Legal

Privacy Policy

How Kelpie collects, uses, holds, discloses and protects your personal information — handled in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Effective 8 June 2026Last updated 8 June 2026
On this page
  1. 1. Introduction
  2. 2. Who we are
  3. 3. What we collect
  4. 4. How we collect it
  5. 5. How we use & share it
  6. 6. Marketing communications
  7. 7. Cookies & tracking
  8. 8. Overseas disclosure
  9. 9. Retention & security
  10. 10. Your rights
  11. 11. Privacy complaints
  12. 12. Children's privacy
  13. 13. Changes to this policy

1. Introduction

This Privacy Policy explains how Kelpie HQ Pty Ltd ("Kelpie", "we", "us" or "our") collects, uses, holds, discloses and protects your personal information when you use the Kelpie website at kelpiehq.com and the Kelpie web and mobile applications (together, the "Service").

We take your privacy seriously. We handle personal information in accordance with the Privacy Act 1988 (Cth) (the "Privacy Act") and the 13 Australian Privacy Principles ("APPs") set out in that Act. Where we send marketing emails or other commercial electronic messages, we also comply with the Spam Act 2003 (Cth).

This policy is written in plain English so that you can understand what we do with your information. By using the Service, you agree to the collection and use of your personal information as described in this policy. If you do not agree with this policy, please do not use the Service.

This policy takes effect on the effective date shown above and applies from that date.

2. Who we are

Kelpie is a vertical SaaS platform — an end-to-end business operating system built for small Australian call-out trade businesses (sole traders and teams of 1 to 15 people across plumbing, electrical, HVAC, painting, landscaping and pest control). Kelpie covers quoting, scheduling, jobs, payments, invoicing, timesheets and customer management.

The entity responsible for the Service and for the personal information described in this policy is:

Entity
Kelpie HQ Pty Ltd
ACN
698 837 295
Email
[email protected]
Website
kelpiehq.com

If you have any questions about this policy or about how we handle your personal information, you can contact us at [email protected]. We are the first point of contact for privacy matters and handle privacy enquiries directly (see section 11 for our complaints process).

3. The types of personal information we collect

"Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether it is recorded in a material form or not.

It is important to understand that Kelpie handles personal information in two very different capacities. The distinction matters because it determines who is responsible for the information and who you should contact to exercise your rights over it.

3.1 Information Kelpie collects and is responsible for (account-holder data)

This is information about the people who hold a Kelpie account — the trade businesses that subscribe to Kelpie and their staff who use the Service. For this information, Kelpie decides how and why the information is handled, and we are responsible for it under the Privacy Act.

We collect the following categories of account-holder personal information:

(a) Identity and account data

  • Your name
  • Your email address
  • Your password (always stored in hashed form — we never store or see your plain-text password)
  • Your phone number

(b) Business identity data

  • Business name
  • Australian Business Number (ABN)
  • Trade licence number
  • Business address
  • Entity type (e.g. sole trader, company)

(c) Usage and device data (collected automatically — see section 4)

  • Log data
  • IP address
  • Device and browser information
  • In-app interactions and feature usage

(d) Error and diagnostic data

  • Crash reports
  • Performance and diagnostic traces (collected via our error-monitoring provider, Sentry)

3.2 Information Kelpie processes on behalf of our users (your customers' data)

When a trade business uses Kelpie to run their operations, they enter information about their own end-customers into the platform. For this information, the trade business — not Kelpie — decides why and how the information is handled. Kelpie acts only as a service provider that stores and processes this information on the trade business's instructions and on their behalf.

In other words: if you are an end-customer of a tradie who uses Kelpie, the tradie's business is responsible for your information, and you should direct any requests about that information to that business. Kelpie holds it as a processor, not as the controlling entity.

The end-customer information that trade businesses may enter into Kelpie includes:

  • End-customer contact details: names, email addresses, phone numbers, and site and billing addresses
  • Job-related content: job photos and site media
  • Business-customer ABNs

We only access, use or disclose this information as needed to provide the Service to the trade business, to comply with the law, or as otherwise instructed by the trade business. We do not use it for our own marketing or for any unrelated purpose.

3.3 Payment data

Card and payment-method details are collected and processed directly by our payment provider, Stripe. Card data never passes through or is stored on Kelpie's servers.

Kelpie stores only limited payment metadata returned to us by Stripe, such as the last few digits of a card, the transaction status, and the transaction amount. We use this metadata to manage subscriptions and to keep records of payments. Stripe handles your full card details under its own privacy terms.

3.4 Accounting software you connect (Xero and QuickBooks)

Kelpie can connect to third-party accounting software so that your invoices and related records stay in sync with your books. At present this includes Xero (provided by Xero Limited) and QuickBooks Online (provided by Intuit Inc.). This connection only happens if you choose to set it up, and you can disconnect it at any time from your settings.

When you connect your accounting software, you authorise Kelpie to exchange the information needed to keep your records in sync. In practice this means:

  • Information Kelpie sends to your accounting software — invoices and the data on them, such as line items, amounts, GST and your ABN, together with the customer the invoice is addressed to (including their name and contact or billing details) and related payment records, so that your books match the work you have done.
  • Information Kelpie reads back from your accounting software — limited reference and status data, such as your list of accounts and tax rates, your organisation or company details, and whether a record synced successfully, so that data maps to the right place and we can show you the sync status.

We use this information only to operate the integration you have asked for — we do not use it for our own marketing or for any unrelated purpose. Your use of Xero or QuickBooks is also governed by that provider's own terms and privacy policy, and the data you keep inside that software is handled by them. You can stop the data exchange at any time by disconnecting the integration.

3.5 What we do NOT collect

For clarity, at launch Kelpie does not collect, hold or process any of the following:

  • Payroll data
  • Tax File Numbers (TFNs)
  • Superannuation information
  • Single Touch Payroll (STP) data

If this changes in the future, we will update this policy before we begin collecting any such information.

4. How we collect personal information

We collect personal information in three main ways:

  1. Directly from you — when you register for an account, set up your business profile, enter data into the Service, contact our support team, or otherwise interact with us. Wherever it is reasonable and practicable to do so, we collect personal information directly from the individual it is about.
  2. Automatically through the website and apps — when you use the Service, we automatically collect usage, device and error telemetry, for example log data, IP address, device and browser information, in-app interactions, and crash and performance reports. Some of this is collected using cookies and similar technologies (see section 7).
  3. From third parties — in limited cases we receive information from third-party services that help us deliver the Service. For example, address fragments are sent to and returned from Google Places to power address autocomplete as you type, payment metadata is returned to us by Stripe, and — where you connect your accounting software (such as Xero or QuickBooks) — limited reference and sync-status data is returned to us from that software (see section 3.4).

If you do not provide certain personal information when asked, we may not be able to provide you with the Service or with the particular feature you are trying to use.

5. How we use and share personal information

5.1 How we use your information

We use personal information for the following purposes:

  • To provide, operate and maintain the Service, including your account and the features you use
  • To set up and manage your business profile
  • To process payments and manage subscriptions and invoicing
  • To send you transactional and service messages (for example, account notifications, receipts, password resets and important Service updates)
  • To send you marketing communications where you have consented or are otherwise permitted under the Spam Act (see section 6)
  • To provide customer support and respond to your enquiries
  • To monitor, diagnose and fix errors, crashes and performance issues
  • To understand how the Service is used and to improve and develop our products and features
  • To protect the security and integrity of the Service and to prevent fraud and misuse
  • To comply with our legal obligations and to enforce our terms

We only use personal information for the purpose we collected it for, for a related secondary purpose you would reasonably expect, or where you have consented or the law otherwise permits.

5.2 Who we share your information with (sub-processors and service providers)

We do not sell your personal information. We share personal information only with trusted third-party service providers ("sub-processors") who help us run the Service, and only to the extent they need it to perform their function. Each of these providers is required to handle personal information securely and consistently with this policy.

The sub-processors that may handle identifiable personal information are listed below. Some are only involved if you choose to connect an optional integration, as noted:

  • Stripe — payment processing
  • Xero — accounting sync (only if you connect your Xero account)
  • QuickBooks Online / Intuit — accounting sync (only if you connect your QuickBooks account)
  • Resend — sending transactional emails
  • Google Places — address autocomplete (address fragments are sent as you type)
  • Customer.io — lifecycle and marketing messaging
  • Chatwoot — sales and support chat
  • Sentry — error monitoring and diagnostics
  • Meta (Facebook) Pixel and Google Ads — advertising and conversion tracking on the marketing website only (see section 7)

We also use the following infrastructure providers for hosting only. These providers store data on our behalf but do not have feature-level access to your information:

  • DigitalOcean (Sydney, Australia) — application hosting
  • MongoDB Atlas (Sydney, Australia) — database hosting
  • Cloudflare — network, content delivery and security

We may also disclose personal information:

  • Where required or authorised by law, by a court or tribunal order, or to a government or regulatory authority;
  • To protect the rights, property or safety of Kelpie, our users or others; and
  • In connection with a sale, merger or restructure of our business, in which case we will require the recipient to protect your information consistently with this policy.

Some of these providers are located, or store data, outside Australia. See section 8 for details about overseas disclosure.

6. Marketing communications (consent and opt-out)

We may send you marketing communications — for example, product news, tips, offers and updates — by email. When we do, we comply with the Spam Act 2003 (Cth).

This means:

  • Consent: We will only send you marketing messages where you have consented to receive them, or where your consent can reasonably be inferred from your dealings with us (for example, because you are an existing customer and the message relates to our products). You can give or withdraw consent at any time.
  • Identification: Every marketing message we send will clearly identify Kelpie as the sender and include our contact details.
  • Unsubscribe: Every marketing message we send will contain a clear and functional unsubscribe option. You can opt out at any time by using the unsubscribe link in the message, or by emailing us at [email protected]. We will action your request promptly and, in any case, within the time required by law (within five business days). Once you unsubscribe, we will stop sending you marketing messages.

Please note that even if you opt out of marketing, we will still need to send you transactional and service-related messages (such as receipts, security alerts, password resets and essential Service notices), because these are necessary to provide the Service and are not marketing messages.

We use Customer.io for lifecycle and marketing messaging and Resend for transactional email.

7. Cookies and tracking technologies

We use cookies and similar tracking technologies on the Kelpie website and apps. Cookies are small text files placed on your device that help websites and apps function and that let us understand how the Service is used.

We use these technologies for the following purposes:

  • Essential / functional: to keep you signed in, remember your preferences, and make the Service work properly. The Service cannot function correctly without these.
  • Analytics and performance: to understand how people use the Service so we can improve it, and to diagnose errors and performance issues.
  • Advertising and conversion tracking (marketing website only): on our marketing website at kelpiehq.com, we use the Meta (Facebook) Pixel and Google Ads tags. These tools place cookies and collect information about your visit (such as pages viewed and actions taken) so that we can measure the effectiveness of our advertising, understand which campaigns lead people to sign up, and show relevant ads to people who have visited our site on platforms operated by Meta and Google.

These advertising and conversion-tracking technologies are used only on the public marketing website. We do not run the Meta Pixel or Google Ads tracking inside the signed-in Kelpie web or mobile application.

Information collected by the Meta Pixel and Google Ads is shared with Meta and Google and is handled under their own privacy policies. You can learn more and manage your preferences here:

How to control cookies and tracking:

  • You can manage or disable cookies through your browser settings. Note that blocking some cookies may affect how the Service works.
  • You can opt out of interest-based advertising through industry tools such as youronlinechoices.com.au and through your Google Ads settings at adssettings.google.com.
  • On mobile devices, you can use your operating system's privacy controls to limit ad tracking.

8. Overseas disclosure (APP 8)

We host your data in Australia. Our application and database hosting (via DigitalOcean and MongoDB Atlas) is located in the Sydney region.

However, some of the third-party service providers we use to operate the Service are located overseas, or may store or process personal information outside Australia. When we disclose personal information to an overseas recipient, we take reasonable steps to ensure they handle it consistently with the Australian Privacy Principles.

Based on the providers we currently use, personal information may be disclosed to or accessible by recipients in the following countries:

  • United States — Stripe, Resend, Customer.io, Sentry, Meta (Facebook) Pixel, Google Ads, Google Places, MongoDB Atlas (corporate operations and support), Cloudflare, and — where you connect them — Intuit (QuickBooks) and Xero (which hosts data in the United States)
  • New Zealand — Xero (Xero Limited is based in New Zealand), where you connect your Xero account
  • Other countries — Chatwoot and certain providers may process or provide support from other locations; Cloudflare operates a global network and may route or cache traffic through data centres in various countries.

The countries listed above reflect our providers at the effective date of this policy and may change over time as our providers evolve. By using the Service, you acknowledge that your personal information may be disclosed to recipients in these countries. Where required, we put in place contractual and other safeguards designed to protect your information when it is handled overseas.

If you would like more detail about where a particular provider stores or processes data, please contact us at [email protected].

9. Data retention and security

9.1 How long we keep your information

We keep personal information only for as long as we need it for the purposes described in this policy — for example, for as long as you have an account, and afterwards as needed to:

  • meet our legal, tax and accounting obligations;
  • resolve disputes and enforce our agreements; and
  • maintain business records.

When we no longer need personal information, we will take reasonable steps to destroy it or permanently de-identify it, as required by the Privacy Act.

For end-customer data that a trade business has entered into Kelpie (see section 3.2), the trade business controls how long that data is kept within their account. When a trade business closes their account, we will delete or de-identify their data in line with our standard processes and any legal retention obligations.

9.2 How we protect your information

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:

  • Hosting data in Australia (Sydney region);
  • Encrypting data in transit using TLS;
  • Access controls that limit who can access personal information;
  • Storing passwords only in hashed form;
  • Storing the access credentials for any third-party integration you connect (such as your accounting software) securely, and letting you revoke them at any time by disconnecting that integration; and
  • Using reputable infrastructure and service providers with their own security practices.

While we work hard to protect your information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a data breach that is likely to result in serious harm, we will respond in accordance with the Notifiable Data Breaches scheme under the Privacy Act, including notifying affected individuals and the OAIC where required.

10. Your rights — access and correction (APP 12 & APP 13)

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you (APP 12); and
  • Ask us to correct your personal information if it is inaccurate, out of date, incomplete, irrelevant or misleading (APP 13).

To make a request, contact us at [email protected]. We may need to verify your identity before we act on your request, to protect your information.

We will respond to your request within a reasonable period. In most cases there is no charge to access your information, although we may charge a reasonable fee to cover the cost of giving access in certain circumstances (we will tell you first). If we refuse to give access or to make a correction, we will tell you why in writing and explain how you can complain about that decision.

Important — end-customer data: If you are an end-customer of a trade business that uses Kelpie, and your request relates to the information that business has entered about you (see section 3.2), please contact that business directly. They are responsible for that information. If you contact us, we will, where appropriate, refer you to the relevant business or pass your request on to them.

You can also update much of your account information yourself at any time within the Service.

11. How to make a privacy complaint

If you believe we have breached the Australian Privacy Principles or otherwise mishandled your personal information, we want to hear from you and we will work to put it right.

Step 1 — Contact us

Please send your complaint to us at [email protected] with enough detail for us to investigate. We will acknowledge your complaint, investigate it, and respond to you in writing within a reasonable period (usually within 30 days).

Step 2 — Escalate to the OAIC

If you are not satisfied with our response, or you do not hear back from us within a reasonable time, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC), which is the regulator responsible for privacy in Australia:

Body
Office of the Australian Information Commissioner (OAIC)
Website
oaic.gov.au
Phone
1300 363 992
Post
GPO Box 5288, Sydney NSW 2001

12. Children's privacy

The Service is a business tool intended for use by trade businesses and their staff. It is not directed at, or intended for use by, anyone under the age of 18, and we do not knowingly collect personal information from anyone under 18.

If you believe that someone under 18 has provided us with personal information, please contact us at [email protected] and we will take reasonable steps to delete that information.

13. Changes to this policy

We may update this Privacy Policy from time to time — for example, to reflect changes to the Service, our sub-processors, or the law. When we make changes, we will update the "Last updated" date at the top of this policy and publish the updated version on our website at kelpiehq.com.

If we make significant changes, we will take reasonable steps to let you know, such as by notifying you through the Service or by email. We encourage you to review this policy periodically. Your continued use of the Service after an updated policy takes effect means you accept the updated policy.

Questions about this policy or how we handle your personal information? Email us any time at [email protected].