Privacy Policy

Last updated: 6 March 2026

1. Overview

SeismicCert AU ("we", "us", "our") is committed to protecting your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the SeismicCert AU platform.

2. Information We Collect

We collect the following categories of personal information:

  • Account data: Name, email address, company name, phone number, and role (builder or certifier).
  • Professional data (certifiers): Licence number, accreditation body, states of operation, and professional specialisations.
  • Project data: Building details, addresses, uploaded documents (plans, photos, reports), and certification records.
  • Payment data: Billing information processed by Stripe. We do not store full card numbers or CVV codes.
  • Usage data: Log data, IP addresses, browser type, and pages visited, collected automatically.

3. How We Use Your Information

We use your personal information to:

  • Provide, operate, and improve the SeismicCert AU platform
  • Facilitate the certification workflow between builders and certifiers
  • Process subscription payments and issue invoices
  • Send transactional notifications about your projects and account
  • Comply with legal obligations and resolve disputes
  • Detect and prevent fraud, abuse, and security incidents

4. Disclosure of Information

We do not sell your personal information. We may share your information with:

  • Certifiers and builders — project-specific information is shared between the parties involved in a certification engagement.
  • Service providers — including Supabase (database and storage), Stripe (payments), and hosting providers, under data processing agreements.
  • Regulatory authorities — where required by law or in response to a valid legal request.

5. Data Storage and Security

Your data is stored on servers located in Sydney, Australia (AWS ap-southeast-2 region). We implement industry-standard security measures including encryption at rest and in transit, role-based access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

6. Your Rights

Under the Australian Privacy Act, you have the right to access, correct, or request deletion of your personal information. To exercise these rights, contact us via the Help & Support page. We will respond within 30 days.

7. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. You may disable cookies in your browser settings, but this may affect platform functionality.

8. Contact

For privacy enquiries, contact our Privacy Officer at [email protected] or via the Help & Support page.