Privacy Policy
1. Our Commitment
AndCap is committed to protecting your personal information. This Policy explains how we collect, use, store, and disclose your information when you use COMMAND and any other AndCap products. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
2. What We Collect
Information you provide: Name and email when you create an account; financial information you choose to enter (income, expenses, assets, liabilities, goals); payment information when you subscribe (processed via Stripe — we do not store card details); communications you send us.
Information collected automatically: Basic usage data; device and browser type; IP address and approximate location (country/region only).
What we do not collect: We do not collect sensitive health, racial, or biometric information. We do not track you across third-party websites. We do not collect data from social media without explicit consent.
3. How We Use Your Information
We use your information solely to: provide and improve our services; process subscription payments; send account-related communications; respond to support requests; and comply with Australian law.
We do not sell your personal information — ever. We do not use your financial data for advertising. We do not make automated decisions that significantly affect you.
4. How We Share Your Information
Service providers only:
- Supabase — database and authentication. Your data is stored on Supabase's secure infrastructure. Supabase does not use your data for their own purposes. supabase.com/privacy
- Stripe — payment processing. We share only what Stripe requires to process transactions. Stripe does not receive your financial data from COMMAND. stripe.com/privacy
- Netlify — web hosting. Netlify processes web traffic data as part of delivering the application. netlify.com/privacy
We may disclose your information if required by law, court order, or government authority. We do not share your information with any other third parties.
5. Data Storage and Security
Your data is stored on Supabase's infrastructure using AES-256 encryption at rest and TLS encryption in transit. Access is protected by authentication and isolated per user. No other user can access your data.
6. Data Breach Notification
In the event of a data breach likely to result in serious harm, AndCap will notify you by email as soon as practicable and notify the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme.
7. Your Rights
Under the Australian Privacy Principles, you have the right to access your data, correct inaccurate information, delete your account and data (within 30 days of request), export your financial data, and withdraw consent at any time by closing your account. Contact info@andcap.com.au to exercise any of these rights. We will respond within 30 days.
8. Cookies
Our services use minimal cookies required for authentication and session management only. We do not use advertising cookies, tracking pixels, or third-party analytics that share your data with external parties.
9. Children's Privacy
Our services are not directed at children under 18. If you believe a child has provided us with personal information, contact us at info@andcap.com.au and we will delete it promptly.
10. Complaints
If you believe we have breached the Australian Privacy Principles, contact us first at info@andcap.com.au. We will respond within 30 days. If unsatisfied, you may lodge a complaint with the OAIC: oaic.gov.au · 1300 363 992.
11. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated by email. Continued use after changes are published constitutes acceptance.
12. Contact
AndCap · info@andcap.com.au · andcap.com.au