Why Us How It Works Integration Pricing Team Articles Book Free Consult
Login Sign Up
Legal & Privacy

Privacy Policy

Last updated: 1 August 2025  ·  Effective: 1 August 2025

Contents
1. Overview 2. Data We Collect 3. How We Use Your Data 4. Legal Basis (GDPR) 5. Data Sharing 6. International Transfers 7. Data Retention 8. Cookies 9. Your Rights 10. Children's Privacy 11. Security 12. Changes to This Policy 13. Contact Us

1. Overview

TasksMatic Pty Ltd (ACN 685 136 930 / ABN 56 685 136 930) ("TasksMatic", "we", "our", or "us") is an Australian private company registered in Victoria. We operate the platform available at tasksmatic.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

By accessing or using the Service you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service.

Summary: We collect only the information necessary to deliver our logistics automation platform. We do not sell your personal data. You have full rights to access, correct, and delete your data.

2. Data We Collect

2.1 Information You Provide

CategoryExamplesPurpose
Account data Name, email address, password (hashed) Authentication and account management
Business / company data Company name, ABN/business number, address, contact details Customer profile, invoicing, compliance
Payment data Credit/debit card details, billing address Processed securely by Stripe — we never store raw card numbers
Email & document content Emails connected via OAuth, attached shipping documents (PDFs, images) AI-powered workflow automation — extracting logistics data for processing
Configuration data API credentials for third-party integrations (e.g. CartonCloud), workflow settings Enabling integrations you configure

2.2 Data Collected Automatically

  • Usage data — pages visited, features used, actions taken, timestamps
  • Log data — IP address, browser type, operating system, referral URL, error logs
  • Device data — device type, screen resolution, language preferences
  • Cookies and similar technologies — session identifiers, preference cookies (see Section 8)

2.3 Data From Third Parties

  • Google OAuth — if you sign in with Google we receive your name, email address, and profile picture
  • Connected email accounts — emails and attachments from accounts you explicitly authorise via OAuth (Gmail, Outlook) or IMAP
  • Payment processors — transaction confirmations from Stripe

3. How We Use Your Data

  • Deliver the Service — process shipping documents, run AI workflows, integrate with your logistics systems
  • Account management — create and manage your account, authenticate users, handle billing
  • Communications — send transactional emails (password resets, invoices, workflow notifications), respond to support requests
  • Improvement — analyse usage patterns to improve performance, fix bugs, and develop new features
  • Security & fraud prevention — detect and prevent unauthorised access, abuse, and other security incidents
  • Legal compliance — meet obligations under applicable laws and regulations
  • Marketing (with consent) — send product updates or newsletters if you have opted in; you can unsubscribe at any time

We do not use your email content or shipping documents to train AI/ML models for any purpose other than processing your own workflows.

If you are located in the European Economic Area (EEA) or United Kingdom, we rely on the following lawful bases:

Processing activityLegal basis
Providing the Service and fulfilling our contract with youContractual necessity (Art. 6(1)(b))
Processing paymentsContractual necessity (Art. 6(1)(b))
Sending transactional emailsContractual necessity (Art. 6(1)(b))
Complying with legal obligationsLegal obligation (Art. 6(1)(c))
Security monitoring, fraud preventionLegitimate interests (Art. 6(1)(f))
Product analytics and service improvementLegitimate interests (Art. 6(1)(f))
Marketing communicationsConsent (Art. 6(1)(a))

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We share data only in the following circumstances:

5.1 Service Providers (Sub-processors)

ProviderPurposeData shared
StripePayment processingPayment & billing information
MailgunTransactional email deliveryEmail address, email content
Google Cloud / Aliyun OSSFile storageUploaded documents
Heroku / AWSCloud hosting & infrastructureAll data hosted on platform
Good Job (PostgreSQL)Background job processingJob payloads (may include document metadata)

All sub-processors are bound by data processing agreements and are prohibited from using your data for any purpose other than providing services to us.

5.2 Your Integrations

When you configure integrations (e.g. CartonCloud, Discord), we send relevant data to those services on your behalf. You control which integrations are active.

5.3 Legal Requirements

We may disclose data if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will provide notice before your data becomes subject to a different privacy policy.

6. International Data Transfers

TasksMatic is headquartered in Australia. Your data may be processed in countries outside your country of residence, including Australia, the United States, and Singapore, where our service providers operate.

For transfers from the EEA or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms, to ensure your data receives adequate protection.

7. Data Retention

  • Account data — retained for the life of your account plus 90 days after closure (to allow reactivation), then deleted
  • Email and document content — retained for 12 months after processing, then purged unless you request earlier deletion
  • Billing records — retained for 7 years to comply with Australian tax and accounting obligations
  • Log data — retained for 90 days for security monitoring, then deleted
  • Backup data — encrypted backups may persist for up to 30 additional days beyond the above periods

You may request earlier deletion at any time (see Your Rights below).

8. Cookies and Tracking Technologies

We use the following types of cookies:

TypeExamplesPurposeDeletable?
Strictly necessary Session cookie, CSRF token Authentication and security — the Service cannot function without these No (required)
Functional User preferences, locale Remember your settings between sessions Yes
Analytics Usage metrics Understand how the platform is used to improve it Yes

You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent you from using the Service.

9. Your Rights

Depending on where you are located, you may have some or all of the following rights:

📋

Access

Request a copy of the personal data we hold about you.

✏️

Rectification

Ask us to correct inaccurate or incomplete data.

🗑️

Erasure

Request deletion of your personal data ("right to be forgotten").

⏸️

Restriction

Ask us to limit how we process your data in certain circumstances.

📦

Portability

Receive your data in a structured, machine-readable format.

🚫

Objection

Object to processing based on legitimate interests or for direct marketing.

🤖

Automated decisions

Not to be subject to solely automated decisions that significantly affect you.

↩️

Withdraw consent

Withdraw consent at any time where processing is based on consent.

California residents (CCPA/CPRA): You have the right to know, delete, correct, and opt out of the sale or sharing of your personal information. TasksMatic does not sell or share personal information for cross-context behavioural advertising.

Australian residents (Privacy Act 1988): You may request access to, or correction of, personal information we hold about you under the Australian Privacy Principles.

To exercise any of these rights, contact us at privacy@tasksmatic.com. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before fulfilling a request.

If you believe we have not adequately addressed your request, you have the right to lodge a complaint with your local data protection authority.

10. Children's Privacy

The Service is not directed at children under 16 years of age (or the relevant age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Hashed and salted password storage (never stored in plain text)
  • Role-based access controls — employees access only data required for their role
  • Regular security reviews and penetration testing
  • Automated backups with encryption

No method of transmission or storage is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law (within 72 hours for GDPR purposes).

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice within the Service at least 14 days before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy enquiries within 5 business days.