This Privacy Policy explains how Dravora collects, uses, and protects your personal information when you use CrediPocket.
1. INFORMATION WE COLLECT
1.1 Information You Provide
When you use CrediPocket, you may provide:
- Account Information: Email address and name
- Credential Documents: Photos or documents of training certificates and competency cards
- Credential Details: Type, number, issuing authority, issue date, expiry date
- Payment Information: Processed by Stripe (we do not store credit card details)
1.2 Automatically Collected Information
We automatically collect:
- Device Information: Device type, operating system, unique device identifiers
- Usage Data: App features used, frequency of use, crash reports, and diagnostics
- Push Notification Tokens: To send reminder notifications (delivery not guaranteed)
1.3 Information We Do NOT Collect
We do not collect:
- Location data or GPS coordinates
- Contact lists or phone contacts
- Camera or microphone data (except when you actively upload photos)
- Social media account information
2. HOW WE USE YOUR INFORMATION
CrediPocket helps you organize and track credentials for Site checks and onboarding with Expiry reminders and HTML export for convenient presentation. Not a verification service. Employers and RTOs remain responsible for verification.
We use your information to:
- Provide and maintain the CrediPocket service
- Store and organise your credential documents
- Send expiry reminder notifications (delivery not guaranteed)
- Generate document exports of your documents
- Process your payment
- Respond to your enquiries and support requests
- Improve service quality and reliability
- Send important service announcements
No Marketing: We do NOT send marketing emails, newsletters, or promotional content. All communications are service-related only.
3. DATA STORAGE AND SECURITY
3.1 Where Your Data Is Stored
Your data is stored using:
- Supabase: Database and storage hosted on servers located in Sydney, Australia
- Encryption: All data encrypted at rest and in transit using AES-256 and SSL/TLS
3.2 International Data Transfers
International Transfers: Your data is stored on Supabase servers located in Sydney, Australia. Some service providers may process or store data outside Australia, and by using CrediPocket you consent to those international transfers. Supabase maintains industry-standard security practices.
Other service providers may process or store data outside Australia:
- Stripe (Payments): Data may be processed in the United States
- Resend (Email Delivery): Email delivery data may be processed outside Australia
- Expo (Notifications): Notification tokens may be stored in the United States
4. WHO WE SHARE YOUR INFORMATION WITH
4.1 Service Providers
We share limited data with trusted service providers:
- Supabase: Database and storage (Sydney, Australia)
- Stripe: Payment processing (United States)
- Resend: Email delivery
- Expo: Push notification delivery (not guaranteed, United States)
No Data Selling: We do NOT sell, rent, or trade your personal information to third parties. Ever.
4.2 Legal Requirements
We may disclose your information if required to:
- Comply with valid legal processes (court orders, subpoenas)
- Protect rights, property, or safety of Dravora, users, or the public
- Investigate fraud or security issues
- Comply with Australian laws and regulations
5. YOUR RIGHTS UNDER AUSTRALIAN LAW
5.1 Access and Correction
Under the Australian Privacy Act 1988, you have the right to:
- Access your personal information
- Request correction of inaccurate information
- Request deletion of your information
- Export your data
- Withdraw notification consent (delivery not guaranteed)
- Complain to the Office of the Australian Information Commissioner (OAIC) if privacy concerns are unresolved
5.2 Account Deletion
You may request account deletion at any time by:
- Using the in-app account deletion feature, OR
- Emailing admin@dravora.com.au
Upon deletion, your account and all data will be permanently deleted within 30 days. Backup copies will be deleted within 90 days.
5.3 Push Notification Control
You can disable push notifications (delivery not guaranteed) at any time through app settings or device settings.
6. DATA RETENTION
- Active Accounts: Data retained while account is active
- Deleted Accounts: Data deleted within 30 days
- Backup Systems: Backup copies deleted within 90 days
- Payment Records: Retained for 7 years for tax compliance
7. DATA BREACH NOTIFICATION
In the event of a data breach that is likely to result in serious harm:
- We will notify affected users as soon as practicable
- We will notify the Office of the Australian Information Commissioner (OAIC) if required
- We will take immediate steps to secure systems
8. CHILDREN'S PRIVACY
CrediPocket is designed for adult trade professionals. We do not knowingly collect information from persons under 18 years of age.
9. COMPLAINTS
9.1 Internal Complaints
Contact us at admin@dravora.com.au with subject "Privacy Complaint". We will:
- Acknowledge within 7 days
- Investigate and respond within 30 days
9.2 External Complaints
Office of the Australian Information Commissioner (OAIC)
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au
10. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. Material changes will be notified via email or in-app message.
11. CONTACT
- Email: admin@dravora.com.au
- Business: Dravora
- ABN: 82 696 943 213
- Location: Adelaide, South Australia