro 250–300, Pro+ 1,500–2,000 inbound replies parsed per calendar month). Inbound emails received beyond the cap are still logged as "pending" rows but are not classified or auto-applied; you can review them manually.

5.9 Compliance v2 - licence-card photo + AI scan (V36.7, optional)

When you add or edit a compliance credential (trade licence, insurance certificate, white card, CPD certificate, vehicle registration, etc. - see Settings → Compliance), you can optionally attach a photo of the physical card or document.

Photos are stored locally on your device only - they never leave your phone. They are written into an encrypted SQLite database (using SQLCipher with a 256-bit random key per install). The key is held in your phone's secure keystore (Android Keystore with WHEN_UNLOCKED_THIS_DEVICE_ONLY accessibility / iOS Secure Enclave). The server stores only an opaque identifier (the local_photo_id column on compliance_credentials) - never the photo bytes. This means:

• We cannot see your licence-card photos. Neither can anyone with access to our database or backups.
• If you uninstall the App, lose your phone, or factory-reset, the photos are unrecoverable. That is the design - the privacy trade-off in exchange for "we cannot see them" is "you alone can see them, on the device that captured them". You can always re-photograph a card.
• If you log in to a second device, the photos do not follow you - they are local-only.
• Replacing or removing a photo from a credential soft-deletes the row in the local database; a housekeeping job purges soft-deleted rows after seven days.

You can also tap "✨ Scan card with AI" on the credential form. When you do:

1. The photo is processed on your device by Google ML Kit Text Recognition - the same on-device library as Voice → quote and Photo → quote. The image bytes do not leave the device.
2. The extracted plain text only (typically ~200–800 characters from a licence card) is sent to Anthropic - see §5.2 - to identify the credential type, licence/policy number, jurisdiction, issuer, issued/expiry dates, and any notes. The photo bytes are never sent to Anthropic.
3. The structured fields are returned to the App and pre-fill the form. You review and confirm them before they are saved.

Per-month usage caps apply (currently Free 1, Pro 3–4, Pro+ 10–12 AI scans per calendar month, calibrated to the realistic ~6–10 credentials a solo tradesperson typically holds over a career with 1–3 renewals per year). Attaching a photo without using AI scan is not capped - only the AI scan step is metered, because that is the only step with a per-call cost (Anthropic ≈ AU$0.003 per call). Counts are kept in the AI usage log; the OCR text and the photo are not retained server-side.

6.Third-party services

The Application uses the following third-party services, each with their own privacy policy. None is permitted to use your data for purposes outside the function described.

• Supabase - database, authentication, file storage, server-side functions ("Edge Functions"), and scheduled cron jobs for all app data. Hosted on AWS Asia Pacific Tokyo (ap-northeast-1). DPA at supabase.com/legal/dpa.
• RevenueCat - subscription state validation against Apple/Google purchase receipts (US infrastructure, AWS).
• Resend (legal entity Plus Five Five, Inc.) - transactional email delivery (US). Verified sending domain: solotrade.com.au. Resend Inbound (the inbound-receiving path for V36.4 Email reply parsing - see §5.8) is part of the same Resend service: it activates only if the operator turns on Email reply parsing, and processes inbound replies addressed to reply+<token>@reply.solotrade.com.au by signing them with a Svix HMAC and POSTing them to our Tokyo-region Edge Function.
• Sentry (Functional Software, Inc.) - crash reports and performance traces (US + Germany). DPA at sentry.io/legal/dpa. PII stripped before send. 90-day retention.
• Google Cloud - Document AI - OCR for Synced-mode receipts only (Sydney region australia-southeast1, zero retention).
• Google Cloud - Maps Platform - map tile rendering on map screens, and four address-resolution APIs called via our Tokyo-region Edge Functions: (i) Geocoding (when you tap "Find my address", we send the full address string you typed); (ii) Places Autocomplete (when you type into an address field with the Australia-biased suggestion list enabled, your partial address is sent on each keystroke after the third character); (iii) Place Details (when you select a suggestion, the suggestion's identifier is sent back to retrieve the full address); (iv) Maps SDK rendering (latitude/longitude bounds of the visible map). Autocomplete and Place Details calls are bundled under a per-session token (UUID) so Google bills them as one transaction; the token is not linked to your account identifier. Google does not receive your SoloTrade account identifier in any of these calls.
• Google Cloud - Drive API - only if you opt in to Drive Backup (Settings → Drive Backup). Scope is drive.file: only files our app creates in your Drive are visible to us; we cannot read your existing Drive content. Your refresh token is stored encrypted in Supabase Vault - see §10.
• Google Cloud - Gmail API - only if you opt in to "send as my Gmail" (Settings → Sending). Scope is gmail.send: we cannot read your inbox or contacts. Your refresh token is stored encrypted in Supabase Vault - see §10.
• Google Cloud - Play Integrity - anti-tamper signal that the app on your device is a genuine, unmodified install.
• Google ML Kit Text Recognition - on-device library used for (i) Private-mode receipt OCR, and (ii) the V36.3 Photo → quote line items flow (see clause 5.6). The image content stays on your device; the library may send anonymous library-performance metrics to Google (timing, version, device model) per the ML Kit Terms.
• Anthropic, PBC (US Public Benefit Corporation) - Claude Haiku 4.5 large-language model, used for: (i) the AI drafting surfaces in clause 5.2 (quote-line description helper, AI follow-ups, Ask job history); (ii) V36.1 Voice → quote line items structuring (clause 5.5); (iii) V36.3 Photo → quote line items structuring (clause 5.6); and (iv) V36.4 Email reply parsing classification (clause 5.8) when that feature is enabled. United States data residency. Anthropic API policy (updated 14 September 2025): customer inputs retained up to 7 days for trust-and-safety review (or up to 30 days with a DPA opt-in; zero-retention available at enterprise tier); customer content not used to train Anthropic's foundation models (contractual prohibition). Anthropic Data Processing Addendum and Commercial Terms in force.
• Bureau of Meteorology (Commonwealth of Australia) - optional weather-aware rescheduling (clause 5.5). Sent: latitude/longitude of your scheduled job. No personal identifier. Disable in Settings → Weather alerts.
• Australian Business Register - ABN Lookup web services (Commonwealth of Australia) - used only for the optional subcontractor / TPAR ABN check. When you check a subcontractor's ABN, our server-side Edge Function sends that ABN to the Government's ABN Lookup web service, which returns the entity's registered or business name and GST-registration status. ABN details are public-register information. No SoloTrade account or device identifier is sent - only the ABN being checked. We store only a status snapshot (for example "valid, GST-registered") against the subcontractor record so your TPAR report can flag ABN status; we re-query rather than rely on stale data and delete cached details if notified they have been withdrawn. The lookup uses a confidential access key held server-side. Governed by the ABN Lookup Web Services Agreement; disclaimer and privacy notices at abr.business.gov.au.
• Upstash - per-user request-rate counters used to protect our server-side functions from abuse (Sydney region with US fail-over; no user content; 60-second window).
• Netlify - hosts this static page (solotrade.com.au and solotrade.netlify.app) and the public quote/invoice landing pages. Standard web access logs only.
• Expo Application Services - app build pipeline and over-the-air bundle updates. No user content.
• Zoho Mail - operator's support inbox support@solotrade.com.au (Australian region).
• Apple App Store / Google Play - app distribution and in-app subscription billing. Push delivery uses Apple Push Notification service (APNs) on iOS and Firebase Cloud Messaging (FCM) on Android; payloads contain only short labels such as "Insurance renewal in 7 days", and detail loads from your account when you tap. Apple iOS launch is currently deferred; Android-only at the time of writing.

5.5 Optional weather-aware rescheduling

If you enable Weather alerts in Settings, our daily 20:00 UTC scheduled job sends the latitude/longitude of each of your upcoming scheduled jobs (next 24–72 hours) to the Bureau of Meteorology's public forecast API to check for severe-weather warnings, and surfaces an in-app alert if a warning is in force. No personal identifier is sent - only the latitude/longitude. BoM operates Commonwealth-controlled infrastructure under the Meteorology Act 1955.

Payment data

When you subscribe through Google Play (or, in future, the Apple App Store), Google or Apple acts as the merchant of record. They collect your payment details directly. SoloTrade does not see your card number, billing address, or financial account information; we receive only an anonymous receipt token from RevenueCat that confirms your subscription is current.

A complete sub-processor list with data residency for each is at /subprocessors. We do not use any third-party advertising network, behavioural-tracking pixel (Meta, TikTok, Snap, etc.), third-party web-analytics service (Google Analytics, Mixpanel, Amplitude, Segment, PostHog), session-replay tool (FullStory, LogRocket, Hotjar), or data broker.

6a.Where your data is processed

Your account data lives in Supabase's Tokyo region (Japan). Receipts processed in Synced mode pass through Google Document AI in Sydney (Australia) under the Service Specific Terms for AI/ML products. The Bureau of Meteorology forecast API runs on Commonwealth-controlled infrastructure in Australia. Other sub-processors operate from the United States (RevenueCat, Resend, Sentry, Anthropic, Expo Application Services, Netlify, Upstash US fail-over, Apple APNs, Firebase FCM), Germany (Sentry fail-over), Singapore (Google Play merchant of record for AU Android subscriptions), and India (Zoho's parent group).

Background processing. The Application performs some processing on a schedule even when you are not actively using it: a daily 20:00 UTC weather-alert check (clause 5.5), a daily 19:30 UTC service-reactivation check (V35.2), a daily compliance-credential expiry check (V35.1), and a 15-minute cron that generates AI follow-up drafts queued for your review (clause 5.2). All run inside our Supabase Tokyo Edge Function environment; only the surfaces described above call external sub-processors.

6b.Google API Services User Data Policy

SoloTrade's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7.Data sharing and disclosure

SoloTrade does not sell, trade, or rent your personal information. We have not sold or shared personal information for cross-context behavioural advertising in the preceding 12 months and we do not intend to. Your data may only be disclosed:

• As required by law (for example, in response to a valid court order, subpoena, statutory notice, or other binding legal process). We do not voluntarily share personal information with law enforcement or government agencies and we will, where lawful and practicable, give you advance notice of any such request.
• To protect the rights, safety, or property of SoloTradeOS, our users, or the public.
• To the third-party service providers listed above, strictly to operate the Application.

When you choose to email a quote or invoice to a client, the content of that document (including client details you have entered) is transmitted via Resend for delivery to the address you nominated.

CC and BCC recipients

When you add CC or BCC recipients to an outgoing quote or invoice, the email addresses you enter are sent to our email delivery provider (Resend) and recorded in your account's send history. You are responsible for ensuring you have permission to email those addresses; the Terms of Service prohibit using CC/BCC to add unrelated third parties.

Operator blind-copy

When you have set a business email address in Settings → Business profile, we automatically blind-copy that address on every quote and invoice you send via SoloTrade so you have a record in your own inbox. You can disable this by clearing the business email field.

Spam Act 2003 (Cth)

When you send a quote or invoice from the Application, you are the sender of that message for the purposes of the Spam Act 2003 (Cth). You are responsible for ensuring you have a basis to send it (consent, an existing business relationship, or that the message is a designated commercial electronic message under Schedule 1 of the Act, including a factual message containing your accurate sender details). Operational reminders we send to your account email - security alerts, billing notices, service announcements, and the like - are sent in our own capacity and contain a clear unsubscribe link where required by the Act.

7a.Your clients' information

When you enter information about your clients (their names, contact details, addresses) into SoloTrade, we hold that information on your behalf so the Application can generate quotes and invoices for you. You are responsible to your clients for the matters required by Australian Privacy Principle 5 - namely letting them know who holds their information, what it's being used for, and how to access or correct it. We do not send your clients marketing, never use their details to contact them ourselves, and never share their details with anyone outside the sub-processors listed in §6. If one of your clients contacts us directly about their information, we will refer them to you.

8.Your rights - access, export, correction, deletion

You have the right to access, correct, export, or delete your personal data at any time. In-app controls live under Settings → Privacy & your data. You can also email privacy@solotrade.com.au (or our general support inbox support@solotrade.com.au) and we will respond within 30 days.

• Export: Settings → Export My Data - produces six CSV files covering clients, quotes, invoices, variations, time entries, and expenses (the receipt photos themselves are excluded; you can save them per-receipt). The download is a complete copy of the records you've entered; once it's on your device it's outside our control - store it in a safe place and delete it when no longer needed.
• Delete: Settings → Account → Delete Account - two-step process with email confirmation. Deletion clears every receipts.* table row, every Storage object under your pseudonymous receipts path, and your per-user encryption key from Vault before the account row is removed. See /data-deletion for the full step-by-step.
• Correct: edit any record directly in the app. We will also take reasonable steps under APP 10 to ensure information we hold is accurate, up-to-date and complete, having regard to the purpose for which it is held.
• Access: request details of what we hold about you via email; we'll respond in line with APP 12.

Audit trail of accounting actions

To keep your accounting records defensible if a dispute arises, the Application records a small audit trail on certain accounting actions:

• Void invoices. When you void an invoice we record the moment you voided it and any reason you entered. The reason is stored alongside the invoice and appears in your CSV export. Don't include third-party personal information you don't need to keep.
• Edits to logged time. Editing a saved time entry requires a brief reason (≥4 characters) so the original and corrected values both stay defensible if disputed. The reason is stored on the entry and is visible in your CSV export.
• Quote edits. When you save an edit to a quote, the pre-edit version is preserved as an audit snapshot in a separate table so you can see what changed and when. The snapshot contains the same data you originally entered - no new categories of personal information are introduced.

9.Data retention

We retain personal information only for as long as it serves the purpose for which it was collected, except where we are required by law to keep it longer. The table below summarises retention for each category:

About the ABN tombstone. If you opt in at deletion time, we keep a four-field "tombstone" record (your former ABN, a SHA-256 hash of your former email, the deletion timestamp, and a re-registration counter) so that if you sign up again with the same ABN you don't have to rebuild your defaults. You can decline this at the moment you delete your account; if you decline, the tombstone is not written.

9.1 Five-year tax-records carve-out

Under section 262A of the Income Tax Assessment Act 1936 (Cth), Australian businesses must keep records that explain their tax position for 5 years from the date of the underlying transaction (or the date the relevant return is lodged, whichever is later). Quotes, invoices, expenses, vehicle logbook trips, and receipt records are likely to fall within that obligation for you as an operator. If you delete your account, our 30-day deletion process removes those records from our systems - so before you delete, please use Settings → Export My Data to download a full copy you can hand to your tax agent. The Application surfaces a reminder at the deletion step. We do not extend our own retention to match the 5-year rule; the record-keeping obligation is yours, and the export is the supported way for you to meet it.

9.2 Account-inactivity sunset

To prevent the indefinite retention of personal data after you have stopped using SoloTrade, we operate an inactivity sunset. If you have not signed in for 24 consecutive months, we email a "your account will be deleted in 90 days" warning to the address on file. You can keep the account by signing in (any sign-in resets the inactivity clock) or by replying to the warning email and asking us to extend. If we receive no response within the 90-day grace period, we run the full-deletion cascade described in clause 8.1 and the data-deletion page, and email you a confirmation. The five-year tax-records carve-out in clause 9.1 remains your responsibility - please use Settings → Export My Data before the grace window closes if you need a copy for your tax agent. We will publicly post the date this clause becomes operationally enforced (by a scheduled cron job) on our changelog page; until then, we run inactivity-sunset reviews manually on a best-efforts quarterly basis.

9.3 Row-level retention locks (May 2026)

Once an expense, vehicle trip, or working-from-home hours row has been included in a submitted deduction bundle (Settings → Tax → Deductions → Submit or share), that row is locked at the database level. You can still mark it deleted (it disappears from your active views) but the underlying record is preserved for the five-year tax-records period under section 262A of the Income Tax Assessment Act 1936 (Cth). You may also use the in-app correction tools to amend a locked row; if a correction is refused, we will give written reasons and, in line with Australian Privacy Principle 13.4, you can ask us to associate a statement with the record noting your view of its accuracy. Locked rows are removed when the underlying record-keeping period expires or when you delete your account (whichever is sooner) - account deletion overrides the row-level lock because the cascading delete operates with service-role privileges that bypass the per-row policy.

10.Security

All data is stored on Supabase infrastructure with Row-Level Security policies on every user-data table - meaning each user can only access their own data. Passwords are hashed and never stored in plain text, and Supabase Auth rejects sign-up with passwords known to have appeared in public breaches (HIBP integration).

All data is transmitted over encrypted HTTPS connections (TLS 1.2 or above). Supabase encrypts data at rest using AES-256, and our managed Postgres database in the Tokyo region inherits AWS's at-rest encryption.

Encryption tiers in detail. All Supabase Storage buckets - including job-photos, compliance-documents, business-photos, client-documents, and receipts - inherit Supabase's baseline at-rest encryption (AES-256 managed by the underlying AWS infrastructure in the Tokyo region). On top of that baseline, receipt photos in Synced mode receive an additional layer of application-level envelope encryption: each user has a unique 256-bit data-encryption key in Supabase Vault, and Synced-mode receipt photos are encrypted with that key using AES-256-GCM (12-byte IV, 16-byte tag) before being stored. Receipt photo paths are also pseudonymous (a UUID independent of your account identifier). The reason receipts get the additional layer is that Synced-mode receipt photos are processed through Google Document AI for OCR - the extra envelope encryption ensures the at-rest copy is opaque to anyone with raw bucket access. Job photos, business photos, client documents, and compliance documents currently rely on the baseline storage encryption plus Row-Level Security; per-user envelope encryption for those buckets is on the development roadmap (tracked as a defence-in-depth hardening item) but is not present today.

Compliance documents bucket. Photos and PDFs of trade licences, insurance certificates of currency, and similar compliance documents (clause 1, V35.1) are uploaded to a private Supabase Storage bucket compliance-documents. The bucket has a Row-Level Security policy that scopes reads and writes to the uploading user's ID - only you can list or download files under your own user-ID prefix. MIME types are restricted to image and PDF formats; per-file size is capped at 10 MB. If you choose to track a subbie's compliance documents (V35.10), those files are uploaded under your user-ID prefix and remain subject to the same RLS - they are not visible to the subbie themselves through SoloTrade unless you re-share them via another channel.

Authentication tokens on your device are stored in OS-level secure storage (iOS Keychain / Android Keystore) via expo-secure-store. Server-side rate limiting (Upstash) is enforced on every Edge Function that processes untrusted input (image redaction, PDF generation, OCR, geocoding). The full security posture, including our responsible-disclosure policy, is published at /security.

OAuth refresh tokens for opted-in Google services. If you connect your Gmail account ("send as my Gmail") or Drive Backup, Google issues us a long-lived refresh token in addition to the short-lived access token. The refresh token is stored encrypted in the Supabase Vault (vault.secrets), wrapped with our project key-encryption key, and is only readable through a SECURITY DEFINER server-side function that checks the calling user's identity. Short-lived access tokens are minted from the refresh token at send-time inside our Edge Function and never persisted. You can revoke the connection at any time from Settings → Sending (Gmail) or Settings → Drive Backup (Drive); revocation deletes the vault secret and the mapping row. Account deletion runs the same revoke automatically - confirmed in code at supabase/functions/delete-account/index.ts, which calls the purge_user_oauth_secrets() server-side function before the rest of the account-deletion cascade.

Vehicle registration plates and other operator-sensitive fields. Vehicle registration plates ("rego"), supplier cost margins, internal job notes, and similar operator-private fields are excluded by design from every client-facing rendering (quote PDF, invoice PDF, SWMS PDF, warranty card, public quote/invoice landing pages). They are stored on your account row only and are visible to you in the in-app screens that surface them.

While we take reasonable measures to protect your information, no system can guarantee absolute security.

11.Data breach response

If we become aware of facts suggesting unauthorised access, disclosure, or loss of your personal information, we will treat the matter as a suspected eligible data breach under the Privacy Act 1988 (Cth) Part IIIC and complete a reasonable and expeditious assessment within 30 days (s 26WH).

Where the assessment confirms an eligible data breach is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, in line with s 26WK. The statement we issue will contain the four elements required by s 26WK(3) of the Privacy Act:

1. Our identity and contact details - the SoloTradeOS business name, ABN, support and privacy email addresses, and the registered business address;
2. A description of the eligible data breach that we have reasonable grounds to believe has happened;
3. The kind or kinds of information concerned - drawn from the categories enumerated in clauses 1, 2 and 3 of this policy; and
4. Recommendations about the steps individuals should take in response - for example, password resets, monitoring for unauthorised activity, contacting their bank if payment details were exposed, or notifying their tax agent if accounting records were involved.

Where appropriate, we will also report to the Australian Cyber Security Centre. The OAIC's published guidance on assessing serious harm and producing the s 26WK statement is at the link below.

You can read more about the scheme on the OAIC's Notifiable Data Breaches page.

12.Children's privacy

SoloTrade is for adults operating an Australian business and is offered exclusively to users at least 18 years of age who hold an Australian Business Number (ABN). We rely on the ABN holding requirement to confirm adult use; we don't otherwise verify age. We do not knowingly collect personal information from anyone under 18.

If you believe a minor has created an account, contact privacy@solotrade.com.au and we will investigate and, where appropriate, delete the account. We are tracking the OAIC's forthcoming Children's Online Privacy Code (registration deadline 10 December 2026) and will update this policy if any of its requirements apply to us.

13.Changes to this policy

This Privacy Policy may be updated from time to time. Material changes will be notified by an in-app notification or by email at least 30 days before they take effect, where reasonably practicable, and we will prompt you to review the updated policy on your next sign-in. Your continued use of the Application after that point indicates your acceptance of the updated policy.

The current version, the effective date, and a record of prior versions are kept at the top of this page and in our consent log (user_consents) so you can always see what you accepted.

14.Contact & complaints

For any privacy questions or concerns, the privacy alias above is the fastest way to reach us. The general inbox is checked daily. Written correspondence by post is also accepted; allow longer for a response.

Complaints

If you think we've mishandled your personal information, email privacy@solotrade.com.au (or support@solotrade.com.au) with the subject line "Privacy complaint". We'll acknowledge within 5 business days and aim to resolve within 30 days.

If you're not satisfied with our response, you can escalate to the Office of the Australian Information Commissioner (OAIC):

• Online: oaic.gov.au/privacy/privacy-complaints
• Phone: 1300 363 992

15.Your rights under Australian law

Beyond your rights under the Privacy Act 1988 (Cth), you may also have rights under the statutory tort for serious invasion of privacy that came into effect on 10 June 2025. Nothing in this policy limits any rights you have at general law. The OAIC publishes background on the new statutory tort.

Voluntary application of the Australian Privacy Principles

SoloTradeOS is a sole-trader business below the Privacy Act small-business threshold (annual turnover under AU$3 million) and is therefore not automatically required to comply with the Privacy Act 1988 (Cth) or the Australian Privacy Principles (APPs). We have nonetheless chosen to voluntarily adopt the APPs as our standard of practice and to handle your personal information as if SoloTradeOS were a covered entity. This commitment is made publicly through this Privacy Policy; we have not (at the time of writing) lodged a formal opt-in notice with the Information Commissioner under section 6EA of the Privacy Act. We will update this section if we elect to do so.

Sub-processor changes

Where we add a new sub-processor that will handle your personal information (see /subprocessors for the current list), we will update that page in advance of the change taking effect. Australian privacy law requires transparency and accountability for cross-border disclosures (APP 8) but does not require your explicit consent before adding a sub-processor - unlike the GDPR. If you object to a particular sub-processor change, you can export your data and delete your account using the in-app deletion flow before the change takes effect.

Voluntary cyber-incident reporting

SoloTradeOS is below the Cyber Security Act 2024 (Cth) ransomware-payment reporting threshold (annual turnover under AU$3 million) and is not a critical-infrastructure operator under the SOCI Act. We will nonetheless voluntarily report any eligible cyber incident to the Australian Cyber Security Centre where appropriate, in addition to any notifications required under the Notifiable Data Breaches scheme (see §11).

Accessibility

We work toward conformance with the Web Content Accessibility Guidelines (WCAG) 2.2 Level AA, in line with the Australian Human Rights Commission's April 2025 guidelines under the Disability Discrimination Act 1992 (Cth). The Application has not yet been independently audited against WCAG 2.2 AA; we treat any reported accessibility barrier as a defect and prioritise it accordingly. If you encounter an accessibility barrier please contact support@solotrade.com.au.

Data export - formats

The in-app export under Settings → Privacy & your data → Export My Data currently produces CSV files for tabular records (quotes, invoices, time entries, and receipt metadata including merchant, GST, and ATO category). CSV is the default because it opens directly in Excel, Numbers, Google Sheets, Xero, MYOB and most accounting tools. Receipt photos and job photos are not included in the bundled CSV export - you can download individual receipt photos from the in-app Receipts screen, and individual job photos from the relevant job detail. A bundled ZIP archive of all photos and a machine-readable JSON export are both on the v1.x roadmap; if you need either before that lands, email privacy@solotrade.com.au.

Effective date: 23 May 2026 · v3.6 (V36 release deltas - see top-of-page change-log for the full summary). Supersedes v3.5 of 18 May 2026, v3.4 of 16 May 2026, v3.3 of 14 May 2026, v3.2 of 11 May 2026, v3.1.2 of 8 May 2026, v3.1.1 of 8 May 2026, v3.1 of 7 May 2026, v3.0 of 6 May 2026, v2.1 of 5 May 2026, v2.0 of 3 May 2026, and v1.0 of 20 April 2026. The current sub-processor list is published at /subprocessors; the current security posture is at /security; data deletion instructions are at /data-deletion.