Privacy Policy

1. Who we are

Rules Mate is operated by SP Williams Holdings Pty Ltd (ACN 683 151 304) (“we”, “us”, “our”). Our website is https://rulesmate.com.au.

We are committed to compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we handle personal information.

2. What personal information we collect

We collect only the personal information necessary to operate and improve Rules Mate. Specifically:

• Email address — when you join the AI advisor waitlist or contact us
• Business profile — industry, entity type, state of operation (optional, for product personalisation)
• ABN data — only when you actively use the ABN lookup feature in the obligation finder; lookup results are not stored
• Technical data — IP address (hashed), browser type, pages visited, referring URLs (analytics + abuse prevention)
• Tool inputs — values you enter into our free tools are processed in-browser only and are not transmitted to our servers unless you choose to export

3. Why we collect it

• To provide the service — render relevant compliance information, generate calculator outputs
• To send service emails — waitlist notifications, product update communications you've opted into
• To improve the corpus — anonymous, aggregated usage patterns inform what we publish
• To prevent abuse — rate limiting, fraud detection

We do not sell personal information. We do not engage in cross-context behavioural advertising.

4. How we collect it

• Directly from you — when you join the waitlist, contact us, or use ABN lookup
• Automatically via cookies — see our cookies section below
• Indirectly via service providers — limited technical data via hosting and analytics providers

5. How we store and protect personal information

Personal information is stored with Supabase (PostgreSQL hosted in Australia) and Vercel (hosted in Sydney, Australia region). We apply industry-standard security controls including TLS in transit, encryption at rest, role-based access, and audit logging.

We retain personal information only as long as needed for the purpose collected. Waitlist emails are deleted on request and on unsubscribe.

6. Cookies and tracking

We use cookies sparingly:

• Essential — session, CSRF, preference cookies (no consent required under Australian Privacy Act)
• Analytics — aggregated, privacy-respecting analytics. You can opt out via the cookie banner.

We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking.

7. Overseas disclosure (APP 8)

Some service providers may process personal information outside Australia. Where this occurs, we take reasonable steps to ensure the recipient does not breach the APPs. Current overseas processors:

• Vercel (United States) — CDN edge nodes, build infrastructure (primary data hosting remains in Australia)
• Resend (United States) — transactional email delivery

8. Access, correction, and complaints (APP 12, 13, 1)

You can request access to or correction of your personal information at any time by emailing hello@rulesmate.com.au. We respond within 30 days. If you believe we have breached the APPs, please first raise your concern with us; we will investigate and respond within 30 days. If you are not satisfied, you can complain to the OAIC at oaic.gov.au.

9. Notifiable Data Breaches

We comply with the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act). If we suffer a data breach likely to result in serious harm, we will notify affected individuals and the OAIC as soon as practicable.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified via email to waitlist subscribers and posted on this page.