Privacy Policy

Last updated: 6 June 2026

Who we are

Construct-it is operated by Adam (Construct-it Management Pty Ltd) and Ainsley, based in Brisbane, Queensland, Australia. We are the data controller for the personal information processed through this Service.

Contact us at info@construct-it.au for any privacy questions.

What information we collect

  • Account info: name, email, company name, password (hashed)
  • Project data: jobs, variations, claims, retention amounts you enter
  • Connected systems: when you connect Xero, we receive invoice/contact/bank data via OAuth
  • Usage data: log files, IP address, user agent, page views (for security + product improvement)
  • Payment data: handled by Stripe — we never see your card details

How we use it

  • To run the Service and let you manage your projects
  • To compute retention math, generate progress claims, and post invoices to Xero on your instruction
  • To send service emails (trial reminders, billing receipts, password resets)
  • To prevent fraud and abuse
  • To comply with legal obligations (e.g. 7-year retention of accounting records under AU law)

We do not sell your data, and we do not use it to train AI models.

Where it's stored

All data is stored in Sydney, Australia via Supabase (Postgres). Backups are encrypted and retained per Supabase's standard schedule.

Connections to third parties (Xero, Stripe) are over TLS. OAuth tokens are encrypted at rest using AES-256 with a key managed via Vercel env vars.

Your rights (Australian Privacy Principles)

You have the right to:

  • Access your personal information
  • Correct it if inaccurate
  • Request deletion (subject to legal-retention obligations)
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

Email info@construct-it.au and we'll respond within 30 days.

Cookies

We use first-party cookies for authentication (Supabase session) and the private-preview password gate. We do not use third-party tracking cookies.

Data retention

Active accounts: data is kept for as long as you have an account.

Cancelled accounts: data is preserved 60 days then soft-deleted. Audit logs and accounting records (claims, Xero invoice references) are retained for 7 years as required by Australian tax law.

Changes to this policy

We'll notify you at least 14 days before any material change takes effect, by email and by an in-app banner.