Privacy policy

This policy explains how Aqvero Marketing ("Aqvero", "we", "us", "our") handles personal information under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It applies to information collected through aqvero.com.au, the client portal, and any onboarding flow we operate.

Contact details — name, email address, business name, and any phone number you choose to share during onboarding.

Business context — information you provide in the onboarding form: current offer, target customer, lead sources, existing channels, what is working, what is not.

Payment information — handled directly by Stripe. We do not see or store your card number. We receive a customer ID, the last 4 digits of your card, billing country, and payment status.

Usage information — which pages of the portal you opened, what you approved, when you last signed in. We do not run third-party advertising trackers on the public site.

To deliver the subscription you reserved: build your diagnosis, offer, content, sequences, and reports; route approvals; send your weekly KPI report; respond to support requests.

To operate and improve the service: monitor system health, prevent fraud, comply with tax and regulatory obligations, send you account notices.

We do not sell personal information. We do not use your information to train any model owned by a third party.

Aqvero uses a small number of service providers that may process your personal information on our behalf:

• Stripe — payments and subscription billing. Hosted in the United States and Australia. See stripe.com/au/privacy.
• Mailgun — transactional email delivery from help@aqvero.com.au. Hosted in the United States. See mailgun.com/privacy-policy.
• Supabase — database and storage for client records and deliverables. Hosted in the United States. See supabase.com/privacy.
• Vercel — web hosting and application delivery. Hosted in the United States. See vercel.com/legal/privacy-policy.
• Ad and content platforms — where you ask us to manage your accounts on platforms such as Meta, Google, Instagram, TikTok, the platform's own privacy terms apply to data you have provided directly to them.

We disclose personal information to these providers only to the extent needed to deliver the service. We do not share personal information with any other third party except (a) with your consent, (b) where required by Australian law, or (c) to enforce our Terms of service.

Because of the providers listed above, some personal information is stored or processed outside Australia, primarily in the United States. By reserving a spot you consent to this transfer. Each provider above commits to privacy obligations broadly comparable to the Australian Privacy Principles.

We retain personal information for as long as your subscription is active. After cancellation, we keep core records (account, billing history, deliverables) for seven (7) years to meet Australian tax record-keeping requirements. You may request earlier deletion of information that is not legally required to be retained — see section 7.

Under the Australian Privacy Act you can request to:

• access the personal information we hold about you;
• correct anything you believe is inaccurate;
• request deletion of information we are not legally required to keep;
• withdraw consent for future processing (this may end your subscription if processing is essential to deliver the service).

Email help@aqvero.com.au and we will respond inside 30 days as required by the APPs.

The public site uses essential cookies only: session, authentication, and CSRF protection. We do not run third-party advertising or retargeting cookies on the public site. The portal uses a session cookie for sign-in.

We use commercially reasonable measures to protect personal information: TLS in transit, encrypted storage at rest with our providers, role-based access for our team, audit logging on sensitive actions, and daily database backups with 14-day retention. No system is perfectly secure; if a breach occurs that is likely to result in serious harm, we will notify you and the OAIC as required under the Notifiable Data Breaches scheme.

If you believe we have breached your privacy, email help@aqvero.com.au. We will acknowledge inside 5 business days and respond substantively inside 30 days. If you are not satisfied, you may escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

We may update this policy from time to time. Material changes will be notified by email to your portal contact and posted here at least 14 days before they take effect. The effective date at the top of this page reflects the most recent change.

Privacy questions, access requests, and complaints: help@aqvero.com.au.