Privacy Policy

1. Scope

This policy explains how The Desktop, operating Child Care Demand, handles personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. It covers the public website, the subscription product, and support interactions.

Report content is about places, services, and public planning records — not about individuals. The personal information we handle is mostly account and billing information about our users.

2. What we collect

• Account information: name, work email, and authentication identifiers, managed by our identity provider, Clerk.
• Workspace information: workspace name, membership, roles, and invitations.
• Billing information: subscription plan, seat count, and payment status. Card details are collected and stored by Stripe; we never see full card numbers.
• Usage information: pages visited, reports generated, and product events, collected via Google Tag Manager / Google Analytics and (when enabled) PostHog, plus standard server logs.
• Support correspondence you send us.

3. Why we collect it

• To operate the product: authentication, workspace access, report generation, and share links.
• To bill subscriptions and manage seats.
• To secure the platform, prevent abuse, and debug issues.
• To understand product usage and improve features.
• To respond to support requests and send service notices.

4. Who we disclose it to

We disclose personal information only to the service providers that run the platform, each under their own security and privacy commitments:

• Clerk (authentication and user management)
• Stripe (payments and subscription management)
• Vercel (application hosting)
• Neon (database hosting)
• Google (Tag Manager and Analytics)
• PostHog (product analytics, when enabled)
• Mapbox and MapTiler (map rendering for reports)

5. Overseas disclosure

Some of these providers store data outside Australia, primarily in the United States. Where that happens, the disclosure is to deliver the service you signed up for, and we take reasonable steps to ensure providers handle personal information consistently with the Australian Privacy Principles. Our primary application database is hosted in the AWS Sydney region.

6. Security

Access to production systems is restricted and credential-based. Traffic is encrypted in transit, payment details never touch our servers, and webhook integrations are signature-verified. No internet service can promise perfect security, but we design so that a single compromised component exposes as little as possible.

7. Retention

We keep account and workspace records while your subscription is active and for a reasonable period afterwards for billing, dispute, and audit purposes, then delete or de-identify them. Analytics data is retained per the configured retention windows of the analytics providers.

8. Cookies and analytics

The product uses strictly necessary cookies for sign-in sessions. The public site uses Google Tag Manager / Google Analytics to measure traffic; these set analytics cookies. You can block analytics cookies in your browser without affecting product sign-in.

9. Access, correction, and complaints

You can access and update most account details directly in the product. For anything else — access requests, corrections, deletion requests, or privacy complaints — email luke@seventhstreet.vc. We will respond within 30 days. If you are unsatisfied with our response, you can complain to the Office of the Australian Information Commissioner (oaic.gov.au).

10. Changes to this policy

We will update this policy as the product and our providers change, and will note the date of the latest revision at the top of this page. Material changes will be notified in-product or by email.