SiteStream SiteStream ← Back to Home

Privacy Policy

SiteStream Pty Ltd

ABN: [To be added]

Last Updated: 5 January 2026

1. Introduction & Commitment to Privacy

SiteStream Pty Ltd ("SiteStream", "we", "us", or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the SiteStream mobile application and services (collectively, the "Service").

We are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and are committed to ensuring that all personal information we collect is handled in accordance with Australian privacy law.

By using the Service, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

2. Australian Privacy Principles Compliance

SiteStream complies with the 13 Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth), including:

  • APP 1: Open and transparent management of personal information
  • APP 2: Anonymity and pseudonymity where practicable
  • APP 3: Collection of solicited personal information
  • APP 5: Notification of collection of personal information
  • APP 6: Use or disclosure of personal information
  • APP 8: Cross-border disclosure of personal information
  • APP 11: Security of personal information
  • APP 12: Access to personal information
  • APP 13: Correction of personal information

3. Information We Collect

3.1 Personal Information You Provide

  • Account Information: Full name, email address, mobile phone number, password, company name, role (contractor or engineer), and profile photo
  • Profile Information: Business details, ABN, company address, bank account details (for invoicing), hourly rates, and professional credentials
  • Project Information: Project names, descriptions, locations, team member details, and project-related communications
  • RFI Data: Request for Information content, descriptions, urgency levels, responses, comments, and status updates
  • Invoice Information: Client details, billing information, payment terms, amounts, and invoice-related documents
  • Uploaded Content: Photos, documents, drawings, specifications, and other files you upload

3.2 Automatically Collected Information

  • Device Information: Device type, operating system, unique device identifiers, and mobile network information
  • Usage Data: Features accessed, pages viewed, time spent on features, and navigation paths
  • Location Data: IP address and approximate location (if you grant permission)
  • Log Data: Access times, error logs, performance data, and crash reports

3.3 Information from Third Parties

  • Authentication providers (for sign-in services)
  • Payment processors (for billing and payment processing)
  • Project team members who invite you to join a project

4. How We Use Your Information

4.1 Service Provision

  • Provide, operate, and maintain the Service
  • Create and manage your account
  • Process transactions and send invoices
  • Enable project collaboration and team features
  • Facilitate RFI creation, management, and communications

4.2 Communication

  • Send service-related notifications and updates
  • Notify you of new RFIs, responses, and project updates
  • Respond to your inquiries and support requests

4.3 Improvement & Personalization

  • Improve and optimize the Service
  • Personalize your experience
  • Develop new features and functionality
  • Train and improve AI features

4.4 Security & Compliance

  • Protect against fraud, unauthorized access, and security threats
  • Enforce our Terms of Service
  • Comply with legal obligations and regulatory requirements

5. Third-Party Services

We use trusted third-party service providers to help us operate the Service:

  • Supabase: Database hosting, authentication, and backend infrastructure
  • Cloud Storage Providers: Secure storage of documents, photos, and files
  • AI Providers: OpenAI, Google (Gemini), and Anthropic (Claude) for AI-powered features
  • Payment Processors: Stripe and Apple for secure payment processing
  • Email Service Providers: Resend for transactional emails and notifications

We recommend reviewing the privacy policies of these third-party services:

6. Artificial Intelligence & Data Processing

To provide enhanced features and functionality, SiteStream uses artificial intelligence services from third-party providers including OpenAI, Google (Gemini), and Anthropic (Claude).

6.1 How AI Features Work

When you use AI-powered features (such as AI-assisted RFI suggestions, content generation, or smart insights):

  • Relevant data from your input may be sent to AI providers for processing
  • We minimize the personal data shared with AI providers
  • We implement anonymization and data minimization techniques where possible

6.2 Data Sent to AI Providers

Data that may be sent to AI providers includes:

  • RFI content and descriptions (when using AI assistance)
  • Project context and related information
  • User inputs and queries to AI features

We do NOT send the following to AI providers without explicit consent:

  • Your password or authentication credentials
  • Payment information or bank account details
  • Personal contact information unless necessary for the feature

6.3 Your Control Over AI Features

  • You can opt out of certain AI features in your account settings
  • Some core functionality may rely on AI and cannot be fully disabled
  • You control what information you input into AI features

7. Data Storage & Security

Storage Location: Your data is primarily stored on secure servers in Australia or other locations that provide adequate data protection.

Security Measures: We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication and access controls
  • Regular security audits and vulnerability assessments
  • Employee training on data privacy and security
  • Incident response procedures

Data Breach Notification: In the event of a data breach likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by Australian privacy law.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Account Information: Retained while your account is active and for 90 days after account closure
  • Project & RFI Data: Retained while relevant to active projects and for 7 years for construction records
  • Invoice Records: Retained for at least 7 years as required by Australian tax law
  • Usage Analytics: Aggregated and anonymized data may be retained indefinitely

9. Your Rights under Australian Privacy Law

Under Australian privacy law, you have the following rights:

  • Right to Access: Request access to the personal information we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete information
  • Right to Deletion: Request deletion of your personal information (subject to legal exceptions)
  • Right to Data Portability: Request a copy of your data in a structured format
  • Right to Object: Object to certain processing, particularly for direct marketing
  • Right to Complain: Make a complaint to us or the OAIC

To exercise these rights, contact our Privacy Officer at privacy@sitestream.au.

10. Complaints

If you believe we have breached the Australian Privacy Principles, you have the right to make a complaint to:

  • SiteStream Privacy Officer (see contact details below)
  • Office of the Australian Information Commissioner (OAIC)

OAIC Contact Information:

Office of the Australian Information Commissioner
GPO Box 5288, Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au

11. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.

12. International Data Transfers

Your personal information may be transferred to, stored, or processed in countries outside of Australia, including the United States (for AI provider services). When we transfer personal information overseas, we take reasonable steps to ensure that the recipient complies with the Australian Privacy Principles or provides substantially similar protections.

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date, posting the updated policy, and sending an email notification.

Your continued use of the Service after changes constitutes your consent to the updated policy.

14. Contact Information

If you have any questions, concerns, or complaints about this Privacy Policy, please contact us:

Privacy Officer
SiteStream Pty Ltd
Email: privacy@sitestream.au
General Inquiries: support@sitestream.au
Website: sitestream.au

We will respond to all legitimate privacy inquiries within 30 days.

© 2026 SiteStream Pty Ltd. All rights reserved.

Compliant with Australian Privacy Principles