Innitor Logo

Privacy Policy

Last updated: 3/15/2025

Introduction:
Innitor Pty Ltd (“we”, “us” or “our”) values the privacy of our clients and users. We are committed to protecting your personal information and complying with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) (Privacy Policy - Bringing health and aged care locum assistance to rural Australia). This Privacy Policy outlines how we collect, use, disclose, and protect personal information in the course of providing our IT consulting services, custom software development, and AI solution offerings. It also explains your rights and how you can contact us with questions or concerns.

By using our website or services, you agree to the collection and use of your information in accordance with this Policy. If you do not agree, please discontinue use of our services. We may update this Policy periodically to reflect changes in laws or our practices, and any revised Policy will be posted on our website with an updated date.

Scope

This Privacy Policy applies to all personal information collected by Innitor Pty Ltd in connection with our IT consulting, software creation, and AI solutions services. It covers information collected through our website, online or offline engagements, and any related tools or applications we use. This Policy is aimed at our clients (including B2B clients and their representatives), prospective clients, and website visitors. It does not cover personal information of Innitor Pty Ltd’s own employees or contractors, which is managed under separate internal policies. Additionally, our website may contain links to third-party websites or services (such as Stripe, Google, or SendGrid); this Policy does not apply to those external services, and we encourage you to review their privacy policies separately.

What Personal Information We Collect

We only collect personal information that is reasonably necessary for our business purposes or to enable us to provide services to you. The types of personal information we may collect include:

  • Contact Details: your name, email address, phone number, job title, and company name or business details.
  • Business Information: company contact information, ABN or business number, industry, and project-related information you provide to us.
  • Communication Records: emails, messages or call records, and any other information you choose to share when consulting with us.
  • Financial Information: billing or payment details (e.g. invoice address, transaction references). Payment card information is not collected or stored by us directly – it is handled securely by our payment processor (Stripe).
  • Website Usage Data: when you visit our website, we may collect information like your IP address, browser type, time and date of visit, pages viewed, and referring URL. This may be done through cookies or analytics tools (described below in Cookies and Tracking).
  • AI/Technical Data: if you use our AI solutions or software, we might process data you input into those systems. We will inform you and obtain appropriate consent if any personal data is processed by our AI tools. Generally, any such data will be treated with the same care as other personal information under this Policy.

We do not generally collect sensitive personal information (such as information about health, race, political opinions, or religious beliefs) as part of our services. In the unlikely event we need to handle any sensitive information, we will only do so with your explicit consent and in accordance with the law. We also do not knowingly collect personal information from children under 16, as our services are business-oriented.

How We Collect Personal Information

We collect personal information in several ways, including:

  • Directly from You: Most information is provided directly by you (or your authorized representatives) when you interact with us. For example, you might provide information when you: fill out a contact or inquiry form on our website; engage us for a consulting project; subscribe to our newsletter; request a demo; or communicate with us via email or phone.
  • Through Your Use of Our Services: We automatically collect certain data when you use our website or cloud-based software solutions. This includes technical data (IP address, device type, operating system, browser) and usage data (pages visited, actions on our site) captured through cookies and tracking technologies (see Cookies and Tracking below for details).
  • Third Parties and Your Organization: In some cases, we may receive your information from third parties. For example, if your employer or a partner company engages us, they might provide us with your contact details to coordinate on a project. We may also receive referrals or leads from our business partners with your consent. Additionally, if you interact with us on social media or other platforms, we might collect information from those interactions in accordance with the platform’s terms.
  • Payment Transactions: When you make payments for our services, you may provide information directly to our third-party payment processor (Stripe) rather than to us (see Third-Party Services below). In those cases, the collection happens via that service and is subject to their privacy practices.

Where practical, you have the option to deal with us anonymously or under a pseudonym (for example, when making a general inquiry). However, for most of our services and engagements, we need your real contact information and other details to effectively work with you. If you choose not to provide personal information that we request, we may not be able to offer the requested service or respond to your inquiry.

How We Use Personal Information

We use the personal information we collect for legitimate business purposes connected to our consulting and software services. This includes:

  • Service Delivery: to communicate with you and carry out our consulting projects, software development tasks, or AI solution implementations. For example, we use your contact and project details to understand your needs, provide advice, develop software tailored to you, and keep you updated on project progress.
  • Account and Payment Administration: to prepare proposals, quotes, and invoices; process payments for our services; and maintain business records. (Payment details are processed via Stripe – see below.)
  • Client Support: to respond to your inquiries, provide technical support or training for our software, and address any issues or feedback you have.
  • Improvement of Services: to analyze how our services are used and improve them. For instance, we might review website analytics to improve our site navigation, or use feedback to enhance our consulting approach. We may aggregate and anonymize usage data (so it’s no longer personally identifiable) for internal research and product development.
  • Marketing and Newsletters: to send you industry updates, thought leadership content, service offerings, or event invitations that may interest you, but only if you have consented to receive marketing (see Marketing Communications below).
  • Legal Compliance and Safety: to comply with legal obligations (such as financial reporting, or responding to lawful requests by authorities), and to enforce our agreements or protect our rights. For example, we may use or disclose information if necessary to prevent a threat to health or safety, or to investigate and address fraud or security issues.

We will only use your personal information for the purposes for which it was collected, or for related purposes you would reasonably expect. If we need to use your information for any purpose unrelated to the original collection, we will obtain your consent unless otherwise permitted by law.

Third-Party Services and Disclosures of Information

Innitor Pty Ltd does not sell or rent your personal information. However, in order to run our business and provide services, we share your information with a few trusted third-party service providers who perform functions on our behalf. We disclose personal information to these third parties only to the extent necessary for them to carry out their services, and subject to appropriate privacy and security obligations. Key third-party services we use include:

  • Stripe (Payment Processing): We use Stripe to handle online payment transactions. When you pay an invoice or make a purchase via credit card, your payment details (such as card number, billing address, etc.) are collected and processed directly by Stripe, not by us. Stripe may receive identifying information (like your name, email, and payment amount) to process the transaction. We do not store your full credit card information on our systems. Stripe’s systems are PCI-DSS compliant and Stripe’s Privacy Policy explains how they collect, use, and safeguard your payment data (Privacy and security of personal information submitted to Stripe : Stripe: Help & Support). You can review Stripe’s Privacy Policy on their website for more details on their data handling practices.

  • Google Analytics (Website Analytics): We use Google Analytics, a web analytics service provided by Google, to understand how visitors use our website. Google Analytics uses cookies and similar technologies to collect data about website use. The information generated by these cookies (including your IP address and browsing information) may be transmitted to and stored on Google’s servers in the United States or other countries (Cookies - Unity Insights). Google uses this information to provide us with reports on website usage and help us improve the site. We anonymize IP addresses where possible and do not collect personally identifying information through Google Analytics. You can opt-out of Google Analytics tracking by using the official Google Analytics Opt-Out Browser Add-on (Cookies - Unity Insights) or by adjusting your cookie preferences (see Cookies and Tracking). For more information, please refer to Google’s Privacy Policy and Google’s page on “How Google uses data from sites or apps that use our services.”

  • SendGrid (Email Campaigns and Communications): We use SendGrid (a service provided by Twilio) to send out email newsletters, updates, and important service emails. If you subscribe to our mailing list or we send you project-related emails, your name and email address are stored in our SendGrid account to facilitate those communications. SendGrid acts as our email delivery provider, and it may process your personal data (e.g. to transmit the email, manage bounces or unsubscribes). Emails sent through SendGrid may include tracking capabilities such as web beacons or unique links that tell us whether you have received or opened the email (Website Privacy Notice | Twilio). This helps us gauge engagement and improve our communications. Twilio, the parent company of SendGrid, maintains robust privacy and security measures (they are GDPR-compliant and were certified under Privacy Shield) (General Data Protection Regulation (GDPR) | SendGrid Docs - Twilio). You can review Twilio’s Privacy Notice for details on how your data is handled within the SendGrid service.

In addition to the above, we may disclose personal information to other third parties in certain circumstances, such as:

  • Service Providers and Partners: We may share information with other service providers who assist us in our operations (for example, IT cloud hosting providers, CRM or project management tools, accountants, or subcontractors working on our behalf). We only share what is necessary for them to perform their functions, and we contractually require them to protect the information and use it only for our purposes.
  • Legal Requirements: If required by law, court order, or government request, we may disclose personal information. For instance, we may need to provide information to regulators or law enforcement agencies. We will attempt to notify you of such disclosures when permitted.
  • Business Transfers: If our business undergoes a transaction such as a merger, acquisition, or sale of assets, personal information held by Innitor Pty Ltd may be transferred to the new owners or parties to the transaction, but will remain protected by this Policy (unless you’re notified otherwise and consent to any new policy).

Cross-Border Disclosure: Some of the third parties we use are located outside of Australia (for example, Stripe, Google, and Twilio/SendGrid may host data on servers in the United States or other jurisdictions). By using our services or engaging with us, you consent to the transfer of your personal information overseas for the purposes described above. When we disclose information to overseas recipients, we take reasonable steps to ensure your data is afforded protection equivalent to the Australian privacy standards. We rely on reputable providers that are GDPR-compliant or subject to equivalent data protection frameworks, and/or we incorporate standard contractual data protection clauses as needed to safeguard your information. Despite the overseas location, our agreements with these providers require them to handle your information in line with applicable privacy laws and this Policy.

Legal Compliance and Framework

Our privacy practices are designed to meet the requirements of Australian law and, where applicable, international laws like the EU General Data Protection Regulation (GDPR). In particular, we affirm the following:

  • Australian Privacy Law: Innitor Pty Ltd abides by the Privacy Act 1988 (Cth) and the Australian Privacy Principles. We ensure that we only collect, use, and disclose personal information in accordance with these principles (Privacy Policy - Bringing health and aged care locum assistance to rural Australia). This Policy addresses the key areas of the APPs, including openness about data handling (APP 1), giving individuals the option of anonymity where possible (APP 2), limitations on data collection (APP 3), dealing with unsolicited personal information (APP 4), notifying individuals about collection (APP 5), use and disclosure restrictions (APP 6), direct marketing rules (APP 7), cross-border disclosures (APP 8), government identifiers (APP 9 – not applicable as we do not use government IDs), data quality (APP 10), data security (APP 11), and access and correction rights (APP 12 & 13). We conduct periodic reviews of our privacy procedures to ensure continued compliance.
  • GDPR (EU General Data Protection Regulation): While our business is based in Australia, we may occasionally handle personal data of individuals in the European Union (for example, if an EU-based client or user interacts with us). In such cases, we aim to also comply with the GDPR. This means we will ensure a lawful basis for processing such data (e.g. your consent, or performance of a contract with you), and uphold the rights afforded to EU data subjects (such as the right to access, erasure, restriction of processing, and data portability – see Your Rights below). We have measures in place to facilitate compliance, and our third-party processors (like the ones mentioned above) are also GDPR-compliant. If there is ever a conflict between an applicable GDPR requirement and this Policy, we will act in accordance with the law and adjust our practices as needed.
  • Industry Best Practices: Beyond legal compliance, Innitor Pty Ltd follows industry best practices to respect privacy. This includes principles of data minimization (only collecting what we need), purpose limitation (not using data for unrelated purposes without consent), and accountability (training our staff on privacy responsibilities and monitoring compliance). We also align with relevant codes of practice or guidelines in the IT and software industry regarding data protection, where applicable.

Data Security

We take reasonable precautions to safeguard the personal information we hold from misuse, loss, unauthorized access, modification, or disclosure. Given the nature of our business, our data security measures are proportionate but continuously improving. Some of the key security measures we implement include:

  • Secure Storage: Personal information is stored on secure systems. We use reputable cloud service providers with data centers that have strong physical and electronic security. Access to these systems requires authentication (passwords, multi-factor authentication where possible).
  • Encryption: We protect data in transit by using encryption protocols. For example, our website and web services are secured via HTTPS/SSL encryption to protect data transmitted between your browser and our site. Sensitive data (such as payment details handled by Stripe) are encrypted end-to-end.
  • Access Controls: Internally, we restrict access to personal information strictly to personnel who need it to perform their duties (on a need-to-know basis). Our team members and any subcontractors are bound by confidentiality obligations. We review user access rights regularly and promptly revoke access when it’s no longer required.
  • Security Policies and Training: We maintain internal policies on data protection and cyber security, and we educate our staff about best practices (like using strong passwords, recognizing phishing attempts, and ensuring devices are secured). Employees are required to handle personal data in line with this Policy and our confidentiality standards.
  • Monitoring and Maintenance: We keep our software and systems updated with the latest security patches to mitigate vulnerabilities. We also utilize firewalls, anti-malware tools, and monitoring systems to detect and respond to unusual activities. In the event of any identified security incident or data breach, we have a response plan to contain and investigate the issue, and to notify affected parties and regulators as required by law.

While we strive to protect your information, please note that no method of transmission over the internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security. However, we continually assess and enhance our security measures to minimize risks. You can also help protect your data by ensuring any credentials you use with us remain confidential and by alerting us immediately if you suspect any unauthorized access to your or our accounts.

Data Retention

We retain personal information for only as long as it is needed to fulfill the purposes for which it was collected, or as required by law or legitimate business interests. Our retention practices are as follows:

  • Client and Project Data: If you become a client, we will retain your contact information and project-related data for the duration of our business relationship. After completion of a project or contract, we generally keep the information for a period of time in case you return for new services, for our own reference on the work performed, or as needed for legal record-keeping. Typically, basic contract and invoicing records will be retained for at least 7 years (in line with Australian tax and accounting record requirements). Operational communications may be kept for a similar period.
  • Prospective Client Inquiries: If you contacted us for information but did not ultimately engage our services, we may keep your inquiry and contact details for a shorter period (e.g., 1–2 years) in case you decide to proceed later or to follow up on your interest. You can request us to delete this information sooner if you wish (see Your Rights below).
  • Marketing Subscription Data: If you have subscribed to our newsletter or marketing emails, we will keep your contact details on our mailing list until you opt-out or unsubscribe from those communications. If you unsubscribe, we may retain your email address in a suppression list to ensure we respect your choice and do not email you again inadvertently.
  • Website Logs and Analytics: Our web server logs and analytics data are generally retained for a limited period (often 26 months by Google Analytics default) to allow us to review site performance and trends. We may retain aggregated analytics information (which is not personally identifiable) indefinitely for historical analysis, but any user-level data is either deleted or anonymized after the retention period set in our analytics tools.
  • Legal Requirements: In certain cases, we may need to retain data for longer periods if required by applicable law, regulation, or contractual obligations. For example, if a dispute arises or we receive a legal hold notice related to information, we will retain the relevant data until the issue is resolved and we are legally permitted to delete it.

When personal information is no longer needed for the purpose for which it was collected, and we are not legally required to retain it, we will take reasonable steps to destroy or de-identify the information in accordance with APP 11 (which calls for secure disposal of data no longer required) (Overview of Privacy Law in Australia - Hall & Wilcox). We regularly review the data we hold and erase or anonymize personal data that is no longer necessary. Please note that backup archives might retain copies of data for a certain period, but we have processes to eventually purge or encrypt old backups as well.

Your Rights to Access and Control Your Information

We respect your rights to know about and control the personal information we hold about you. Below is an overview of your key rights and how you can exercise them:

  • Access to Your Information: You have the right to request a copy of the personal information we hold about you (Chapter 12: APP 12 Access to personal information - OAIC). You can make an access request by contacting us (see Contact Us section). We will need to verify your identity before releasing data to ensure we don’t disclose it to the wrong person. We will respond to your request within a reasonable time (usually within 30 days). In general, we will provide the information free of charge, but if your request is unusually extensive, we may charge a reasonable fee to cover retrieval costs (we will inform you of any fee and get your agreement before proceeding). There are some legal exceptions to access – for example, if providing access would unreasonably impact someone else’s privacy, or if it relates to legal proceedings – but we will advise you of any such grounds if they apply.

  • Correction of Your Information: We take reasonable steps to ensure that the personal information we hold is accurate, up-to-date, and complete. If you believe any information we have about you is incorrect or out of date, you have the right to request that we correct it (Understanding APP 12 and 13 | de.iterate Support Center). You can contact us with the details of the correction needed, and we will promptly update our records. If we are unable to fulfill a correction request (for instance, if we disagree that the information is wrong), we will let you know why and, if required by law, we will note on our records that you claimed the information was inaccurate.

  • Deletion (Right to be Forgotten): In certain circumstances, you may request that we delete the personal information we hold about you. For example, if you are a past client or newsletter subscriber and you no longer want us to have your details on file, you can ask us to erase them. We will do so provided we do not have an overriding obligation to retain the data (such as a legal requirement or an ongoing legitimate business purpose). If we cannot delete, we will discuss the reasons with you. Note: Under Australian law, there is no absolute right to erasure, but we will honor deletion requests to the extent possible. If you are an EU individual, the GDPR’s right to erasure will apply where relevant.

  • Withdrawal of Consent: Where we rely on your consent to use your personal information (such as for marketing emails or certain optional data collections), you have the right to withdraw that consent at any time. For example, you can unsubscribe from our marketing emails (see Marketing Communications below) or disable non-essential cookies (see Cookies and Tracking). Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. If you withdraw consent for us to use your data in a way that is necessary for us to provide our services, we will advise you if it means we can no longer provide some or all of those services.

  • Objection and Other Rights (GDPR): If GDPR applies (e.g., you are in the EU), you may have additional rights such as the right to object to processing of your data in certain cases, the right to restrict processing, and the right to data portability (receiving a copy of your data in a structured, machine-readable format or having it transmitted to another controller). These rights apply in specific circumstances. We will ensure compliance with these rights for EU data subjects. For instance, you can object to marketing at any time (which is similar to withdrawing consent for marketing), or object to processing based on legitimate interests on grounds relating to your situation – we will comply unless we have compelling legitimate grounds to continue. If you have questions about these additional rights, please contact us.

To exercise any of your rights, or to inquire about the personal information we hold, please reach out to us via the contact details in the Contact Us section. We may ask for verification of identity before proceeding with a request. We will do our best to respond promptly and to accommodate your request as required by applicable law.

Marketing Communications

We would like to send you updates from time to time about our services, industry insights, events or newsletters only if you want to hear from us. We take a consent-based approach to marketing and adhere to the Australian Spam Act 2003 requirements and relevant privacy laws in our communications. Here’s how we handle marketing communications and your choices:

  • Opt-In Consent: We will only add you to our email marketing list if you have explicitly opted in. For example, you may provide consent by ticking a box on a form, signing up on our website to receive news, or by telling us you want to receive our newsletter. If you are an existing client, we may also send you relevant updates about our services or related products, but we will still provide an easy opt-out in every message.
  • Email Campaigns: Our marketing emails (such as newsletters or announcements) are sent via our third-party provider, SendGrid. These emails might include tracking features (like tiny image files called web beacons) that tell us whether you open the email or click on links, as mentioned earlier. We use this information to improve our content and engagement. However, we do not conduct aggressive profiling or automated decision-making on individual recipients based on this – it’s mostly aggregated metrics (e.g., open rates).
  • Unsubscribe / Opt-Out: Every marketing email we send will contain an “Unsubscribe” link at the bottom. You can click that link at any time to instantly remove yourself from our mailing list. Alternatively, you may contact us directly (via email or phone) and request to be taken off our marketing list. There is no charge for unsubscribing, and we will process your opt-out request as soon as possible. Once you opt out, we will stop sending you promotional communications. Please note you might still receive non-promotional communications from us as necessary for any ongoing services or transactions (e.g., a system alert or a billing notice), since those are not marketing.
  • Third-Party Marketing: We do not sell or share your contact information with third-party companies for their own marketing purposes without your consent. If we ever want to feature your success story or share your information in a case study or testimonial, we would seek your permission separately.
  • Compliance: We maintain records of consent for our marketing list. If required (for example, under GDPR), we can demonstrate when and how you joined our list. We also honor the marketing preferences you set. If you tell us you only want certain types of content, we will aim to filter communications accordingly. Our marketing practices are designed to be compliant with applicable laws, and we periodically review them to ensure we meet obligations under laws like the Spam Act and GDPR.

If you have any issues with marketing communications from us – for instance, if you believe you received an email without having subscribed – please contact us so we can investigate and rectify the situation.

Cookies and Tracking Technologies

When you visit our website or use our online services, we may use cookies and similar tracking technologies to enhance your experience, gather analytics, and for security purposes. This section explains how we use these technologies and your choices regarding them:

  • What Are Cookies: Cookies are small text files that websites save to your browser. They serve various functions, like keeping you logged in, remembering preferences, or collecting usage data. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain for a period or until deleted) on our site.
  • Types of Cookies We Use:
    • Necessary Cookies: These are essential for the operation of our site or services. For example, if our site has a login or client portal, a cookie might keep you logged in as you navigate pages. These cookies do not store personal information for marketing, and you generally cannot opt out of them if you want to use those features (except by not using the feature).
    • Analytics and Performance Cookies: We use Google Analytics cookies (like _ga, _gid, etc.) to collect information about how visitors use our site (Cookies - Unity Insights). This includes data on pages visited, time spent, and interactions. The information is aggregated and helps us improve site content and performance. For instance, Google Analytics cookies distinguish unique users and throttle request rates to ensure the service runs efficiently (Cookies - Unity Insights). We do not use analytics cookies to identify you personally; they mainly provide us statistical trends.
    • Functional Cookies: If our site offers preferences (like remembering your language choice or form inputs), functional cookies may store those choices to give you a better experience.
    • Advertising/Marketing Cookies: As of now, we do not use third-party advertising cookies or target ads on our site. We also do not use retargeting ads. If this changes in the future, we will update our cookie policy and seek consent as required.
  • Cookie Consent: When you first visit our website, you may see a cookie notice or banner that alerts you to our use of cookies. By using our site after seeing that notice, or by clicking “Accept” if prompted, you consent to the placement of cookies as described. For visitors from jurisdictions that require explicit cookie consent (like the EU), we will present options to allow or reject certain categories of cookies (except strictly necessary ones).
  • Managing Cookies: You have the right to control and manage cookies. Most web browsers allow you to manage or delete cookies via the browser settings. You can usually configure your browser to notify you when a cookie is set, or to block cookies altogether. You can also delete cookies that have already been set. Please note that if you disable cookies, some features of our website or services may not function properly (for example, you might not be able to log in or certain preferences won’t be saved). For Google Analytics specifically, as mentioned, you can opt out by installing the Google Analytics Opt-Out add-on (Cookies - Unity Insights) in your browser, which prevents Google Analytics from collecting your data on any site.
  • Other Tracking Technologies: In addition to cookies, we may use web beacons (clear GIFs) or pixel tags in our website or emails, which work with cookies to track user actions (like whether an email was opened, as discussed under Marketing Communications). We may also utilize local storage or HTML5 cookies for certain web applications. These technologies are used to provide the service or measure responses, and not to profile you beyond your interaction with us.
  • Do Not Track (DNT): Some browsers offer a “Do Not Track” feature that lets you signal to websites that you do not want to be tracked. Our website currently does not respond to DNT signals, because there is no consistent industry standard for compliance. However, we treat all visitors’ data in accordance with this Policy, and if a standard emerges, we will review our practices.

For more detailed information about our use of cookies, you can refer to our [Cookie Policy] (if we maintain a separate, detailed cookie policy page). By continuing to use our site, you agree to our use of cookies and tracking technologies as described. We are committed to transparency about tracking, so if you have any questions about our cookies or scripts, feel free to ask us.

Contact Us (Questions, Complaints, and Requests)

We encourage you to contact us if you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise any of your rights. Here’s how you can reach us:

Contact Information:
Innitor Pty Ltd – Privacy Officer/Data Protection Officer (as applicable)
Email: [privacy@innitor.ai]
Phone: [+61 (0) 424 416 479]
Address: [Rosanna, VIC, 3084, Australia]

Please direct any privacy-related queries or requests to the above contact. We take privacy inquiries seriously and will respond as soon as reasonably possible (generally within 5-10 business days for general questions or confirmations, and within 30 days for access or correction requests, as noted earlier).

Complaints Handling:
If you believe that we have not complied with this Privacy Policy or applicable privacy laws, you have the right to make a complaint. We ask that you first contact us at the contact details above and provide us with full details of your concern so we can investigate and respond. We will acknowledge your complaint and endeavor to resolve it within a reasonable timeframe. Our process is to review the issue, gather information, and respond to you in writing about the outcome or steps we’ll take to address it. We aim to resolve all genuine complaints fairly and promptly.

If you are not satisfied with our response to a privacy complaint, or you feel we have not adequately resolved your concerns, you may escalate the matter to the relevant supervisory authority:

  • Australia: You can contact the Office of the Australian Information Commissioner (OAIC). The OAIC can be reached at 1300 363 992 or through their website oaic.gov.au for further guidance on making a privacy complaint.
  • European Union: If GDPR applies and you are in the EU, you have the right to lodge a complaint with your country’s data protection authority. We can provide the contact details for the appropriate EU supervisory authority upon request (or you can find them online on the European Data Protection Board website).
  • Other Regions: If any other privacy or data protection regulator applies (for example, if you are in a country with its own privacy law), you may contact that regulator. We are happy to assist in directing you to the proper authority if needed.

We sincerely hope it never comes to that, and we will work with you to amicably resolve any issues.

Disclaimer and Other Information

Third-Party Policy Links: For your convenience and reference, we have included links to external privacy policies (such as those for Stripe, Google, and Twilio/SendGrid) in this document. Please note that these third-party policies are authored by those respective companies, and Innitor Pty Ltd has no control over their content. We encourage you to read their policies to understand how they manage your data. We make no representation or warranty as to the accuracy of information in those external documents here, beyond citing their official sources. If any link in this Policy is broken or outdated, please let us know and we will update it.

Changes to This Policy: As mentioned in the introduction, we may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for any other reason. When we make significant changes, we will post the updated Policy on our website and update the “Last updated” date. In case of material changes that affect your rights or how we use your data, we may also notify you directly (for example, via email or a prominent notice on our site) and, if required, obtain your consent for the new practices. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

Contact for Policy Versions: This Policy is an outline of our privacy framework. If you require a copy of this Policy in an alternative format (for accessibility reasons) or have questions about its content, please contact us. If you are a client and require a signed copy or a version on company letterhead for compliance purposes, we can provide that upon request.

Thank you for trusting Innitor Pty Ltd with your personal information. We are committed to safeguarding privacy and ensuring that your data is handled with care and transparency.