Expense tracking, GST & tax for Australian ABN workers.

Legal

Privacy Policy

Last updated: 31 May 2026 · Governing law: Australia

1. About this policy

TradieTax AI ("we", "us", "our") is committed to protecting your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).

This policy explains what personal information we collect, why we collect it, how we use and disclose it, how you can access or correct it, and how to make a complaint.

If you have any questions, contact us at privacy@tradietax.ai

2. What personal information we collect

We collect the following categories of personal information:

Account information: Email address, encrypted password.

Business details: Business name, trade/industry type, ABN, GST registration status, business address.

Financial records: Expense amounts, categories, dates, vendor names, GST amounts, income records, invoice amounts, client names and email addresses.

Uploaded documents: Photographs and PDFs of receipts, invoices and other financial documents you upload for AI processing.

Payment information: Subscription status. Card details are processed directly by Stripe and never stored on our servers.

Profile information: Full name, bank account details (optional, used for invoice payment details only), logo image.

Usage data: Pages visited, features used, device type, browser type, IP address, timestamps — collected for service improvement and security.

Communication data: Messages you send to our support team.

We collect this information when you register, use features of the service, upload documents, or contact support. We do not collect sensitive information such as health, racial or political data.

3. Why we collect your information (purpose of collection)

We collect personal information only for the following purposes (APP 3):

→Providing the expense tracking, income management, invoice and tax tools described in the service
→Processing receipt and invoice uploads using AI data extraction (OpenAI API)
→Generating PDF invoices containing your business details for you to send to clients
→Sending invoice emails to your nominated client email addresses on your instruction
→Calculating GST estimates, BAS summaries and tax estimates
→Processing subscription payments and managing your account
→Communicating with you about your account, service updates and security
→Complying with our legal obligations and protecting our legal rights
→Improving the accuracy of our AI and the features of the service (using anonymised aggregate data only)

We do not sell, rent or trade your personal information. We do not use your financial data for marketing to third parties.

4. Disclosure to third parties (APP 6)

We disclose your personal information to the following third-party service providers, solely for the purpose of delivering the service to you:

Supabase

Database, authentication and encrypted file storage. Your data is stored in Supabase's secure cloud infrastructure. Supabase is SOC 2 Type II certified. Servers may be located in the United States.

OpenAI

AI-powered data extraction from uploaded receipts and invoices. The content of your uploaded documents (images and text) is sent to OpenAI's API for processing. OpenAI does not use API input/output data to train its models. Data is processed in the United States.

Stripe

Subscription payment processing. Your payment card details are entered directly into Stripe's secure interface and are never transmitted to or stored on our servers. Stripe is PCI-DSS Level 1 certified. Data may be processed internationally.

Resend

Email delivery service for invoice emails sent to your clients, and service notification emails sent to you. Email addresses and email content are processed by Resend.

Vercel

Application hosting and global content delivery. Servers are located in multiple regions including the United States and Europe.

International data transfers (APP 8)

Some of our service providers (Supabase, OpenAI, Vercel, Stripe, Resend) are based in the United States. By using TradieTax AI, you consent to your personal information being transferred to and processed in the United States and other countries, which may have different data protection laws to Australia. We take reasonable steps to ensure these providers maintain adequate protections.

5. Cookies and local storage

TradieTax AI uses the following technologies to operate the service:

→Authentication cookies: set by Supabase to maintain your login session. These are essential for the service to function.
→Local storage: used to cache UI preferences such as theme settings.
→No third-party advertising or tracking cookies are used.
→No analytics cookies (Google Analytics, etc.) are used.

You can disable cookies in your browser settings, but this will prevent you from logging in to the service.

6. Data security (APP 11)

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. Our security measures include:

→HTTPS (TLS) encryption for all data in transit
→Row Level Security (RLS) on our database — your data is logically isolated from other users' data
→Time-limited signed URLs for file access (7-day expiry)
→Supabase SOC 2 Type II certified infrastructure
→Stripe PCI-DSS Level 1 certified payment processing
→Passwords are hashed and never stored in plain text

No method of transmission over the internet is 100% secure. While we implement industry-standard protections, we cannot guarantee absolute security.

7. Data retention (APP 11.2)

We retain your personal information for as long as your account is active or as needed to provide the service.

→Account data: retained while your account is active.
→Financial records: retained for the life of your account. The ATO requires individuals to keep tax records for 5 years — we recommend exporting your data before account deletion.
→Uploaded files: deleted within 30 days of account deletion.
→Anonymised usage statistics: may be retained indefinitely for service improvement.
→Payment transaction records: retained as required by Stripe's compliance obligations.

When you delete your account from Profile settings, your personal data and uploaded files are permanently deleted within 30 days. This action cannot be undone — export your data first.

8. Your rights (APPs 12 & 13)

Under the Australian Privacy Act 1988, you have the following rights:

Access (APP 12): Request a copy of the personal information we hold about you. We will respond within 30 days.

Correction (APP 13): Request correction of inaccurate, incomplete or outdated information. You can update most information directly in your Profile.

Deletion: Delete your account and all associated data at any time from Profile settings.

Complaint: Lodge a complaint with us if you believe we have breached the Australian Privacy Principles.

To exercise any of these rights, contact us at privacy@tradietax.ai. We will respond within 30 days.

9. Notifiable Data Breaches (NDB scheme)

Under the Privacy Amendment (Notifiable Data Breaches) Act 2017, if we become aware of a data breach that is likely to result in serious harm to individuals, we will:

→Notify affected individuals as soon as practicable
→Notify the Office of the Australian Information Commissioner (OAIC)
→Provide details of the breach and recommended steps to minimise harm

10. Children's privacy

TradieTax AI is intended only for persons aged 18 years or older who hold a valid Australian Business Number (ABN) or are authorised to use one. We do not knowingly collect personal information from persons under 18. If we become aware that a person under 18 has provided us with personal information, we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to our practices or legal obligations. We will notify you of material changes by email at least 14 days before they take effect, and update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance.

12. How to make a complaint (APP 1.4)

If you believe we have breached the Australian Privacy Principles, please contact us first:

Email: privacy@tradietax.ai

We will acknowledge your complaint within 5 business days and endeavour to resolve it within 30 days.

If you are not satisfied with our response, or we do not respond within 30 days, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: oaic.gov.au/privacy/privacy-complaints

Phone: 1300 363 992

Post: GPO Box 5218, Sydney NSW 2001