Privacy Policy

1. About This Policy

This Privacy Policy ("Policy") is issued by All Sorted ("All Sorted", "we", "us" or "our"), a sole trader business based in Queensland, Australia. It describes how we collect, use, hold, disclose and otherwise manage personal information in connection with the All Sorted iOS application (the "App") and our website at allsortedapp.com.au (the "Website"), together referred to as the "Services".

This Policy is prepared and maintained in accordance with the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs") contained in Schedule 1 of that Act. Where applicable, this Policy also reflects our obligations under the Notifiable Data Breaches scheme established by Part IIIC of the Privacy Act.

By accessing or using the Services, you acknowledge that you have read, understood and agree to the collection, use and disclosure of your personal information as described in this Policy. If you do not agree with this Policy, you must not use the Services.

All queries, access requests, correction requests and complaints regarding the handling of personal information under this Policy should be directed to: info@allsortedapp.net

2. Personal Information We Collect

2.1 Information You Provide Directly

We collect the following categories of personal information that you provide to us directly in the course of using the Services:

• Full name and email address provided upon account registration
• Financial records entered by you, including bills, income, expenses, savings goals, ATO deduction data and motor vehicle logbook entries
• Profile preferences, including currency, timezone, tax bracket, notification settings and application theme selections
• Calendar events, to-do items, grocery list entries, meal plans and wellness metrics that you create within the App
• Notes, reminders and other user-generated content created within the App
• Communications and enquiries you submit to us via email or any other channel

2.2 Information Collected Automatically

We may collect the following information automatically when you use the Services:

• GPS location data, collected only when you activate the Drive feature or the Auto-Detect trip logging function, and only with your express permission granted through iOS location services. You may withdraw this permission at any time via your iOS device settings, though doing so will affect the functionality of the Drive feature
• Device and technical information, including device type, iOS version and screen resolution, collected solely for the purposes of troubleshooting, compatibility assessment and service improvement
• Aggregated usage analytics, which are de-identified and cannot be used to identify you as an individual. These are used to analyse how the Services are used and to guide feature development and optimisation

2.3 Information We Expressly Do Not Collect

3. Purposes of Collection and Use

All personal information collected by All Sorted is collected for one or more of the following purposes, each of which is necessary to provide the Services or is otherwise notified to you at the point of collection:

• To create, verify and maintain your user account and to authenticate your identity when you access the Services
• To synchronise your data securely across your authorised devices in real time
• To deliver in-app and push notifications that you have elected to enable, including bill payment reminders, daily morning briefings, calendar alerts and recurring todo reminders
• To facilitate and process subscription payments through Apple's in-app purchase system in accordance with Apple's payment terms
• To provide AI-powered receipt scanning, bill scanning and the SAGE AI assistant feature, for which image and text data is transmitted to our AI service provider for transient processing. Such data is not retained by the service provider beyond the duration of the individual API transaction
• To respond to technical support enquiries and to diagnose and resolve application errors
• To send product updates, new feature announcements and waitlist communications to users who have opted in to receive such communications
• To improve, develop and optimise the Services through the analysis of aggregated, de-identified usage data that cannot be attributed to any individual user
• To comply with our legal and regulatory obligations under applicable Australian law
• To enforce our Terms of Use and any other agreement between you and All Sorted

We will not use your personal information for any purpose that is materially incompatible with the purposes set out above without first obtaining your express prior consent, except where otherwise required or authorised by law.

4. Disclosure of Personal Information

We may disclose personal information to the following categories of third parties, each of whom is engaged under binding contractual obligations of confidentiality and data security, solely for the purposes of enabling the delivery of the Services:

• Supabase Inc., which provides our database hosting, authentication and backend infrastructure services. Your data is stored on Supabase-managed servers located within Australia
• Apple Inc., which facilitates in-app purchase processing, subscription management and the delivery of push notifications via the Apple Push Notification service (APNs)
• Anthropic PBC, which provides the large language model infrastructure that powers three features within the App: (i) the SAGE AI assistant, to which the text content of your typed queries is transmitted for the purpose of generating a response; (ii) the receipt scanning feature, to which images of receipts you capture within the App are transmitted for the purpose of extracting and categorising expense data; and (iii) the bill scanning feature, to which images of bills you capture are transmitted for the purpose of extracting billing and payment information. All data transmitted to Anthropic is processed transiently and exclusively for the purpose of generating the relevant output. Such data is not stored or retained by Anthropic beyond the duration of each individual API request and is not used by Anthropic for the purpose of training or improving its models, in accordance with Anthropic's enterprise API data processing commitments
• RevenueCat Inc., which provides subscription lifecycle management, entitlement verification and subscription analytics services

We do not disclose personal information to advertisers, data brokers, marketing agencies, analytics resellers or any other third party for commercial or promotional purposes. We do not sell personal information. We do not permit any third-party service provider to use your personal information for their own purposes beyond the scope of the services they provide to us.

We may disclose personal information where we are required or permitted to do so by applicable law, by order of a court of competent jurisdiction, by a government agency or regulatory authority having lawful jurisdiction, or where we reasonably believe disclosure is necessary to protect the rights, property or safety of All Sorted, our users or the public. Where practicable and legally permissible, we will notify you before making any such compelled disclosure.

5. Storage, Security and Data Integrity

All personal information held by All Sorted is stored on Supabase-managed servers situated in Australia. All data transmitted between your device and our servers is protected in transit by Transport Layer Security (TLS) version 1.2 or higher. All data held at rest is encrypted using industry-standard encryption protocols. Access to your data is governed by row-level security controls configured at the database level, ensuring that only your authenticated account session may retrieve, modify or delete your records.

We implement technical and organisational measures that are reasonable and proportionate to the nature and sensitivity of the personal information we hold. These measures include access controls, encryption at rest and in transit, principle-of-least-privilege access provisioning and periodic security reviews.

Notwithstanding the foregoing, no method of electronic storage or data transmission is entirely secure. We cannot and do not warrant the absolute security of your personal information. You acknowledge this inherent risk in using any internet-based service.

In the event of a data breach that is likely to result in serious harm to one or more individuals, we will notify affected individuals and the Office of the Australian Information Commissioner ("OAIC") as soon as practicable and in accordance with our obligations under the Notifiable Data Breaches scheme.

6. Your Rights Under Australian Privacy Law

Subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights with respect to your personal information held by All Sorted:

• Right of access: You may request access to the personal information we hold about you. We will provide access within a reasonable time and in a format that is practicable for you
• Right of correction: You may request that we correct any personal information that is inaccurate, incomplete, out-of-date, irrelevant or misleading. We will take reasonable steps to correct the information or, if we disagree that correction is warranted, we will note your request in association with the relevant record
• Right of deletion: You may request the permanent deletion of your account and all associated personal information. Deletion requests are processed in accordance with the data retention timeframes set out in clause 7 below
• Right of portability: You may export a copy of your personal data in a structured format at any time using the data export functionality available within the App
• Right to withdraw consent: You may withdraw your consent to the receipt of marketing and promotional communications at any time by using the unsubscribe mechanism included in any such communication or by contacting us directly at the address below
• Right to complain: If you believe that All Sorted has interfered with your privacy rights under Australian law, you have the right to lodge a formal complaint with the OAIC at oaic.gov.au

To exercise any of the above rights, please submit a written request to info@allsortedapp.net. We will acknowledge receipt of your request and respond substantively within 30 days of receipt. If the complexity or volume of your request requires additional time, we will notify you of the extended timeframe and the reasons therefor.

7. Data Retention

We retain personal information for as long as your account remains active or as is reasonably necessary to fulfil the purposes for which the information was collected, to comply with legal obligations, to resolve disputes, to detect and prevent fraud or abuse, or to enforce our agreements with you.

Upon deletion of your account, whether initiated by you through the in-app account deletion function or pursuant to a written request submitted to us, your personal information will be permanently removed from our primary production systems within 30 days of the deletion request being confirmed. Residual copies of your data held in backup and archival systems will be purged within 90 days of the confirmed deletion request. Following permanent deletion, recovery or reconstruction of deleted data is not possible.

8. Children

The Services are not directed at, and we do not knowingly collect personal information from, individuals under the age of 13 years. Persons under the age of 18 who wish to use the App must have the verifiable consent of a parent or legal guardian.

If you have reason to believe that a child under the age of 13 has provided us with personal information without appropriate parental or guardian consent, we ask that you contact us immediately at info@allsortedapp.net. Upon becoming aware of such a circumstance, we will take prompt steps to investigate and, where confirmed, to permanently delete the relevant information from our systems.

9. International Data Transfers

Your personal information is primarily stored and processed on servers located within Australia. Certain service providers engaged by us are incorporated outside Australia, including Anthropic PBC and RevenueCat Inc., which are incorporated in the United States of America. Where personal information is transferred to a service provider located outside Australia, we take reasonable steps to ensure that such transfer is subject to binding contractual protections requiring the overseas recipient to handle your personal information in a manner consistent with the Australian Privacy Principles or otherwise in accordance with applicable data protection law.

By using the Services, you acknowledge and consent to the transfer of your personal information to overseas recipients where such transfer is necessary to provide the features of the App, subject to the protections described above.

10. Amendments to This Policy

We reserve the right to amend this Privacy Policy at any time to reflect changes in our practices, the Services or applicable law. Where proposed amendments are material to the manner in which we collect, use or disclose personal information, we will provide you with not less than 14 days' prior written notice of such amendments by email to your registered address or by way of a prominent in-app notification. The effective date at the head of this Policy will be updated to reflect the date on which any amendments take effect.

Your continued use of the Services following the notification of material amendments constitutes your acceptance of the amended Policy. If you do not accept the amended Policy, you must cease using the Services and may delete your account in accordance with clause 7 above.

11. Contact and Complaints

All enquiries, access requests, correction requests, deletion requests and privacy complaints relating to this Policy or to the handling of personal information by All Sorted should be directed to our Privacy Officer in writing:

We are committed to resolving privacy complaints in a fair, timely and transparent manner. We will acknowledge all written complaints within 5 business days of receipt and will endeavour to provide a substantive response within 30 days. If you are not satisfied with the outcome of your complaint, you may refer the matter to the Office of the Australian Information Commissioner at oaic.gov.au or by telephoning 1300 363 992.