Privacy Policy

Last Updated: January 31, 2026

                Quick Summary: We collect and use your data to provide and improve our services. We don't sell your personal information. You have rights over your data. Read below for full details.
            

1. Information We Collect

1.1 Information You Provide

When you use Punchlist, you may provide us with:

Account Information: Name, email address, phone number, company name
Business Data: Customer information, leads, quotes, invoices, payments
Communications: Messages you send to us, support requests
Payment Information: Billing address, payment method details (processed by third-party payment processors)

1.2 Automatically Collected Information

Usage Data: Features used, pages visited, time spent, actions taken
Device Information: IP address, browser type, operating system, device identifiers
Cookies and Tracking: We use cookies and similar technologies (see Cookie Policy below)
Performance Data: Error logs, crash reports, performance metrics

2. How We Use Your Information

We use your information for the following purposes:

Provide Services: To operate and deliver the Punchlist platform and features
Improve Services: To analyze usage, develop new features, and enhance user experience
Communication: To send service updates, security alerts, and support messages
Marketing: To send promotional content (with your consent, opt-out anytime)
Security: To detect fraud, prevent abuse, and ensure platform security
Compliance: To comply with legal obligations and enforce our Terms of Service
Analytics: To understand user behavior and improve our product
AI and Machine Learning: To train models, provide insights, and improve automation features

                Note: We may use anonymized and aggregated data to improve our services, develop new features, and generate industry insights. Your individual business data remains confidential and is never shared in identifiable form.
            

3. Data Sharing and Disclosure

3.1 We Share Your Data With:

Service Providers: Third-party vendors who help us operate (hosting, analytics, email, payment processing)
Business Partners: With your consent, for integrated features or services
Legal Requirements: When required by law, court order, or government request
Business Transfers: In connection with merger, acquisition, or sale of assets
Protection: To protect our rights, property, or safety, and that of our users

3.2 We Do NOT:

Sell your personal information to third parties for their marketing purposes
Share your customer data with competitors

4. Data Retention

We retain your information for as long as necessary to provide services and fulfill the purposes outlined in this policy:

Account Data: Until you delete your account, plus 30 days for backup purposes
Business Data: For the duration of your subscription plus 30 days. You are responsible for exporting any data required for your own tax and accounting records before account deletion
Usage Data: Anonymized and aggregated analytics data may be retained indefinitely
Marketing Data: Until you opt-out or 3 years of inactivity

5. Your Rights and Choices

Depending on your location, you may have the following rights:

Access: Request a copy of your personal data
Correction: Update inaccurate or incomplete information
Deletion: Request deletion of your data (subject to legal requirements)
Portability: Receive your data in a machine-readable format
Opt-Out: Unsubscribe from marketing communications
Object: Object to processing based on legitimate interests
Withdraw Consent: Revoke consent for specific processing

To exercise these rights, contact us at [email protected]

6. Cookies and Tracking Technologies

We use the following types of cookies:

Necessary Cookies: Required for the platform to function (cannot be disabled)
Analytics Cookies: Help us understand how users interact with our service (Google Analytics, Hotjar)
Marketing Cookies: Track conversions and show relevant ads (Facebook Pixel, LinkedIn Insight Tag)

You can manage cookie preferences using our cookie banner or your browser settings.

7. Data Security

We implement industry-standard security measures:

TLS/SSL encryption for data in transit
Encryption at rest for sensitive data
Regular security audits and penetration testing
Access controls and authentication
Employee security training
Incident response procedures

However, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure adequate safeguards are in place, including:

Standard Contractual Clauses (SCCs)
Privacy Shield frameworks (where applicable)
Data processing agreements with vendors

9. Children's Privacy

Punchlist is a business tool not intended for users under 18 years of age. We do not knowingly collect information from minors. If you believe we have inadvertently collected such information, contact us immediately.

10. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

Our legal basis for processing: Contract performance, legitimate interests, consent
Data Protection Officer contact: [email protected]
Right to lodge a complaint with your local supervisory authority
Right to object to automated decision-making

11. CCPA Compliance (California Users)

California residents have the right to:

Know what personal information is collected, used, shared, or sold
Delete personal information held by us
Opt-out of sale of personal information (we don't sell your data)
Non-discrimination for exercising CCPA rights

12. Australian Privacy Principles (Australian Users)

If you are in Australia, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You have additional rights including:

Access to your personal information upon request
Correction of inaccurate personal information
Anonymity or use of a pseudonym where practicable
Right to complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs

We will respond to access requests within 30 days. To make a request, contact us at [email protected]

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Email notification to your registered address
Prominent notice on our platform
Updating the "Last Updated" date

Continued use of our service after changes constitutes acceptance of the updated policy.

14. Contact Us

Data Protection Inquiries:

Email: [email protected]

Company: Software Deck Ltd

Postal Address: 11 Drovers Street, Upper Kedron 4055, Brisbane, QLD

This privacy policy is legally binding. By using Punchlist, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.