Last Updated: [Insert Date]
[Insert Company Legal Name] Pty Ltd (ABN [Insert ABN]), trading as “eVault” (“eVault”, “we”, “us”, or “our”), is committed to protecting your privacy. This Privacy Policy explains what personal information we collect through the eVault mobile application and our website at [Insert Website URL] (together, our “Services”), how and why we collect, use, store, and disclose that information, and the rights you have in relation to it, in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”).
By using our Services, you agree to the collection and use of your information as described in this Privacy Policy. This Privacy Policy should be read together with our Terms of Use.
Contents
- Information We Collect
- How We Collect Your Information
- Why We Collect and Use Your Information
- What Happens If You Don’t Provide Your Information
- Dealing With Us Anonymously
- AI Processing of Your Information
- Third Party Service Providers
- Data Storage and Security
- Overseas Disclosure of Information
- Disclosure for Legal Reasons
- Business Transfers
- Data Retention
- Your Rights
- Account Deletion
- Data Export
- Children’s Privacy
- Direct Marketing and Communications
- Push Notifications
- Cookies and Similar Technologies (Website)
- Third-Party Links
- Changes to This Privacy Policy
- Privacy Officer and Contact Us
1. Information We Collect
1.1 Information you provide directly:
name;
email address;
mobile phone number, used for account verification and SMS receipt import;
receipts and associated data, such as merchant name, purchase date, items, and amounts;
warranty information, including product details, warranty periods, and proof-of-purchase documents;
images and PDFs you upload, scan, email, or text to the App; and
any information you provide when contacting our support team.
1.2 Information collected automatically:
device information, including device type, operating system and version, unique device identifiers, IP address, and mobile network information;
analytics and usage information, including features used, session duration, crash reports, and diagnostic logs; and
approximate location inferred from your IP address or device settings, if enabled, used for purposes such as currency and date formatting.
1.3 Information from third parties:
if you sign in using Apple Sign In or Google Sign In, we receive your name, email address, and a unique identifier from that provider, as permitted by your settings with them; and
subscription and payment status, such as plan type, renewal date, and transaction identifiers, from RevenueCat, the Apple App Store, or the Google Play Store. We do not receive or store your full payment card details, which are handled directly by Apple, Google, or RevenueCat.
1.4 We do not intentionally collect sensitive information (as defined under the Privacy Act) unless it is incidentally contained within a receipt or document you choose to upload — for example, a pharmacy receipt that discloses a health-related purchase. We do not use such incidental information for any purpose other than providing the App’s core features to you.
2. How We Collect Your Information
2.1 We collect information when you create an account or update your profile; when you upload, scan, email, or text a receipt or document to the App; automatically, through analytics and diagnostic tools as you use the App; and from the third-party services described above, where you choose to use those integrations.
3. Why We Collect and Use Your Information
3.1 We collect and use your information to:
create and manage your account;
provide the App’s core features, including receipt storage, organisation, search, and warranty tracking;
process receipts and documents using OCR and AI tools to extract structured data, as described below;
enable email and SMS receipt import;
manage your subscription, process payments, and communicate with you about billing;
send service-related communications, including warranty expiry reminders and processing confirmations;
provide customer support and respond to your enquiries;
send marketing communications, where you have consented, which you may opt out of at any time;
monitor, maintain, and improve the App, including through aggregated and de-identified analytics;
detect, investigate, and prevent fraud, abuse, or security incidents; and
comply with our legal obligations, and establish, exercise, or defend our legal rights.
4. What Happens If You Don’t Provide Your Information
4.1 If you do not provide certain information, we may not be able to create your account or provide some features of the App. For example, we need an email address to create an account and send you receipt confirmations, and a mobile number if you wish to use SMS receipt import. Where information is optional, we will indicate this within the App.
5. Dealing With Us Anonymously
5.1 Where it is lawful and practicable to do so, you may interact with us anonymously or using a pseudonym, for example when making a general enquiry. However, because the App’s core functionality involves storing and organising your personal receipts and documents, we generally need to identify you through an account in order to provide the Service.
6. AI Processing of Your Information
6.1 When you upload or import a receipt or document, we use optical character recognition (“OCR”) technology, including Google’s OCR services, to extract text from the image or PDF, and artificial intelligence tools, including Google Gemini and Anthropic’s Claude models, to interpret, classify, and structure that text into data such as merchant name, date, amount, item list, and estimated warranty category.
6.2 Your receipt images and extracted text may be transmitted to these third-party OCR and AI providers for the sole purpose of processing your request. Under our agreements with these providers, your data is processed to deliver this functionality to you and is not used by the provider to train their general-purpose models, except where a provider’s standard terms otherwise apply and are disclosed to you.
6.3 AI-extracted data may not always be accurate. You can review, edit, and correct any extracted information within the App, and our Terms of Use contain a fuller accuracy disclaimer.
7. Third Party Service Providers
7.1 We share your information with the following categories of third-party service providers, each of which processes information under its own privacy policy and, where applicable, contractual data protection terms with us:
| Provider | Purpose | Information Involved |
| Google (Cloud OCR / Document AI) | Extracting text from receipt images and PDFs | Receipt images and extracted text |
| Google Gemini | AI-based classification and structuring of receipt data | Extracted receipt text and data |
| Amazon Web Services (AWS) | Cloud hosting and storage of App data and files | All information described in the Information We Collect section |
| Amazon Simple Email Service (SES) | Receiving and routing emails forwarded to your unique eVault import address | Forwarded email content and attachments |
| Twilio | Receiving and routing SMS/MMS messages sent to your eVault import number | Forwarded SMS/MMS content and attachments, mobile number |
| RevenueCat | Managing and validating in-app subscriptions and purchases | Subscription status, transaction identifiers, device identifiers |
| Apple Inc. (App Store, Apple Sign In, push notifications) | Payment processing, authentication and delivering notifications on iOS devices | Name and email (via Sign In), transaction data, device tokens |
| Google LLC (Google Play, Google Sign In, Firebase Cloud Messaging) | Payment processing, authentication and delivering notifications on Android devices | Name and email (via Sign In), transaction data, device tokens |
| Firebase Analytics | Understanding App usage so we can improve features | Device information and usage/analytics data |
7.2 We do not sell your personal information to third parties, and we do not share your identifiable receipt Content with third parties for their own marketing purposes.
8. Data Storage and Security
8.1 Your information is primarily stored on secure servers operated by Amazon Web Services. Where available, we use AWS’s Australian data centre region for primary storage; however, certain processing, such as AI/OCR analysis, email/SMS routing, authentication, and subscription validation, is carried out by the providers listed above, some of which store or process data outside Australia (see Overseas Disclosure of Information below).
8.2 We use administrative, technical, and physical safeguards designed to protect your information, including encryption of data in transit and at rest, access controls limiting staff access to personal information on a need-to-know basis, confidentiality obligations for our staff and contractors, and regular security reviews of our systems and key providers.
8.3 No method of electronic storage or transmission is completely secure. While we take reasonable steps to protect your information, we cannot guarantee its absolute security, and you provide information to us at your own risk.
8.4 If we become aware of a data breach that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).
9. Overseas Disclosure of Information
9.1 Some of the third-party providers listed above are based outside Australia, or store and process information on servers located outside Australia, primarily in the United States, where several of our key AI, hosting, and communications providers operate.
9.2 Before disclosing your information to an overseas recipient, we take reasonable steps, as required by Australian Privacy Principle 8, to ensure the recipient handles your information consistently with the APPs, including by relying on contractual data protection commitments with our providers where available.
9.3 By using the App, including features that rely on the providers listed above, you acknowledge that your information may be transferred to, and processed in, countries outside Australia that may have different data protection laws to Australia.
9.4 If you have concerns about overseas disclosure of your information, please contact our Privacy Officer using the details in the Privacy Officer and Contact Us section below.
10. Disclosure for Legal Reasons
10.1 We may disclose your information where we reasonably believe it is necessary to:
comply with a law, regulation, court order, or other legal process, or a request from a regulator or law enforcement body;
detect, prevent, or investigate fraud, security incidents, or misuse of the App; or
protect the rights, property, or safety of eVault, our users, or others.
11. Business Transfers
11.1 If eVault is involved in a merger, acquisition, restructure, or sale of all or part of its business or assets, your personal information may be disclosed or transferred to the parties involved in that transaction, and may continue to be held and used in accordance with this Privacy Policy, or a successor policy of which you will be notified.
12. Data Retention
12.1 We retain your account information and Content for as long as your account remains active, and for a reasonable period afterwards as described below.
12.2 If you delete your account, we will delete or de-identify your personal information and Content within [Insert Period, e.g. 30 days], except that we may retain: information required to comply with our legal, tax, or accounting obligations, such as billing records; information necessary to resolve disputes or enforce our agreements; and backup copies, which are deleted or overwritten in the ordinary course within [Insert Period, e.g. 90 days].
12.3 Emails and SMS/MMS messages forwarded for receipt import are retained only for as long as reasonably necessary to process them into a receipt record and to investigate any processing errors or abuse, after which the original message is deleted, generally within [Insert Period, e.g. 30 days].
12.4 We may retain de-identified or aggregated data derived from your information indefinitely for analytics and product improvement purposes, as this data does not identify you.
13. Your Rights
13.1 Subject to certain exceptions under the Privacy Act 1988 (Cth), you have the right to:
request access to the personal information we hold about you (APP 12);
request correction of personal information that you believe is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13);
ask us questions about how your information is collected, used, or disclosed; and
make a complaint if you believe we have breached the APPs or this Privacy Policy.
13.2 To exercise these rights, contact our Privacy Officer using the details below. We will not charge a fee for making a request, may need to verify your identity before actioning it, and will respond within a reasonable period, and in any event within 30 days.
13.3 If you make a complaint and are not satisfied with our response, you may refer it to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by phone on 1300 363 992.
14. Account Deletion
14.1 You may delete your account at any time via the “Delete Account” option in the App’s settings, or by emailing our support team at [Insert Support Email].
14.2 Deleting your account will remove your access to the App and initiate deletion of your personal information and Content in accordance with the Data Retention section above. This action cannot be undone, and any Content not exported beforehand may be permanently lost.
14.3 We recommend exporting your data, as described below, before deleting your account.
15. Data Export
15.1 You can export your receipts, warranty records, and associated data at any time via the export feature in the App’s settings, which allows you to download your Content, for example as a ZIP file of images and PDFs and a CSV or PDF summary of extracted data.
15.2 If you require your data in a different format, or need assistance with an export, contact us at [Insert Support Email].
16. Children’s Privacy
16.1 The App is not directed to, and we do not knowingly collect personal information from, children under 18. If we become aware that we have collected personal information from a child under 18 without appropriate consent, we will take reasonable steps to delete that information promptly. If you believe a child has provided us with personal information, please contact our Privacy Officer using the details below.
17. Direct Marketing and Communications
17.1 We may send you service-related communications, such as receipt processing confirmations, warranty expiry reminders, security alerts, and billing notices, which are necessary for the operation of your account and cannot be opted out of while you maintain an account, other than by adjusting notification settings as described below.
17.2 With your consent, we may also send you marketing communications about new features, offers, or promotions, by email, SMS, or push notification. You can opt out at any time by using the unsubscribe link in our emails, replying “STOP” to marketing SMS, adjusting your notification settings in the App, or contacting us at [Insert Support Email]. We comply with the Spam Act 2003 (Cth) in relation to commercial electronic messages.
18. Push Notifications
18.1 The App may send push notifications for purposes such as warranty expiry reminders and receipt processing confirmations, and, where you have opted in, promotional messages, using Apple Push Notification Service for iOS devices and Firebase Cloud Messaging for Android devices.
18.2 You can manage or disable push notifications at any time through your device settings or within the App’s notification preferences.
19. Cookies and Similar Technologies (Website)
19.1 If you visit our website at [Insert Website URL], we and our service providers may use cookies and similar tracking technologies to operate the website, remember your preferences, and understand how visitors use our site.
19.2 We may use:
essential cookies, necessary for the website to function;
analytics cookies, to understand website usage; and
marketing cookies, to measure the effectiveness of our advertising, only where you consent.
19.3 You can control or disable cookies through your browser settings, although disabling essential cookies may affect the functionality of our website. Where required, we will present a cookie consent banner allowing you to accept or decline non-essential cookies when you first visit our website.
20. Third-Party Links
20.1 Our website or the App may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies before providing them with any information.
21. Changes to This Privacy Policy
21.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the App’s features. We will notify you of material changes via the App, by email, or by posting the updated policy on our website with a revised “Last Updated” date. We encourage you to review this Privacy Policy periodically.
22. Privacy Officer and Contact Us
22.1 If you have questions, concerns, or complaints about this Privacy Policy or how we handle your personal information, please contact our Privacy Officer:
[Insert Privacy Officer Name/Title]
[Insert Company Legal Name] Pty Ltd, trading as eVault
Email: [Insert Privacy Email, e.g. privacy@evault.app]
Address: [Insert Business Address]
22.2 If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au or by phone on 1300 363 992.