Privacy Policy

Privacy Policy

Last Updated: November 2025

1. Introduction

CrossVault ("we", "us", or "our") is committed to protecting your privacy. Although we are a New Zealand-based company, we recognize our obligations under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) when handling personal information of Australian users.

2. Information We Collect

We collect information that you voluntarily provide to us when using our platform, specifically:

  • Account Information: Name, email address, and company details provided during registration.
  • Uploaded Content: Timesheets, rosters, and employment data you upload for analysis.
  • Usage Data: Information about how you interact with our services.

Important: Data De-identification

We strictly advise users to de-identify all timesheets and rosters before upload. Please remove names, Tax File Numbers (TFNs), addresses, and other personally identifiable information (PII) of employees. We do not require this information to perform award compliance analysis.

3. How We Use Your Information

We use your information solely for the purpose of:

  • Providing our award compliance and timesheet analysis services.
  • Improving the accuracy and performance of the specific features visible within our app.
  • Communicating with you about your account and service updates.

We do not sell your personal information to third parties.

Google User Data

CrossVault's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Specifically regarding Google User Data:

  • We only use data accessed via Google APIs (such as Google Drive files) to provide the specific features you have requested (e.g., analyzing timesheets).
  • We use Google user data only to improve the specific timesheet analysis features you see in CrossVault, not to develop general-purpose AI models or services.
  • We do not use this data for advertisements, re-targeting, or personalized marketing.
  • We do not transfer this data to third parties except as necessary to provide the feature (e.g., AI processing), for security purposes, or to comply with applicable laws.
  • We do not allow humans to read this data unless you have explicitly agreed to it for specific support purposes, or if required for security or legal reasons.

4. Data Security & Storage

We take the security of your data seriously and implement reasonable technical and organisational measures to protect it:

  • Location: Your data is stored securely on Amazon Web Services (AWS) servers located in Sydney, Australia (ap-southeast-2), ensuring data sovereignty.
  • Encryption: Data is encrypted in transit and at rest using industry-standard AES-256 encryption.
  • Retention: We implement an auto-delete policy for uploaded timesheets. Files are automatically permanently deleted from our servers 30 days after upload.

5. Disclosure to Third Parties

We may disclose your information to:

  • Service Providers: Third-party vendors who assist us in operating our platform (e.g., cloud hosting, AI processing), subject to strict confidentiality agreements.
  • Legal Requirements: If required by law or to protect our rights.

6. Your Rights

Under the Privacy Act, you have the right to access and correct your personal information. If you wish to exercise these rights, please contact us.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us at team@crossvault.app.