ERIKOAI PTY LTD (ABN 98 669 777 164) trading as Auditly Australia ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and store your personal information when you use our website at auditly.au (the "Website") and our related application and services (collectively, the "Services"). 

By accessing our Website or using our Services, you consent to the collection and use of your personal information as described in this policy. 

1. Information We Collect 

We may collect the following types of information: 

• Personal Information You Provide: 
• Account Details: Your name, email address, organisation name, and phone number when you create an account. 
• Billing Information: Payment details (such as credit card information) are processed securely by our third-party payment processors (e.g., Stripe, PayPal). We do not store full credit card numbers on our servers. 
• Compliance and Business Data: Information you input into the Services to generate policies and documents. This may include, but is not limited to: 
• Staff details (names, roles, qualifications) 
• Participant or client information (e.g., from intake forms) 
• Details about your business operations, services, and governance 
• Any other content you upload or generate within the Services ("Customer Data") 
• Information Collected Automatically: 
• Usage Data: We collect information about your interaction with our Website and Services, such as your IP address, device type, browser type, pages visited, features used, and the time and date of your visits. 
• Cookies and Tracking Technologies: We use cookies and similar technologies to analyse trends, administer the website, track users’ movements around the site, and to gather demographic information about our user base. You can control the use of cookies at the individual browser level. 

2. How We Use Your Information 

We use the information we collect for the following purposes: 

• To Provide and Maintain the Services: To create your account, provide customer support, process transactions, and generate the compliance documents and reports you request. 
• To Improve and Personalise Our Services: To understand how our Services are used, develop new features, and customise your experience. 
• To Communicate With You: To send you service-related announcements, technical notices, updates, security alerts, and administrative messages. With your consent, we may also send you marketing and promotional communications (you may opt-out at any time). 
• For Security and Protection: To monitor and protect the security of our Services, detect and prevent fraud, and verify your identity. 
• For Legal and Compliance Purposes: To comply with our legal obligations, resolve disputes, and enforce our agreements. 

3. Legal Basis for Processing (For GDPR Compliance) 

For users located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the context in which we collect it. We typically rely on: 

• Performance of a Contract: To fulfil our obligations under our Terms and Conditions with you. 
• Legitimate Interests: To operate and improve our Services, and for administrative purposes. 
• Consent: Where we have obtained your explicit consent, for example, for certain marketing communications. 

4. How We Share Your Information 

We do not and will not sell your personal information or your Customer Data to any third party. 

We may share your information in the following limited circumstances: 

• With Trusted Service Providers: We engage third-party companies to facilitate our Services (e.g., cloud hosting, payment processing, customer support, analytics). These providers have access to your information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose. 
• For Legal Reasons: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency). 
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, your information may be transferred to the new owners. 
• With Your Consent: We may share your information for any other purpose with your explicit consent. 

5. Data Security 

We implement industry-standard technical and organisational security measures designed to protect your information from unauthorised access, disclosure, alteration, and destruction. These measures include encryption of data in transit (using SSL/TLS) and at rest, strict access controls for our staff, and regular security monitoring and testing. 

6. International Data Transfers 

Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. For example, our primary cloud infrastructure may be located in Australia or other regions. 

If you are located outside Australia and choose to provide information to us, please note that we transfer the data to Australia and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. 

7. Data Retention 

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy, or as required to comply with our legal obligations, resolve disputes, and enforce our agreements. You can request the deletion of your account and associated data at any time (see "Your Rights" below). 

8. Your Privacy Rights 

Depending on your location, you may have the following rights regarding your personal information: 

• Access and Portability: The right to request a copy of the personal information we hold about you. 
• Correction: The right to correct inaccurate or incomplete personal information. 
• Deletion: The right to request the deletion of your personal information. 
• Restriction and Objection: The right to restrict or object to our processing of your personal information. 
• Withdraw Consent: Where we rely on your consent, you have the right to withdraw it at any time. 

To exercise any of these rights, please contact us at info@auditly.com.au. We will respond to your request in accordance with applicable law. Please note that we may need to verify your identity before processing your request. 

9. Children's Privacy 

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. 

10. Changes to This Privacy Policy 

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We will also provide a more prominent notice (e.g., via email or within the Services) for significant changes. 

11. Contact Us 

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at: 

Email: info@auditly.au 

Auditly was designed for NDIS providers, home care providers, small and medium businesses, and community organisations needing tailored, audit-ready policies.