Legal

Privacy Policy

How WorkM8 Consulting collects, uses, and protects personal information. Last updated 29 April 2026.

WorkM8 Consulting (ABN 45 853 922 742) (we, us, our) is committed to protecting personal information. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website, contact us, engage our services, or use our software applications.

This Privacy Policy should be read together with our Website Terms of Use and our Software & Services Agreement.

1. Laws we follow

  • 1.1 We comply with the Australian Privacy Principles in the Privacy Act 1988 (Cth) and, where applicable, the New Zealand Privacy Act 2020 and the Information Privacy Principles under that Act.
  • 1.2 "Personal information" has the meaning given to it under those Acts.

2. Information we collect

  • 2.1 We collect the following categories of personal information:
    1. Identity and contact details: name, business name, position, email address, phone number, postal address.
    2. Account and billing details: ABN/NZBN where applicable, billing contact, payment method tokens (we do not store card numbers — these are tokenised by Stripe).
    3. Service and support records: correspondence, support tickets, meeting notes and recordings (where consented), and project documentation.
    4. Technical data: IP address, browser type, device type, operating system, referring URL, page interaction data.
    5. Usage data from our software applications: configuration choices, action logs, error logs.
    6. Information you choose to provide in feedback, surveys, or beta program participation. Beta participants should not submit production-sensitive data unless we have agreed otherwise in writing; information you provide in this context may be used to diagnose issues and improve our products.
  • 2.2 We may also collect personal information that you choose to provide outside of these categories, but only when you provide it voluntarily and the purpose is reasonable in the circumstances.
  • 2.3 Sensitive information. We do not generally collect sensitive information (as defined in the Privacy Act 1988 (Cth)), including health, racial or ethnic, political, religious, or biometric information. If we need to collect sensitive information, we will obtain your consent and only collect what is reasonably necessary.
  • 2.4 Children. Our website, services, and software applications are intended for business users and are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

3. How we collect personal information

  • 3.1 We collect personal information directly from you when you contact us, engage our services, register for an account, install or use our software applications, attend a meeting, or otherwise interact with us.
  • 3.2 We collect technical data automatically when you visit our website (see clause 9 — Cookies and analytics).
  • 3.3 We may collect personal information from third parties (such as referrers, partners, or platforms like ServiceM8) where it is reasonable and lawful to do so. Where we do, we will protect that information in accordance with this Privacy Policy.

4. How we use personal information

  • 4.1 We use personal information to:
    1. Provide our services and software applications, including support, updates, and maintenance.
    2. Communicate with you about our services, including new releases, betas, and changes to our products.
    3. Process payments, manage accounts, and meet our tax and recordkeeping obligations.
    4. Improve our services and software applications, including diagnosing issues, analysing usage patterns, and developing new features.
    5. Comply with legal obligations and respond to lawful requests.
  • 4.2 Direct marketing. Where we send you direct marketing communications, we do so in accordance with the Spam Act 2003 (Cth) and the Privacy Act. Every commercial electronic message will identify us as the sender and include a functional unsubscribe option. You may opt out at any time using that option or by contacting us.
  • 4.3 AI and automated processing. We may use artificial intelligence, machine learning, and other automated tools to support our services — for example, to triage support requests, summarise documents, generate draft content, or analyse usage patterns. We do not use these tools to make decisions that produce legal or similarly significant effects on you without human involvement. Where we process customer data through AI tools as a data processor (see clause 5.2), we do so only on the customer's instructions.

5. Our role: controller and processor

  • 5.1 We act as data controller (or, in the equivalent Australian framing, the entity responsible) for personal information you give us directly — for example, when you contact us, sign up for an account, or visit our website.
  • 5.2 We act as data processor on behalf of our customers when our software applications, integrations, automations, or forms move personal information that belongs to a customer's business — for example, when an app reads or writes data inside a customer's ServiceM8 account. In that capacity, we process the data only on the customer's instructions and as required by applicable law.

6. Disclosure of personal information

  • 6.1 We may disclose personal information to:
    1. Our employees, contractors, and professional advisers who need it to provide our services.
    2. Service providers and sub-processors that help us operate our business (see clause 7).
    3. Any party in connection with a sale, merger, or transfer of our business or assets, subject to confidentiality.
    4. Law enforcement, regulators, or courts where required or permitted by law.
  • 6.2 We do not sell personal information.

7. Sub-processors and service providers

  • 7.1 We use the following categories of sub-processors and service providers to operate our business and deliver our software. The specific provider in each category may change from time to time:
    1. Software hosting and cloud infrastructure (e.g., Vercel, Amazon Web Services).
    2. Service platform and add-on hosting (ServiceM8).
    3. Payment processing (Stripe).
    4. Email, calendar, and productivity (Microsoft 365).
    5. Video conferencing (Zoom).
    6. Email marketing (Mailchimp).
    7. Workflow automation (n8n, Zapier).
    8. Meeting transcription (where consented).
  • 7.2 An up-to-date list of sub-processors is available on request.

8. Cross-border disclosure

  • 8.1 Some of our sub-processors store or process personal information outside Australia, including in the United States, the European Union, and other jurisdictions where they operate.
  • 8.2 Before disclosing personal information overseas, we take reasonable steps to ensure the recipient handles personal information in a manner consistent with the Australian Privacy Principles.
  • 8.3 Where we disclose personal information to an overseas recipient, we remain accountable under APP 8.1 for acts and practices of that recipient in relation to that information, except where an exception under the Privacy Act applies.

9. Cookies and analytics

  • 9.1 Our website uses cookies and similar technologies for essential functionality, analytics, and (where applicable) advertising. Most browsers can be configured to reject cookies; doing so may affect website functionality.
  • 9.2 We may use third-party analytics and advertising services such as Google Analytics and Google Ads. These services may set their own cookies; their use is governed by their own privacy policies.
  • 9.3 Where required by applicable law (including for visitors from jurisdictions where prior consent is required), we will request your consent before setting non-essential cookies through a cookie banner or similar mechanism, and you may withdraw that consent at any time.

10. Data retention

  • 10.1 We keep personal information only for as long as we need it for the purposes set out in this Policy or as required by law. Indicative retention periods:
    1. Customer account and billing records: at least 7 years from end of engagement, to meet tax and corporate record obligations.
    2. Support and project records: up to 7 years from project completion.
    3. Marketing contact data: until the contact unsubscribes or requests deletion.
    4. Application logs and usage data: typically up to 24 months, unless required for longer for security or audit purposes.
  • 10.2 When we no longer need personal information, we take reasonable steps to destroy or de-identify it.

11. Security and data breaches

  • 11.1 We use reasonable physical, technical, and administrative measures to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.
  • 11.2 We comply with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth). If a data breach is likely to result in serious harm to any affected individual, we will notify the Office of the Australian Information Commissioner and the affected individuals as soon as practicable, in accordance with that scheme.
  • 11.3 Transmission of information over the internet is not entirely secure. We cannot guarantee the security of information transmitted to or from our website.

12. Your rights

  • 12.1 You may request access to, or correction of, the personal information we hold about you. There is no fee for making a request. We may charge a reasonable, non-excessive fee for the costs of giving access (for example, retrieval, copying, or postage costs), as permitted by APP 12. Correction requests are free of charge.
  • 12.2 You may withdraw consent for us to use your personal information for marketing at any time by following the unsubscribe link in any marketing email or by contacting us.
  • 12.3 We may refuse access or correction in the limited circumstances permitted by the Privacy Act.

13. Complaints

  • 13.1 If you have a complaint about how we handle personal information, please contact us at the details below. We will respond within a reasonable time.
  • 13.2 If you are not satisfied with our response, you may complain to:
    1. The Office of the Australian Information Commissioner (oaic.gov.au); or
    2. If you are based in New Zealand, the Office of the Privacy Commissioner (privacy.org.nz).

14. Changes to this Policy

  • 14.1 We may update this Privacy Policy from time to time. The current version is always available on our website. The "Last updated" date at the top of this Policy indicates when it was last changed.
  • 14.2 Where we make material changes to this Policy, we will take reasonable steps to notify you in advance — for example, by email to your account contact, by an in-app or in-product notice, or by a prominent notice on our website.

15. Contact us

  • 15.1 Privacy queries (Privacy Officer): privacy@workm8consulting.com
  • 15.2 General enquiries: support@workm8consulting.com
  • 15.3 Post: WorkM8 Consulting, PO Box 307, Darlinghurst NSW 1300, Australia
  • 15.4 Privacy queries, access and correction requests, and complaints should be directed to our Privacy Officer at the email address above.

Privacy Policy · ABN 45 853 922 742