SurveyThanks

Privacy Policy

Last updated: TODO: set when first published

This Privacy Policy explains how [SwapLink Pty Ltd] ([ABN 00 000 000 000]) ("we", "us", "our") collects, uses, stores and discloses personal information when you use the SurveyThanks platform (the "Service"). It applies to information collected through surveythanks.com, partner-branded equivalents (e.g. white-label deployments under partner domains), our mobile apps, and any other product or service we provide.

We are an Australian entity and our handling of personal information is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. What information we collect

We collect information you give us, information we generate as you use the Service, and information from third parties (e.g. when a partner provisions a merchant on your behalf).

1.1 Account and contact information

  • Name, email address, phone number (if provided)
  • Profile photo and signature image (if uploaded)
  • Timezone and display preferences
  • PIN hash + session tokens for authentication
  • Role and workspace memberships (which merchants and partners you belong to)

1.2 Workspace and operational data

  • Job records (site addresses, scheduling, status, assignees)
  • Survey requests received via inbound email
  • Form definitions you build and form submissions you receive
  • Sites, areas, assets and their hierarchical metadata
  • Generated reports and historical versions
  • Conversations and messages between workspace members
  • Notifications and activity logs
  • Files uploaded to the Service (PDFs, images, documents)
  • Audio recordings (when the audio inspection assistant is enabled)

Some of this data is information about your clients or other third parties (for example, the name and address of the site you are inspecting). You are responsible for ensuring you have the right to provide such information to us and for complying with your own privacy obligations to those third parties. In APP terms, where you provide third-party personal information to the Service for processing, you are the controller of that information and we act as your sub-processor.

1.3 Usage and technical information

  • IP address, browser, device, operating system
  • Pages viewed, features used, click events, error reports
  • Session timestamps, sign-in method (magic link, PIN), session lifetime
  • Background sync state and rate-limit / quota counters

1.4 Billing information

  • Plan tier, subscription status, billing interval, currency
  • Payment details (credit card, bank, tax number) — these are collected and stored by Stripe, not by us. We hold only Stripe's customer / subscription / invoice identifiers and aggregated billing metadata.
  • Usage metrics (AI report renders, storage bytes, emails sent) for plan-limit enforcement and overage billing.

2. How we use your information

We use the information described above to:

  • Provide, operate, secure, and improve the Service
  • Authenticate you and maintain your sessions
  • Process payments, enforce plan limits, and bill usage-based overage
  • Generate documents and reports on your behalf, including AI-assisted drafting that may send extracts of your workspace data to our AI sub-processor (see §3)
  • Route inbound survey requests to the correct workspace
  • Send transactional emails (sign-in links, notifications, billing receipts)
  • Provide customer support and troubleshoot issues
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal information. We do not use the content of your workspace data to train AI models for third parties.

3. Disclosure to third parties (sub-processors)

We rely on the following sub-processors to operate the Service. Each is contractually bound to handle the data we share with them only as required to provide their service to us, and not for their own purposes.

Sub-processorPurposeData location
Stripe, Inc.Payment processing, subscription billing, usage-based meterUnited States
Anthropic, PBCAI report drafting, OCR, RAG search, chat assistance (we send extracts of your workspace data needed to fulfil the prompt)United States
Mailgun Technologies, Inc.Inbound email routing (per-merchant addresses) and email-related webhooksUnited States
Resend, Inc.Outbound transactional email (sign-in links, notifications, receipts)United States
Neon, Inc.Managed Postgres database hosting (production workspace data)United States / European Union
Cloudflare, Inc. (R2)Object storage for uploaded files and generated reportsGlobal edge network
Vercel, Inc.Web application hosting and edge functionsUnited States
OnlyOffice / Collabora / LibreOffice OnlineIn-browser document editing (Word file rendering and collaborative editing)Self-hosted by us / regional
Upstash QStashBackground job queue (report render pipeline)United States / European Union
PostHog, Inc.Product analytics and error trackingUnited States / European Union
Telegram Bot API (LLC)Internal operator notifications (admin sign-in alerts, system events)Global
Xero LimitedAccounting integration — only when you connect your Xero organisationAustralia / New Zealand

We may add or remove sub-processors as our infrastructure evolves. Material changes will be reflected in this Policy and announced via the in-app notification surface.

We may also disclose personal information when required by law, in response to lawful requests from public authorities, or to protect our rights, the rights of our users, or the safety of any person.

4. Cross-border transfers

Most of our sub-processors are based outside Australia (predominantly in the United States). When we share your personal information with a sub-processor in another country, we take reasonable steps to ensure they handle it consistently with the Australian Privacy Principles. By using the Service, you consent to your information being transferred, stored, and processed in those jurisdictions.

5. How we store and secure your information

  • Data in transit is encrypted using TLS 1.2 or higher
  • Data at rest in our database is encrypted by the underlying managed Postgres host
  • Uploaded files are stored in a private bucket with per-workspace key isolation
  • Authentication uses signed session cookies and either a magic link sent to your verified email or a hashed PIN
  • Access to production systems is restricted to a small set of operators
  • Administrative impersonation (used for support troubleshooting) is gated by an explicit operator allow-list, time-limited, and recorded in an immutable audit log
  • We monitor for suspicious sign-in patterns and rate-limit sensitive endpoints

No system is perfectly secure. If we become aware of a notifiable data breach affecting your personal information, we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

6. Data retention

We retain personal information for as long as your account is active and for a reasonable period afterwards to comply with legal obligations, resolve disputes, and enforce our agreements. Specific defaults:

  • Workspace data (jobs, forms, submissions, reports, files): retained for the life of your subscription. On account closure, deleted within 90 days unless we are required to retain it.
  • Backups: rolling 30-day point-in-time recovery; deleted data ages out of backups within 30 days of deletion from the live database.
  • Audit logs: retained for at least 2 years to support compliance, dispute resolution, and security investigations.
  • Billing records: retained for at least 7 years as required by Australian tax and corporations law.
  • Quarantined inbound email: retained for 30 days after quarantine before permanent deletion.

7. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Request access to the personal information we hold about you
  • Request correction of information that is inaccurate, out of date, or incomplete
  • Request deletion of your personal information (subject to retention obligations we are legally required to meet)
  • Withdraw consent for processing where consent is the lawful basis
  • Receive a copy of your information in a portable format
  • Complain about how we have handled your personal information

To exercise any of these rights, email privacy@surveythanks.com. We will respond within 30 days.

If you are unhappy with how we have handled your request or your complaint, you can escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.

8. Cookies and similar technologies

We use a small number of cookies:

  • Session cookies — required for authentication. Cannot be disabled without breaking sign-in.
  • Preferences — store UI choices like the active workspace, editor preference, theme.
  • Analytics — PostHog uses cookies / local storage to measure product usage. You can opt out via your account settings.

9. Children

The Service is not directed to anyone under the age of 16. We do not knowingly collect personal information from children. If you believe we may have collected information from a child, contact us at privacy@surveythanks.com and we will delete it.

10. Changes to this Policy

We may update this Policy from time to time. We will publish the updated version on this page with a new "Last updated" date. Material changes will also be communicated through the Service or by email.

11. Contact us

For any privacy-related questions, requests, or complaints, contact us at privacy@surveythanks.com or write to:

[SwapLink Pty Ltd]
[Registered office address, Australia]