Profitdrive//
Privacy Policy

Privacy Policy — Profitdrive.app

Last updated: 5 December 2025

This Privacy Policy explains how Bosch Consulting Group Pty Ltd (ABN 68 666 257 941), trading as Profitdrive.app ("we", "us", "our"), collects, uses, stores, and protects personal information.

We comply with the Australian Privacy Act 1988 and follow GDPR-aligned practices for international users.

Using the Profitdrive Service constitutes acceptance of this Privacy Policy.

1. Information We Collect

1.1 Account Information

  • Name
  • Email
  • Organisation name
  • Login details
  • User activity (audit logs)

1.2 Customer Data (Your Business Data)

This includes any financial, resource, forecasting, or operational data you input into the system.

You own this data.

1.3 Payment Information

Handled exclusively by Paddle, our Merchant of Record.

We do not receive or store credit card information.

1.4 Usage Analytics

We may collect usage metrics such as:

  • Page views
  • Feature interactions
  • Error logs

All analytics are aggregated or anonymised.

1.5 How We Measure Engagement

Profitdrive uses first-party analytics on this site to understand how visitors engage with our content. We set two cookies on your browser — one to recognise you across pages during your visit (90-day expiry) and one to associate engagement with your email address if you submit a form or click an email link from us (365-day expiry). Both cookies contain only random identifiers — they do not store your name, email, or any personal information. We do not use third-party analytics tools, fingerprinting, ad networks, or reverse-IP identification. The site loads the Inter typeface from Google Fonts, which results in a single request to Google's CDN per visit — Google may log this request. No other third-party requests are made. We do not share engagement data with any third party. If you would like your data deleted, email contact@profitdrive.app and we will remove your records within 30 days.

1.6 Information We Do Not Collect

We do not collect sensitive personal information such as passport numbers, driver's licence details, health records, biometric data, or government identifiers. The Service is designed to process operational and financial data related to business activities, not sensitive personal information.

2. How We Use Information

We use your information to:

  • Provide and maintain the Service
  • Improve features and performance
  • Ensure security and fraud prevention
  • Offer support and respond to inquiries
  • Comply with legal obligations

We do not sell personal information or Customer Data.

3. Legal Basis (GDPR-Friendly)

For international users, we rely on:

  • Contract necessity (to deliver the Service)
  • Legitimate interests (product improvement)
  • Consent (for optional email communications)

4. Where Data Is Stored

Your data is stored securely on Supabase, hosted in Singapore.

Data is encrypted at rest and in transit.

Backup and processing systems may run in other regions as part of Supabase's global infrastructure.

Supabase acts as our data processor, providing hosting, authentication, storage, and operational infrastructure. Supabase processes Customer Data solely for the purpose of delivering the Service to the Customer.

5. Third-Party Service Providers

We use third parties to help deliver the Service, including:

  • Supabase – hosting, authentication, database
  • Paddle – billing, tax compliance, invoicing
  • Email delivery providers
  • Analytics tools (if enabled later)

Each provider is contractually required to handle data responsibly and securely.

6. Confidentiality

We treat Customer Data as strictly confidential.

We will not access Customer Data except:

  • to provide technical support,
  • to maintain system stability,
  • where required by law,
  • or with your express permission.

Access is logged and limited to authorised personnel only.

7. Data Retention & Deletion

We retain Customer Data for as long as your account is active.

Upon request or termination:

  • You may export data (if available)
  • We will delete Customer Data within 30–90 days
  • Backups may persist for a limited period for safety

We retain account-level personal information (such as usernames, email addresses, and audit logs) for as long as your account is active and for up to 12 months after termination for security, operational, and compliance purposes.

8. International Transfers

Your data may be stored or processed in countries outside your own, including Singapore and the United States (for backups or services provided by Supabase or Paddle).

We use appropriate safeguards such as Standard Contractual Clauses (SCCs) provided by our infrastructure vendors.

9. Your Rights (GDPR-Light)

You may request:

  • Access to personal data
  • Correction of inaccurate data
  • Deletion of data (subject to retention requirements)
  • Export of your data
  • Restriction of processing

You may withdraw consent to optional communications at any time by contacting us at contact@profitdrive.app. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

10. Security Practices

We use reasonable technical and organisational measures including:

  • Encryption
  • Role-based access control
  • Audit logging
  • Database row-level security (RLS)
  • Regular updates

No system is completely secure, but we make reasonable efforts to protect your information.

11. Children

Profitdrive is not intended for use by individuals under 16 years old.

12. Changes to This Policy

We may update this Privacy Policy. Changes will be posted on our website.

13. Contact

Questions or requests can be directed to:

contact@profitdrive.app