← Back to ScrapDesk
Privacy Policy
ScrapDesk Pty Ltd · Last updated: March 2026 · Version 1.0
Plain English Summary: We collect only what we need to run your account. Your business data belongs to you. We store everything in Australia. We never sell your data. You can delete everything at any time.
1. Who We Are
ScrapDesk Pty Ltd ("ScrapDesk", "we", "us") operates the ScrapDesk platform at scrapdesk.com. We are an Australian company subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Contact us: privacy@scrapdesk.com
2. What Information We Collect
- Account information: Company name, ABN, email address, password (hashed — we never store plaintext passwords)
- Business data: Tickets, inventory, contacts, transactions, ESG records you enter into ScrapDesk
- Usage data: Login timestamps, IP addresses (for security), feature usage (anonymised)
- Billing information: Handled directly by our payment processor (Stripe). We do not store card numbers.
3. How We Use Your Information
- Providing and improving the ScrapDesk service
- Account authentication and security
- Sending service-critical emails (password resets, billing alerts)
- Complying with legal obligations
We do not use your data for advertising, sell it to third parties, or use it to train AI models.
4. Where Your Data Lives
All data is stored in Australia (AWS ap-southeast-2, Sydney). We do not transfer personal data outside Australia without your explicit consent, except where necessary for services you specifically request.
5. Data Security
- All connections use HTTPS/TLS encryption
- Passwords are hashed using PBKDF2 with 260,000 iterations (industry standard)
- Each customer's data is fully isolated — no tenant can access another's data
- Regular automated backups
- Audit logs of all data access
6. Your Rights (Australian Privacy Principles)
Under the Privacy Act 1988, you have the right to:
- Access your personal information (Settings → Export Personal Data)
- Correct inaccurate information (contact us or update in-app)
- Delete your account and all associated data (Settings → Delete Account)
- Port your data in machine-readable format (Settings → Export All Data)
- Complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au
7. Data Retention
We retain your data for as long as your account is active. When you delete your account, all personal data and business data is permanently deleted within 7 days. Anonymised usage statistics may be retained for up to 2 years.
8. Cookies
We use a single authentication cookie (sd_token) that is required for login. We do not use tracking or advertising cookies. No third-party analytics scripts are loaded.
9. Third-Party Services
- Railway (hosting): Infrastructure provider — data remains in Australia
- Stripe (payments): Payment processing — subject to Stripe's privacy policy
10. Changes to This Policy
We will notify you by email before making material changes to this policy. Continued use after 30 days constitutes acceptance of the updated policy.
11. Contact & Complaints
Privacy queries: privacy@scrapdesk.com
If you're unsatisfied with our response, you may complain to the OAIC at oaic.gov.au.