← Back to home

Privacy Policy

Last updated: 18 March 2026

Subsidly ("we", "us", "our") is committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Subsidly platform ("Service").

1. Information We Collect

1.1 Information You Provide

  • Account information: Name, email address, and password when you register.
  • Business profile: Business name, ABN, industry, location, revenue, employee count, business type, growth stage, and eligibility details (e.g., Indigenous ownership, GST registration, export status).
  • Contact details: Contact name, email, and phone number.
  • Payment information: Processed securely by Stripe. We do not store your credit card number, only your Stripe customer ID for subscription management.
  • AI interactions: Questions you ask the AI assistant and the responses generated.

1.2 Information Collected Automatically

  • Usage data: Pages visited, features used, grant searches, and interaction patterns.
  • Device information: Browser type, operating system, IP address, and device identifiers.
  • Cookies: We use essential cookies for authentication and session management. We do not use third-party advertising cookies.

2. How We Use Your Information

We use your personal information to:

  • Provide the Service: Match your business profile with relevant government grants, deliver AI-powered recommendations, and process grant applications.
  • Send notifications: Email alerts for new matching grants, deadline reminders, and weekly digests (configurable in your Settings).
  • Process payments: Manage your subscription through Stripe.
  • Improve the Service: Analyse usage patterns to improve grant matching accuracy, AI responses, and user experience.
  • Communicate with you: Send account-related emails, security alerts, and product updates.
  • Comply with the law: Meet our legal obligations under Australian law.

3. How We Share Your Information

We do not sell your personal information. We may share your information with:

  • Stripe: Payment processing. Stripe's privacy policy applies to payment data they collect.
  • SendGrid (Twilio): Email delivery for notifications and alerts.
  • Anthropic: AI service provider. Business profile data is sent to generate AI responses. Anthropic does not use this data to train their models.
  • Hosting providers: Railway (backend hosting) and Vercel (frontend hosting).
  • Law enforcement: When required by law, court order, or to protect the safety of our users.

All third-party providers are bound by their own privacy policies and data processing agreements. We do not share your data with advertisers or data brokers.

4. Data Storage & Security

  • Your data is stored on servers hosted by Railway (database) and Vercel (frontend), which may be located outside Australia.
  • Passwords are hashed using bcrypt and never stored in plain text.
  • All data in transit is encrypted via HTTPS/TLS.
  • Access to production systems is restricted to authorised personnel only.
  • We use JWT tokens for authentication with configurable expiry.

While we take reasonable steps to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Data Retention

  • Active accounts: We retain your data for as long as your account is active.
  • Deleted accounts: Upon account deletion, we will delete your personal data within 30 days, except where we are required by law to retain it.
  • AI interaction logs: Retained for up to 90 days to improve service quality, then deleted.
  • Payment records: Retained for 7 years as required by Australian taxation law.

6. Your Rights

Under the Australian Privacy Act 1988, you have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information (subject to legal retention requirements).
  • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.

To exercise any of these rights, contact us at support@subsidly.com.au. We will respond within 30 days.

7. Cookies

We use essential cookies only — for authentication (JWT token stored in localStorage) and session management. We do not use analytics cookies, tracking cookies, or third-party advertising cookies. You can clear cookies through your browser settings at any time.

8. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

10. Contact & Complaints

If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your personal information, please contact us:

Email: support@subsidly.com.au
Website: subsidly.com.au

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).