Privacy policy
Last updated: April 2026
1. Who we are
Codeup Systems is operated by Kate Macdonald, a sole trader registered in Australia (ABN: 70 257 577 574), based in Bondi Junction, New South Wales. “We”, “us”, and “our” refers to Codeup Systems throughout this policy.
We provide a database quality service that assesses, cleans, and maintains data records held by businesses in their CRM, accounting, and job management systems.
Questions? Contact us at hello@codeupsystems.com.
2. What information we collect
Information you provide directly
- Name, company name, email address, phone number, and database size when you submit the waitlist form on our website.
- Any additional information you share with us by email or during onboarding.
Information accessed via your systems (clients only)
- Where you engage us as a client, we access records in your CRM, accounting software (such as Xero), or job management system via OAuth-authenticated API connection or CSV export you provide directly.
- This data is used solely to deliver the service. It is never used for any other purpose.
- Access is strictly limited to the scope you authorise. We never access commercial, financial, payroll, or fee data beyond what you explicitly grant.
3. How we use your information
- To respond to your waitlist registration and contact you about our service.
- To deliver the database assessment and data quality service you have engaged us for.
- To produce the assessment health report and proposed change plan for your review.
- To maintain activation logs during the 30-day revert window.
- To comply with legal obligations.
We do not use your data for advertising. We do not sell your data to third parties. We do not use your data to train AI models.
4. How we store and protect your data
Waitlist and contact information is stored in Supabase, our cloud database provider. This data is retained while you are on the waitlist or an active client, and deleted within 30 days of a written deletion request.
Client database records are handled as follows:
- All data is transmitted over encrypted connections (TLS 1.2 or higher) at all times.
- Document content (CVs, invoices, compliance certificates) is processed in memory during the assessment and is not written to permanent storage.
- Activation logs recording which changes were proposed, approved, and executed are stored in Supabase for 30 days from the date of activation to support the revert window. They are permanently deleted at day 30.
- No full copies of your database are retained at any point. We store only the activation log, not the underlying records.
Supabase provides AES-256 encryption at rest, TLS encryption in transit, and SOC 2 Type II compliance.
5. AI processing
Our extraction engine uses the Anthropic API to process document content during the assessment. Anthropic’s enterprise data handling policy prohibits using API inputs for model training. Data submitted via the Anthropic API is not retained by Anthropic beyond the duration of the API call. All data is transmitted over encrypted connections.
6. Third party services
- Formspree — receives waitlist form submissions. Formspree may set session cookies on our website for form functionality.
- Cloudflare — hosts our website and provides security services. Cloudflare sets technical cookies required for site security and performance.
- Google Analytics — provides anonymous usage statistics for our website. Only loads if you accept analytics cookies via our consent banner. IP addresses are anonymised before reaching Google. See Google’s Privacy Policy.
- Anthropic API — powers our document extraction engine. No client data is retained beyond each API call.
- Supabase — our database and infrastructure provider.
- Stripe — processes payments. We do not store payment card details. Stripe handles all payment data under PCI-DSS compliance.
7. Cookies and analytics
Our website uses two categories of cookies:
- Essential cookies set by Cloudflare (for site security and performance) and Formspree (for form submission functionality). These are required for the site to function.
- Analytics cookies set by Google Analytics, but only if you accept them via the cookie consent banner that appears on your first visit. Google Analytics helps us understand anonymously how visitors find and use our website (pages viewed, approximate location, device type). Your IP address is anonymised before it reaches Google, and we do not use any features that identify individuals or track you across other websites.
If you decline analytics cookies, no Google Analytics scripts are loaded and nothing is tracked. You can change your mind at any time by clearing your browser storage for our site, which will show the consent banner again on your next visit.
We do not use advertising cookies, retargeting pixels, or any tracking that follows you to other websites. We will never sell your browsing data.
8. Data breach notification
We comply with the Australian Notifiable Data Breaches scheme under the Privacy Act 1988. If an eligible data breach occurs that is likely to cause serious harm to any affected individual, we will notify both the affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable and within 30 days of becoming aware of the breach.
9. Your rights under Australian privacy law
Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the right to:
- Request access to the personal information we hold about you.
- Request correction of inaccurate or outdated information.
- Request deletion of your personal information, subject to any legal obligations to retain it.
- Make a complaint about how we have handled your information.
Contact us at hello@codeupsystems.com to exercise any of these rights. We will respond within 30 days, or notify you if we require an extension under the Act.
If you are unsatisfied with our response, you may lodge a complaint with the OAIC at oaic.gov.au.
10. Changes to this policy
We may update this policy from time to time. We will update the “Last updated” date at the top of this page and notify existing clients by email of any material changes.
11. Contact
Codeup Systems
Bondi Junction, New South Wales, Australia
hello@codeupsystems.com