Privacy Policy

This policy explains how Biloh collects, uses, stores, and shares personal information when you visit biloh.com.au or use the Biloh platform. We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This page is a plain-English summary; nothing in this page is intended to override your rights under Australian privacy law.

1. What we collect

When you sign up, we collect your name, email address, business name, and the tier you select. When you use the platform, we collect operational data you enter (clients, sites, jobs, proposals, invoices, contractors, signatures) and metadata about your actions (timestamps, IP address, user-agent, audit-log entries). When you contact us, we keep the content of your message and your reply-to address.

2. How we use it

We use personal information to run your account, deliver the services you have asked for, send transactional emails (proposals, work orders, invoices, password resets, billing notifications), provide customer support, and improve the platform. We do not sell personal information to third parties. We do not use your operational data to train AI models without your consent.

3. Where it lives

Customer data is hosted on Supabase infrastructure in the AWS Sydney (ap-southeast-2) region. Email is delivered through Resend. Some transactional services (e.g., domain DNS, status pages) may be hosted in the United States. Where overseas processing occurs, we use providers that bind themselves to Australian-equivalent privacy protections.

4. Cookies and tracking

The marketing site at biloh.com.au does not set tracking cookies. The application surface at app.biloh.com.au uses a small set of cookies strictly necessary to keep you signed in (Supabase auth session cookies). We do not use third-party advertising cookies. If we add analytics in the future, we will update this page and offer a consent gate.

5. Your rights

Under the Australian Privacy Principles you may ask us to access, correct, or delete the personal information we hold about you, and you may complain to the Office of the Australian Information Commissioner if you are unsatisfied with our response. Most in-platform data is editable directly inside the Biloh app; for anything that isn't, contact us using the details below.

6. Retention

We retain operational data for the life of your account plus the period legally required for tax and contract purposes. Soft-delete is the default for business records (jobs, proposals, invoices) so that history remains audit-traceable inside your tenant. You can request hard-deletion of your account on request.

7. Contact

Privacy questions, access requests, or complaints: privacy@biloh.com.au. We aim to respond within 14 days.

This page is a plain-English summary. It is reviewed regularly and replaced with a current version when our practices change.