Privacy Policy

(a) Our customers, the trade and service businesses and their team members who sign up; and (b) your customers, the people whose details you enter into the Service. For (b), you decide what is collected and why, and we process it on your behalf as your service provider.

• Account & business info: name, email, phone, business name, ABN, branding, and login credentials (stored securely; passwords are hashed).
• Billing info: processed by Stripe; we don’t store full card numbers.
• Your business data: bookings, jobs, quotes, invoices, customer records, photos, notes, schedules and (if you use ONARA Books) financial records you enter.
• Usage & technical data: log data, device/browser info, IP address, approximate location, and cookies needed to run the Service.

We collect information directly from you (when you sign up, set up your business, or use the Service), automatically (through your use of the Service), and from third parties such as our payment provider. Where reasonable and practicable, you may deal with us anonymously or using a pseudonym, though we generally can’t provide the Service without account details.

To provide, maintain, secure and improve the Service; to process payments and manage subscriptions; to provide support; to send you service messages; to send, on your instruction, messages to your customers; to detect and prevent misuse; and to meet our legal obligations.

We may send you information about features and offers. You can opt out at any time using the unsubscribe link or by contacting us. We do not use your customers’ information for our own marketing.

We don’t sell personal information. We share it with service providers who help us run the Service and are bound to protect it, including: Supabase (database & hosting), Stripe (payments), Resend (email), Twilio (SMS), and Google Maps(mapping & addresses). We may also disclose information where required or authorised by law, or to protect rights and safety.

Some providers (for example Supabase, Stripe and Google) may store or process data on servers outside Australia. Where we disclose personal information overseas, we take reasonable steps to ensure it is handled consistently with the APPs. [Confirm your Supabase project region and list the relevant countries here.]

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, including access controls, role-based permissions, and encryption in transit. No method of transmission or storage is completely secure, so we can’t guarantee absolute security.

If a data breach occurs that is likely to result in serious harm, we will respond in accordance with the Notifiable Data Breaches scheme under the Privacy Act, including notifying affected individuals and the OAIC where required.

We keep personal information for as long as needed to provide the Service and meet legal, tax and accounting obligations. If you close your account, we’ll delete or de-identify your information within a reasonable period, unless we’re required to retain it.

You can access and correct most information directly in the Service. You may also ask us to access or correct your personal information, or make a privacy complaint, using the contact details below. We’ll respond within a reasonable time (generally 30 days). If you’re not satisfied, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Where you enter your customers’ personal information, you are responsible for collecting it lawfully and for your own privacy obligations to them. We act on your behalf. If one of your customers contacts us about their information, we’ll generally refer them to you.

We use essential cookies to keep you signed in and run the Service. [If you add analytics or marketing cookies later, disclose them here and provide opt-out information.]

The Service isn’t intended for people under 18, and we don’t knowingly collect their personal information.

We may update this policy from time to time. We’ll post the updated version with a new effective date and, for material changes, give reasonable notice.

For privacy questions, access/correction requests, or complaints, contact us at privacy@onaraops.com.au.