Last updated: 01 December 2025
Effective date: 01 December 2025
#Summary
SpectAura is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your personal information when you use our platform.
What we collect:
- Account information (name, email, company)
- Usage data (filters applied, exports created)
- Technical information (IP address, browser type)
- Payment details (processed by Stripe)
How we use it:
- Provide and improve our service
- Process subscriptions and payments
- Send service updates and support communications
- Analyse platform usage to enhance features
Your rights:
- Access your personal information
- Request corrections or deletion
- Opt out of marketing communications
- Lodge a complaint with the OAIC
Questions? Contact us at privacy@spectaura.com.au
#1. About This Policy
1.1 Who We Are
SpectAura is operated by ABN 35 569 346 045, registered in Australia. We provide a B2B SaaS platform that enables RF engineers and telecommunications professionals to search, visualise, and analyse ACMA Register of Radiocommunications Licences (RRL) data.
Contact details:
- Email: hello@spectaura.com.au
- Privacy enquiries: privacy@spectaura.com.au
- Website: app.spectaura.com.au
1.2 Scope of This Policy
This Privacy Policy applies to all personal information collected through:
- The SpectAura web application (spectaura.com.au)
- Our public API endpoints
- Email communications and customer support
- Marketing and promotional activities
This policy complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1.3 What Is Personal Information?
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. This includes your name, email address, company details, and usage patterns that can be linked to you.
#2. Information We Collect
2.1 Information You Provide
Account registration:
- Full name
- Email address
- Company name
- Username
- Password (stored encrypted)
Optional profile information:
- Avatar/profile image
- Job title or role
- Phone number
Payment and billing:
- Billing name and address
- Payment card details (collected and stored by Stripe, not by us)
- ABN or business registration details for invoicing
Communications:
- Contact form submissions
- Support ticket content
- Email correspondence
- Feedback and survey responses
2.2 Information We Collect Automatically
Usage data:
- Search queries and filter parameters
- Data exports (entity types, record counts, timestamps)
- Features accessed and frequency of use
- API requests and endpoint usage
- User project and watchlist activity
- Saved searches and notification subscriptions
Technical information:
- IP address
- Browser type and version
- Device type and operating system
- Referring website
- Pages visited and time spent
- Session duration and timestamps
Cookies and similar technologies: We use cookies and local storage to maintain your session, remember preferences, and analyse platform usage. See Section 9 for details.
2.3 Information From Third Parties
Authentication providers: If you sign in using Google, GitHub, or Apple, we receive:
- Name
- Email address
- Profile picture (optional)
- Account verification status
Payment processor (Stripe):
- Payment confirmation and receipt data
- Subscription status and billing cycle
- Payment method type (not full card details)
Email service provider (Resend):
- Email delivery status
- Open and click tracking (if enabled)
- Bounce and complaint reports
2.4 Information We Do Not Collect
- Government-issued ID numbers (except ABN for business invoicing)
- Sensitive information as defined by APP 3 (health, biometric, criminal records)
- Credit card details (handled exclusively by Stripe)
- Personal location tracking via GPS or device sensors
ACMA data note: SpectAura displays publicly available ACMA RRL data. We do not collect or store natural person licensee details from this dataset. Individual (non-business) licensee names, addresses, and contact details are redacted in accordance with privacy best practices.
#3. How We Use Your Information
3.1 Primary Purposes
We use your personal information to:
Provide our service:
- Create and manage your account
- Authenticate your access
- Process your searches and data requests
- Generate exports and deliver results
- Enable map visualisation and filtering
- Manage saved searches, projects, and watchlists
- Provide API access and keys
Process payments:
- Handle subscription billing
- Issue invoices and receipts
- Manage upgrades, downgrades, and cancellations
- Process refunds where applicable
Customer support:
- Respond to enquiries and support tickets
- Troubleshoot technical issues
- Provide product assistance and guidance
Platform improvement:
- Analyse usage patterns to enhance features
- Identify and fix bugs or performance issues
- Develop new functionality based on user needs
- Conduct internal research and analytics
Legal and security:
- Prevent fraud and unauthorised access
- Enforce our Terms of Service
- Comply with legal obligations
- Protect our rights and the rights of other users
3.2 Secondary Purposes
With your consent or where permitted by law, we may use your information to:
Marketing communications:
- Send product updates and feature announcements
- Share industry insights and educational content
- Notify you of special offers or promotions
- Invite participation in surveys or beta programs
You can opt out of marketing emails at any time via the unsubscribe link in each message. Service-related emails (password resets, billing notices, security alerts) cannot be opted out of while you maintain an account.
3.3 Direct Marketing
We may send you direct marketing communications if:
- You have consented (e.g., ticking a box during registration)
- You would reasonably expect to receive marketing from us
- We provide a simple opt-out method in every communication
We will never sell your email address to third parties for their marketing purposes.
#4. How We Share Your Information
4.1 Service Providers
We share personal information with trusted third-party service providers who assist us in operating SpectAura:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database hosting, authentication | Account data, usage logs, session tokens | United States (AWS) |
| Vercel | Application hosting, serverless functions | Request data, IP addresses, session info | Global CDN |
| Stripe | Payment processing, subscription management | Billing details, payment methods, receipts | United States / Australia |
| Resend | Transactional email delivery | Email addresses, message content | United States |
| Upstash | Rate limiting, session caching | API usage counters, IP addresses | Global (Redis) |
| Mapbox | Map tile rendering, geolocation services | Map viewport coordinates, zoom levels | United States |
| Sentry | Error monitoring, performance tracking | Error logs, stack traces, user context | United States |
All service providers are bound by confidentiality obligations and are prohibited from using your personal information for their own purposes.
4.2 Business Transfers
If SpectAura is acquired, merged, or undergoes a business restructure, your personal information may be transferred to the new entity. We will notify you via email and/or a prominent notice on our website at least 30 days before such a transfer, and the new entity will be bound by this Privacy Policy.
4.3 Legal Requirements
We may disclose your personal information if required or permitted by law, including:
- In response to a subpoena, court order, or legal process
- To protect our legal rights or defend against claims
- To prevent fraud, security threats, or illegal activity
- To comply with ACMA regulations or telecommunications laws
- Where disclosure is necessary to prevent serious harm
4.4 Aggregated and De-identified Data
We may share aggregated or de-identified data that cannot reasonably be used to identify you, such as:
- Platform usage statistics (e.g., "10,000 licence searches per month")
- Industry trends and analytics
- Public benchmarks and research findings
#5. Cross-Border Data Transfers
5.1 International Data Storage
SpectAura uses cloud infrastructure providers based primarily in the United States and other jurisdictions outside Australia. Your personal information may be stored and processed in:
- United States (Supabase/AWS, Vercel, Stripe, Resend, Sentry)
- European Union (Upstash, Mapbox CDN nodes)
- Singapore (AWS Asia-Pacific regions)
5.2 Protections for Overseas Transfers
We take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the APPs, including:
- Contractual clauses requiring APP-equivalent protections
- Service providers certified under recognised privacy frameworks (e.g., Privacy Shield successors, GDPR compliance)
- Encryption in transit and at rest
- Regular security audits and compliance reviews
Important: Under APP 8.1, where we disclose your personal information to overseas recipients, you may not be able to seek redress under the Privacy Act, and we may not be accountable under the Privacy Act for their handling of that information. However, we select service providers with strong privacy practices and contractual safeguards.
#6. Data Security
6.1 Security Measures
We implement industry-standard security measures to protect your personal information:
Technical safeguards:
- TLS/SSL encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Secure password hashing (bcrypt)
- Multi-factor authentication (MFA) available
- Rate limiting and DDoS protection
- Regular security patches and updates
Organisational safeguards:
- Access controls and role-based permissions
- Staff training on data protection
- Incident response procedures
- Regular security audits and penetration testing
- Vendor security assessments
Infrastructure safeguards:
- Redundant backups (encrypted, geographically distributed)
- Firewalls and intrusion detection systems
- Secure API authentication (JWT tokens, API keys)
- Session timeout and automatic logout
6.2 Data Breach Response
In the event of a data breach involving personal information that is likely to result in serious harm, we will:
- Notify affected individuals as soon as practicable
- Report the breach to the Office of the Australian Information Commissioner (OAIC)
- Provide guidance on steps to mitigate potential harm
- Conduct a thorough investigation and implement corrective measures
You will be notified via email at the address associated with your account.
6.3 Your Responsibilities
To protect your account:
- Use a strong, unique password
- Enable multi-factor authentication (MFA)
- Do not share your login credentials
- Log out after using shared devices
- Report suspicious activity immediately
#7. Data Retention
7.1 Retention Periods
We retain your personal information only as long as necessary for the purposes outlined in this policy or as required by law:
| Data Type | Retention Period | Reason |
|---|---|---|
| Active account data | Duration of account + 90 days | Provide service, resolve disputes |
| Deleted account data | 90 days after deletion request | Allow recovery, audit trail |
| Payment and billing records | 7 years after last transaction | Australian tax law (ATO requirements) |
| Support communications | 3 years after case closure | Quality assurance, legal defence |
| Usage logs and analytics | 2 years | Platform improvement, security monitoring |
| Marketing consent records | Duration of consent + 3 years | Compliance proof, opt-out requests |
| Legal holds | Until matter resolved | Litigation, investigation, regulatory requests |
7.2 Deletion and Anonymisation
After retention periods expire:
- Personal information is securely deleted or anonymised
- Backups containing personal information are overwritten within 90 days
- De-identified data may be retained indefinitely for research and analytics
You may request earlier deletion subject to legal obligations (see Section 8.4).
#8. Your Rights
8.1 Access Your Information (APP 12)
You have the right to request access to the personal information we hold about you. We will provide this within 30 days of your request, unless an exception applies (e.g., providing access would unreasonably impact others' privacy).
How to request:
- Email privacy@spectaura.com.au with subject "Access Request"
- Include your full name and email address associated with your account
- Specify what information you'd like to access
Self-service access: You can view and download most of your personal information directly from your Account Settings page while logged in.
8.2 Correct Your Information (APP 13)
You have the right to request correction of inaccurate, out-of-date, incomplete, or misleading personal information.
How to request:
- Email privacy@spectaura.com.au with subject "Correction Request"
- Specify what information is incorrect and provide the correct details
Self-service correction: You can update your name, company, email, username, and avatar directly from your Account Settings page.
If we refuse to correct information, we will provide you with written reasons and information about how to complain about the refusal.
8.3 Restrict Processing
You may request that we stop using your personal information for certain purposes, such as:
- Direct marketing (opt out via email unsubscribe link)
- Analytics and product improvement (contact privacy@spectaura.com.au)
Note: We cannot restrict processing required to provide core service functionality or comply with legal obligations.
8.4 Delete Your Information
You have the right to request deletion of your personal information, subject to legal retention requirements.
How to request:
- Log in to your account and visit Account Settings > Delete Account
- Or email privacy@spectaura.com.au with subject "Deletion Request"
What happens when you delete your account:
- Your profile and account data are immediately deactivated
- Data is permanently deleted within 90 days
- Billing records are retained for 7 years (tax law requirement)
- De-identified usage data may be retained for analytics
Exceptions: We may refuse deletion where we are required or permitted by law to retain the information (e.g., ongoing legal matter, fraud prevention).
8.5 Data Portability
You may request a copy of your personal information in a structured, commonly used format (JSON or CSV).
How to request:
- Email privacy@spectaura.com.au with subject "Data Portability Request"
- We will provide your data within 30 days
Self-service export: You can export your saved searches, projects, and usage history from the Account Settings > Export Data page.
8.6 Opt Out of Marketing
You can opt out of marketing communications at any time:
- Click "Unsubscribe" at the bottom of any marketing email
- Adjust preferences in Account Settings > Email Preferences
- Email privacy@spectaura.com.au with subject "Unsubscribe"
You will still receive essential service communications (password resets, billing notices, security alerts).
8.7 Lodge a Complaint
If you believe we have breached the Australian Privacy Principles:
Step 1 - Contact us:
- Email privacy@spectaura.com.au with subject "Privacy Complaint"
- Provide details of the alleged breach and your preferred resolution
- We will acknowledge your complaint within 7 days
Step 2 - Investigation:
- We will investigate and respond within 30 days
- If we need more time, we will notify you and provide an expected resolution date
Step 3 - External review: If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
OAIC Contact:
- Website: oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au
- Post: GPO Box 5218, Sydney NSW 2001
#9. Cookies and Tracking Technologies
9.1 What Are Cookies?
Cookies are small text files stored on your device by your web browser. We use cookies and similar technologies (local storage, session storage) to maintain your session, remember preferences, and analyse usage.
9.2 Types of Cookies We Use
| Type | Purpose | Duration | Can Opt Out? |
|---|---|---|---|
| Essential | Authentication, session management, security | Session / 30 days | No (required for service) |
| Functional | Remember preferences (theme, filters, map view) | 1 year | Yes (via browser settings) |
| Analytics | Understand usage patterns, improve features | 2 years | Yes (see below) |
| Performance | Monitor errors, page load times (Sentry) | Session | Yes (via browser settings) |
9.3 Third-Party Cookies
Some third-party services may set cookies:
- Stripe: Payment processing and fraud prevention
- Mapbox: Map rendering and tile caching
- Sentry: Error tracking and performance monitoring
These providers have their own privacy policies and cookie practices.
9.4 How to Manage Cookies
Browser settings: Most browsers allow you to refuse cookies or delete existing cookies:
- Chrome: Settings > Privacy and security > Cookies
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Cookies and website data
- Edge: Settings > Cookies and site permissions
Impact of blocking cookies:
- You may need to log in more frequently
- Preferences (theme, filters) will not be saved
- Some features may not function properly
Analytics opt-out: We do not currently use Google Analytics or similar third-party analytics. Our internal analytics use anonymised usage data. To opt out of all analytics, email privacy@spectaura.com.au.
9.5 Do Not Track
We respect Do Not Track (DNT) browser signals. If your browser sends a DNT signal, we will not use your data for analytics or marketing purposes beyond essential service functionality.
#10. Children's Privacy
SpectAura is a B2B platform designed for professional use. We do not knowingly collect personal information from individuals under 18 years of age.
If you are under 18, do not:
- Create an account
- Provide any personal information
- Use our services
If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information as soon as practicable.
Parents or guardians who believe their child has provided personal information to SpectAura should contact privacy@spectaura.com.au.
#11. Changes to This Policy
11.1 Policy Updates
We may update this Privacy Policy from time to time to reflect:
- Changes to our practices
- New features or services
- Legal or regulatory requirements
- User feedback
11.2 How We Notify You
Material changes: If we make material changes that significantly affect your rights or how we use your personal information, we will:
- Email you at least 30 days before the changes take effect
- Display a prominent notice on our website
- Request your consent where required by law
Minor changes: For minor updates (clarifications, formatting, contact details), we will:
- Update the "Last updated" date at the top of this policy
- Publish the updated policy on our website
11.3 Your Acceptance
By continuing to use SpectAura after a policy update takes effect, you accept the revised Privacy Policy. If you do not agree to the changes, you should stop using our service and request deletion of your account.
#12. Contact Us
12.1 Privacy Enquiries
For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:
Email: privacy@spectaura.com.au Subject line: [Access Request / Correction Request / Deletion Request / Privacy Complaint / General Enquiry]
Business: ABN 35 569 346 045
12.2 Response Times
- General enquiries: 7 business days
- Access/correction requests: 30 days
- Complaints: Acknowledgment within 7 days, resolution within 30 days
#13. Glossary
Australian Privacy Principles (APPs): The 13 principles in the Privacy Act 1988 that regulate how organisations collect, use, and disclose personal information.
De-identified data: Data that has been modified so that individuals cannot reasonably be identified from it.
Direct marketing: Communication promoting goods or services directly to an individual.
OAIC: Office of the Australian Information Commissioner, the independent authority responsible for privacy protection in Australia.
Personal information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable.
Privacy Act 1988 (Cth): The Australian federal law that regulates the handling of personal information.
Sensitive information: A subset of personal information including health, biometric, genetic, racial/ethnic origin, political opinions, religious beliefs, sexual orientation, and criminal records.
#14. Appendix: Data Mapping
14.1 Personal Information Flow
Collection → Storage → Use → Disclosure → Deletion
- You provide account details during registration
- Supabase stores encrypted data in US-based AWS servers
- We use data to authenticate access and provide service features
- We share with Stripe (payments), Resend (emails), Sentry (errors)
- We delete upon account deletion request (90-day grace period, 7-year billing retention)
14.2 Legal Bases (APP Compliance)
| Activity | APP | Legal Basis |
|---|---|---|
| Collect name, email | APP 3 | Necessary for service provision |
| Use for account management | APP 6 | Primary purpose of collection |
| Share with Stripe for billing | APP 6 | Reasonably expected related purpose |
| Marketing emails | APP 7 | Consent (with opt-out) |
| International transfers | APP 8 | Contractual safeguards with service providers |
| Analytics and improvement | APP 6 | Reasonably expected related purpose |
| Legal compliance | APP 6 | Required by law |
End of Privacy Policy
This policy is designed to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. It is not legal advice. For specific privacy obligations or concerns, consult a qualified legal professional.
We are committed to transparency and continuous improvement. If you have suggestions for how we can better protect your privacy, please contact privacy@spectaura.com.au.