Privacy

Privacy Policy

How Tradie Assistant handles your data and privacy rights.

Last updated: 24 February 2026

Who we are

We’re Tradie Assistant Digital (“we”, “us”), the team behind Tradie Assistant. We help tradies quote, communicate, and find technical answers fast. We handle personal information under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy should be read with our Terms of Service.

Quick summary

  • We collect basic account info (like email), app usage, and content you choose to process (e.g., quotes or photos you upload for AI features). That content is sent directly to the AI provider to generate responses and is not stored or accessed by us, unless you choose Smart Assistant uploads (see below).
  • Photos you attach to Smart Tools (like Proposal & Estimate Builder, Invoice Generator, SWMS Generator, or Day Log) or Smart Vision are used only to generate your output and are not stored by us.
  • You retain ownership of the photos you upload and are responsible for ensuring you have the rights to use them.
  • Core providers: authentication/database on Supabase; billing via Stripe; AI features via OpenAI APIs.
  • We use essential cookies for sign-in/security and analytics tools (including GA4 and PostHog) to understand product usage.
  • When you contact us or submit the contact form, we store the details you provide to respond and keep support history.
  • We send transactional emails (e.g., account confirmations, password resets, billing notices, and support replies).
  • Your prompts and outputs stay private to your account. We don’t access or read them unless you explicitly share them with support or opt in to sharing an upload.
  • OpenAI’s API data is not used to train models by default; API logs are typically retained about 30 days for abuse/safety, then removed.
  • For “Smart Assistant”, files you attach can be indexed in a search index so the Assistant can find relevant passages. They persist until deleted or until an expiry policy applies.
  • You can request access/correction and ask us to delete your data where legally permitted.

The information we collect

  • Account details: email and basic profile to create and manage your account.
  • Usage & diagnostics: pages visited, basic device info, timestamps and events to keep things working and improve the product. We use Google Analytics 4 ("Google Analytics"/"GA4") and PostHog to understand how the service is used.
  • Security and anti-bot data: Cloudflare Turnstile checks form submissions and may process device/browser signals to help prevent abuse.
  • Content you provide: job details, materials, proposals, emails/replies, social captions, photos you attach to Smart Tools or Smart Vision, and (optionally) files you upload for “Smart Assistant”, plus generated exports (including PDF and Word .docx downloads for Smart Tools). Prompts and inputs for AI features are sent directly to OpenAI for processing; we don’t store or access them unless you choose a file-based Smart Assistant workflow.
  • Support and contact requests: details you submit via our contact form or support email (name, email, phone, company, message).
  • Transactional communications: delivery metadata for account, billing, security, and support emails.
  • Billing: handled by Stripe (we don’t store full card details).

Cookies and tracking technologies

  • Essential cookies (Supabase Auth): used to keep you signed in and protect your account.
  • Analytics (GA4): helps us understand traffic and usage trends.
  • Product analytics (PostHog): event analytics and product usage metrics using cookies and/or local storage.
  • Bot protection (Cloudflare Turnstile): security cookies and browser signals to reduce spam and automated abuse.

You can control cookies in your browser settings. Blocking essential cookies may prevent sign-in and core app features from working.

How we use your information

  • Run the service: sign in, security, performance and support.
  • Respond to you: handle contact requests, support inquiries, and service updates you request.
  • AI features you request: we send prompts and, if you attach them, photos or files to OpenAI’s API to generate answers. We don’t store or access your private prompts, photos, or outputs unless you share them with support. Smart Assistant file uploads are handled as described below so the feature can retrieve relevant passages. If you generate an export (PDF or .docx), it is created from your inputs and downloaded to your device.
  • Improve the product: aggregate analytics (not your private content) help us spot bugs and prioritise features, including reporting from Google Analytics 4 (GA4) and PostHog.
  • Payments: subscription purchase and management via Stripe.

Support & transactional communications

When you reach out via our contact form or support inbox, we collect and store the information you provide (such as your name, contact details, company, and message) so we can respond and keep a support record. We also send transactional emails that are required to deliver the service (for example, account confirmations, password resets, billing notices, and replies to your support requests). These service emails are separate from marketing communications and are only sent when needed to operate your account.

Stripe may also send required billing notifications directly (such as trial ending reminders, payment failures, or expiring card notices). These are mandatory service emails sent by Stripe and don’t include an unsubscribe option.

Where data is stored

  • App backend: Supabase Auth and Postgres store account and app data.
  • Payments: Stripe processes subscriptions and customer billing.
  • AI processing: OpenAI APIs process the prompts/files you choose to send for AI features.
  • Analytics: Google Analytics 4 (GA4) and PostHog help us understand usage trends and improve the service.
  • Hosting and infrastructure: Vercel hosts the web app and may process standard technical logs (such as IP address, browser details, and timestamps) to operate and secure the service.

These providers may operate in multiple countries. By using our AI features and subscriptions you consent to international transfers as needed to provide the service.

Automated decision-making and AI assistance

Tradie Assistant uses automated systems (including AI models) to generate drafts, troubleshooting guidance, and suggested outputs based on your inputs. These systems assist your workflow but do not make legally binding decisions for you. You remain responsible for reviewing and approving outputs before use in real jobs, customer communications, or compliance decisions.

AI specifics: OpenAI APIs, retention, and training

When you use AI features, the inputs you send (prompts, fields, and any files you choose to upload) are processed by OpenAI’s API on our behalf. OpenAI states that API/business inputs and outputs are not used to train models by default, and API logs are generally retained about 30 days for abuse/safety before removal (unless legally required to retain longer). If you require a stricter posture (e.g., zero-data-retention endpoints), contact us so we can discuss options supported by OpenAI. For more detail, see OpenAI’s Privacy Policy and Your Data documentation.

“Smart Assistant” and file search

If you use “Smart Assistant” to query manuals, guides or standards, the documents you attach can be uploaded and indexed in a retrieval system so the Assistant can find relevant passages quickly and cite pages where possible.

  • What we keep: references/metadata so your library works across sessions.
  • Third-party documents: ownership stays with the relevant publishers or manufacturers. We store filenames and metadata to retrieve passages on your behalf.
  • Shared library (optional): if you opt in to share an upload, we may add a sanitised, read-only copy into a shared library for other tradies.
  • What OpenAI keeps: a copy of the file and its indexed chunks for retrieval until deletion or expiry applies. Depending on how the retrieval index is created, the default may be “no expiry” or a limited lifetime (e.g., some thread-attached stores default to about 7 days after last activity). We may configure an expires_after policy for inactivity-based cleanup where appropriate.
  • Deleting files: removing a file from your library removes our reference; we also request deletion from the retrieval index. (Note: file deletion and index lifecycle are separate.)

Retention

  • Account & app data: kept while you have an account and for a reasonable period after closure (e.g., tax, fraud prevention, dispute resolution).
  • OpenAI API logs: typically removed after ~30 days by OpenAI.
  • Vector stores: persist until deleted; in some flows we may set expiry (e.g., after inactivity) to manage storage and privacy.

Security

We take reasonable steps to protect personal information against unauthorised access, modification, disclosure or loss, consistent with the Australian Privacy Principles. This includes encryption in transit (TLS), access controls, least-privilege practices, infrastructure monitoring, and platform safeguards such as Supabase row-level security where applicable.

Your choices & rights

  • Access and correction: request access to the personal information we hold about you and ask us to correct it.
  • Deletion: ask us to delete your account and associated data where legally permitted.
  • AI documents: remove files from your library to stop further use; we’ll also request deletion from the retrieval index.
  • Marketing: we don’t sell personal data. If we send product updates, you can opt out.

Data breaches

If a breach is likely to result in serious harm, we’ll assess and notify affected users and the Office of the Australian Information Commissioner under the Notifiable Data Breaches scheme.

Children

Our service is designed for working adults in the trades and isn’t directed to children under 18.

Changes to this policy

We may update this policy from time to time. We’ll post the latest version here and update the date above.

Contact

Questions or requests? Use our contact page or email hello@tradieassistant.app. We’ll respond as promptly as we can.

If you’re not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC): oaic.gov.au.

Third-party providers