Privacy Policy - CrossVault
Free It's free and can save you thousands on compliance. See why NDIS providers use it.

Privacy Policy

Your privacy is important to us. This policy outlines how we collect, use, and protect your personal information.

Last updated: April 2026

1. Introduction

CrossVault Pty Ltd ("we", "us", or "our") is committed to protecting your privacy. We are an Australian company and we comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) when handling personal information.

2. Information We Collect

We collect information that you voluntarily provide to us when using our platform, specifically:

  • Account Information: Name, email address, and company details provided during registration.
  • Uploaded Content: Timesheets, rosters, and employment data you upload for analysis.
  • Usage Data: Information about how you interact with our services.
  • Device and Technical Data: When using our mobile application, we may collect basic technical information such as your device type, operating system version, and crash logs to help us diagnose bugs and improve app stability.

Important: Data De-identification

We strictly advise users to de-identify all timesheets and rosters before upload. Please remove names, Tax File Numbers (TFNs), addresses, and other personally identifiable information (PII) of employees. We do not require this information to perform award compliance analysis.

3. How We Use Your Information

We use your information solely for the purpose of:

  • Providing our award compliance and timesheet analysis services.
  • Improving the accuracy and performance of the specific features visible within our app.
  • Communicating with you about your account and service updates.

We do not sell your personal information to third parties.

Google User Data

CrossVault's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Specifically regarding Google User Data:

  • We only use data accessed via Google APIs (such as Google Drive files) to provide the specific features you have requested (e.g., analyzing timesheets).
  • We use Google user data only to improve the specific timesheet analysis features you see in CrossVault, not to develop general-purpose AI models or services.
  • We do not use this data for advertisements, re-targeting, or personalized marketing.
  • We do not transfer this data to third parties except as necessary to provide the feature (e.g., AI processing), for security purposes, or to comply with applicable laws.
  • We do not allow humans to read this data unless you have explicitly agreed to it for specific support purposes, or if required for security or legal reasons.

4. Data Security & Storage

We take the security of your data seriously and implement reasonable technical and organisational measures to protect it:

  • Location: Your data is stored securely on Amazon Web Services (AWS) servers located in Sydney, Australia (ap-southeast-2), ensuring data sovereignty.
  • Encryption: Data is encrypted in transit and at rest using industry-standard AES-256 encryption.
  • Retention: We implement an auto-delete policy for uploaded timesheets. Files are automatically permanently deleted from our servers 30 days after upload.

5. Disclosure to Third Parties

We may disclose your information to:

  • Service Providers: Third-party vendors who assist us in operating our platform (e.g., cloud hosting, AI processing), subject to strict confidentiality agreements.
  • Legal Requirements: If required by law or to protect our rights.

6. Your Rights

Under the Privacy Act, you have the right to access and correct your personal information. If you wish to exercise these rights, please contact us.

7. Account and Data Deletion

You have the right to request the deletion of your account and associated personal data at any time. To do so:

  • In-App: You can delete your account directly within the CrossVault mobile app by navigating to Settings > Account > Delete Account.
  • Via Email: You can request account deletion by emailing us at team@crossvault.app from the email address associated with your account.

Upon receiving a deletion request, we will permanently delete your account, remove your Google OAuth connection, and wipe all associated personal data from our active databases within 30 days, except where retention is strictly required for legal or tax compliance purposes.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us at team@crossvault.app.