Privacy Policy

Last updated: August 2025

1. Introduction

The Trustee for the Nuvora Trust (ABN: 42 497 822 402), with Corporate Trustee Nuvora Technology Pty Ltd (ACN: 688 957 351) ("Nuvora," "we," "our," or "us") is committed to safeguarding your privacy. This Privacy Policy describes how we collect, use, disclose, and protect personal information gathered through our website and SaaS platform at nuvora.technology ("the Platform").

This Policy aligns with Australia's Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable international standards, including the EU's General Data Protection Regulation (GDPR), where relevant.

By accessing or using the Platform, you agree to the practices described in this Policy.

2. Scope and Definitions

This Policy applies to all personal information collected by Nuvora through our platform.

"Personal information" refers to any data or information from which your identity can be reasonably ascertained.

3. Collection of Personal Information

Information You Provide Directly

We collect personal information that you voluntarily provide when registering for or using our Platform, including:

  • Name
  • Email address
  • Phone number
  • Organisation or company name
  • User profile information (login credentials, security questions)
  • Payment information for report purchases (processed securely by Stripe, our PCI DSS compliant payment processor - we do not store credit card details on our servers)

Information We Collect Automatically

We automatically gather information when you use our Platform, including:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited, date/time, and time spent
  • Usage patterns and user interaction data for analytics and improvement purposes

Information from Third Parties and Public Sources

We collect data from third-party regulatory authorities and public registers such as:

  • Australian Securities and Investments Commission (ASIC)
  • Queensland Building and Construction Commission (QBCC)
  • Other relevant regulatory bodies and commercial providers

This information is used primarily to generate our intelligence reports, compiling financial and compliance information about property developers and construction companies.

4. Purpose and Use of Your Information

We collect and process your personal information for the following purposes:

  • To provide, operate, and maintain our services effectively.
  • To verify user identity and manage your account securely.
  • To perform internal analytics, research, and improvement of our Platform and services.
  • To communicate with you regarding account management, technical support, and platform updates.
  • To process one-time payments for intelligence reports securely and reliably.
  • To identify and mitigate potential fraud, abuse, or security issues.
  • To comply with regulatory obligations and legal requirements.

Your information also helps us develop better information compilation tools, enhance data-driven insights, and enable informed investment research for our users.

5. Payment Processing and Financial Data

5.1 Stripe Payment Processing

We use Stripe, Inc. as our payment processor for all report purchases. When you make a payment:

  • Your payment information is processed directly by Stripe under their privacy policy
  • We receive transaction metadata (amount, date, status) but never your full credit card details
  • Stripe maintains PCI DSS Level 1 compliance for secure payment processing
  • Payment data is stored on Stripe's secure servers, not ours

5.2 Transaction Records

We retain transaction metadata including:

  • Transaction IDs and payment session identifiers
  • Report request IDs linked to payments
  • Purchase amounts and dates
  • Payment status and refund information

This information is retained for 7 years to comply with Australian tax and business record requirements.

5.3 Freemium Tracking

We track usage of our freemium offering (one free report per new user) to prevent abuse and ensure fair access to our services. This includes recording when and which reports were accessed under the freemium program.

6. Data Sharing and Disclosure

We may disclose your personal information in the following scenarios:

To Service Providers

We engage reputable third-party providers to deliver services such as data storage, analytics, customer support, and payment processing. These providers must comply with this Privacy Policy and relevant privacy laws, maintaining stringent confidentiality.

Legal and Regulatory Obligations

We may disclose your personal information when required by law, court order, regulatory authorities, or to enforce our Terms of Service.

Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, we may transfer personal information to new business owners, who will be bound by this Privacy Policy.

7. Data Security

7.1 Security Measures

We employ robust physical, electronic, and procedural safeguards to protect your data, including:

  • Encryption of data in transit and at rest using industry standards
  • Secure hosting platforms with ISO 27001 and SOC 2 compliance
  • Access controls limited to authorised personnel only
  • Regular security assessments and vulnerability testing
  • Secure API endpoints with authentication and rate limiting
  • Database-level security and row-level security policies

7.2 Payment Security

Payment processing is handled by Stripe with bank-level security:

  • PCI DSS Level 1 compliance (highest level of payment security)
  • Tokenization of payment data
  • 3D Secure authentication where required
  • Real-time fraud detection and prevention

7.3 Data Breach Response

Despite our rigorous measures, we cannot guarantee absolute security. In the event of a data breach, we will:

  • Notify affected users within 72 hours
  • Report to Australian authorities as required by law
  • Take immediate steps to contain and remediate the breach
  • Provide transparent communication about the incident

8. Data Retention

8.1 Retention Periods

We retain different types of data for varying periods based on legal and business requirements:

  • Account Data: While account is active + 7 years
  • Payment Records: 7 years (Australian tax compliance)
  • Transaction Metadata: 7 years (business records)
  • Report Data: Permanently (as business records)
  • Usage Analytics: 2 years
  • Support Communications: 3 years

8.2 Deletion and Anonymization

Upon account closure or upon request, we will:

  • Securely delete personal information where legally permissible
  • Anonymize data that must be retained for legal compliance
  • Maintain transaction records for tax and business purposes
  • Remove access credentials and personal identifiers

8.3 Legal Requirements

Some data must be retained for legal compliance including Australian tax law (7 years), anti-money laundering regulations, and dispute resolution purposes.

9. International Data Transfers

9.1 Data Locations

Your information may be transferred to and maintained on servers outside Australia, including:

  • United States: Stripe payment processing, Vercel hosting
  • Europe: Cloudflare R2 storage and CDN
  • Various regions: Railway infrastructure

9.2 Adequacy and Protection

We ensure your information receives adequate protection consistent with Australian privacy laws, the GDPR, and applicable international standards. Our service providers maintain appropriate security measures and comply with relevant privacy frameworks.

10. Your Rights and Accessing Your Data

You have the right to:

  • Request access to your personal information
  • Request correction of inaccurate or incomplete data
  • Request deletion or anonymisation of your data, subject to certain limitations (e.g., legal compliance obligations)
  • Withdraw your consent (where applicable)
  • Object to or restrict our processing of your personal information

To exercise these rights, contact us via the details provided below. We may require verification of your identity before processing your request.

11. Use of Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your user experience, gather analytic data, and improve Platform functionality. You can set your browser to refuse cookies or to alert you when cookies are being used. However, disabling cookies may limit your Platform functionality.

12. Children's Privacy

Our Platform is intended for users aged 18 or older. We do not knowingly collect personal information from minors. If we become aware of such collection, we will promptly delete that information.

13. Third-party Links and External Resources

Our Platform may contain links to third-party websites. We are not responsible for the privacy practices or content of external sites. Always review their privacy policies before providing any personal information.

14. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy periodically. Users will be notified of significant changes via email and/or a prominent notice on the Platform. Continued use after changes indicates your acceptance of the updated policy.

15. Contact Us and Complaints

If you have questions, concerns, or complaints about how your information is managed, please contact us:

The Trustee for the Nuvora Trust
ABN: 42 497 822 402
Corporate Trustee: Nuvora Technology Pty Ltd (ACN: 688 957 351)
Email: nuvora.io@gmail.com
Postal Address: PO Box 958, Coorparoo 4151 QLD

We aim to resolve issues swiftly and efficiently. If you're unsatisfied with our response, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au.

By using Nuvora, you acknowledge and accept the terms of this Privacy Policy.

Thank you for trusting Nuvora. We're committed to empowering your safer property investment decisions with transparency and accountability.

Return to Home