Legal

Privacy Policy

ProductivityByPhil · ABN 48 721 872 764 · Effective date: 11 June 2026 · Version 1.0

1. About this policy

This Privacy Policy explains how ProductivityByPhil (ABN 48 721 872 764, "we", "us", "our") collects, uses, stores, and discloses personal information in connection with:

• This website at productivitybyphil.org
• Our iOS apps: PropertyTracker, RosterKit, RosterKit Staff, PhotoPurge, WealthTrack, and any future apps published under the ProductivityByPhil brand
• Digital products sold via our Etsy shop
• Any B2B software products (including B2B2GO) published under the ProductivityByPhil brand

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We adopt privacy best practice consistent with the 2024 amendments to the Privacy Act regardless of annual turnover threshold.

Each iOS app may also have its own supplementary privacy policy linked from the App Store listing and in-app. Where a supplementary policy exists, it applies alongside this policy.

2. Who we are

ProductivityByPhil is a sole trader business operated by Phil Vieyra, based in Melbourne, Victoria, Australia. We build practical iOS apps and digital tools for shift managers, property investors, small business operators, and sole traders.

• ABN: 48 721 872 764
• Location: Melbourne, Victoria, Australia
• Contact: p.vieyra@cybersecurityguy.org

3. What information we collect

From this website:

• Email address, if you voluntarily submit it via the newsletter signup form
• Basic server logs (IP address, browser type, pages visited) retained by our hosting provider — see Section 6

From iOS apps:

• App-specific data you enter (e.g. property details, roster entries, financial records, trip logs) — stored locally on your device or in iCloud, depending on the app
• Crash reports and anonymised usage analytics collected by Apple's frameworks — we receive aggregate, non-personally-identifiable data only
• Subscription status and purchase history, processed by Apple (IAP) or RevenueCat where applicable
• For B2B2GO specifically: buyer account identifiers and popup engagement events — covered in detail in the B2B2GO Privacy Policy

From Etsy purchases:

• We do not directly collect payment or shipping data from Etsy purchases — all such data is handled by Etsy under Etsy's Privacy Policy
• Etsy may share your name and email with us solely to fulfil your digital product order

What we do not collect:

• Sensitive information as defined under the Privacy Act 1988 (Cth), including health information, financial account credentials, racial or ethnic origin, religious beliefs, sexual orientation, or biometric data
• Children's data — our products are not directed at persons under 13

4. How we use your information

We use personal information only for the purposes for which it was collected:

• Email address (newsletter): to notify you of new app launches, updates, and digital product releases. We will not use your email for advertising unrelated third-party products or services.
• App data: solely to operate the app's core features as described in the App Store listing
• Etsy order data: to fulfil your digital product purchase
• Server logs: for security monitoring and diagnosing technical issues

We do not use personal information for advertising, profiling, AI or machine learning model training, or any purpose beyond operating our products. We do not sell personal information to third parties.

5. Email marketing and the Spam Act

We comply with the Spam Act 2003 (Cth). Our email marketing practices are:

• Consent: We only send commercial electronic messages to addresses that have been voluntarily submitted via our newsletter signup form. Submission constitutes express consent under the Spam Act.
• Identification: Every email we send identifies ProductivityByPhil as the sender and includes our contact details.
• Unsubscribe: Every marketing email includes a functional unsubscribe link. We will process unsubscribe requests promptly and within 5 business days at most.
• No third-party sending: We do not sell, rent, or share email lists with third parties for marketing purposes.

6. Disclosure to third parties

We engage the following third-party service providers. Each receives only the minimum data necessary to perform their function:

• Vercel Inc (United States) — website and app hosting. Server logs are retained by Vercel per their Privacy Policy. Our Vercel deployment is configured to the Sydney (ap-southeast-2) region.
• Apple Inc (United States) — iOS App Store distribution, in-app purchases, crash reporting, and anonymised analytics. Governed by Apple's Privacy Policy.
• RevenueCat Inc (United States) — subscription and in-app purchase management for applicable apps. Governed by RevenueCat's Privacy Policy.
• Google LLC / AdMob (United States) — advertising SDK used in PhotoPurge. AdMob may use device advertising identifiers to serve contextual ads. You can opt out via your device's privacy settings. Governed by Google's Privacy Policy.
• Etsy Inc (United States) — marketplace platform for digital product sales. Governed by Etsy's Privacy Policy.
• Neon / Databricks Inc (United States) — managed Postgres database used by B2B2GO. Data is stored in the Sydney (ap-southeast-2) region.

We do not disclose personal information to government agencies, law enforcement, or other third parties except where required by law, or where we have your consent.

7. Overseas data handling (APP 8)

Some third-party providers listed above are incorporated in the United States. While data is hosted in Australian data centres where possible, these providers may have limited administrative access to infrastructure for support and security purposes.

Before engaging overseas providers, we took reasonable steps under APP 8.1 to satisfy ourselves that each provider maintains privacy obligations substantially similar to the APPs. Each holds SOC 2 Type II certification or equivalent, and operates under enforceable data processing agreements.

By using our products, you acknowledge that personal data may be accessible by these overseas entities in their capacity as infrastructure operators.

8. Storage and local data

Most iOS app data (roster entries, property records, financial data, trip logs) is stored locally on your device and never transmitted to our servers. Where iCloud sync is offered as a Pro feature, data is stored in your personal iCloud account under Apple's management.

The storefront widget in B2B2GO uses browser localStorage to remember whether a buyer has dismissed a popup, preventing it from reappearing. No localStorage data is transmitted to our servers.

No persistent tracking cookies are set by our website or apps.

9. Security

We implement the following security measures:

• All data in transit between your device, our website, and our servers is encrypted via TLS 1.2+
• Database data is encrypted at rest using AES-256
• Access to production infrastructure is restricted to authorised personnel
• Third-party providers are evaluated for SOC 2 compliance prior to engagement
• Shopify OAuth tokens (B2B2GO) are stored encrypted and scoped to minimum required permissions

No method of transmission over the internet is 100% secure. If you suspect unauthorised access to your account or data, contact us immediately.

10. Data retention

• Newsletter email addresses: retained until you unsubscribe, then deleted within 30 days
• Server logs: 90 days, then automatically purged by our hosting provider
• B2B2GO buyer engagement events: 24 months, then deleted
• B2B2GO merchant account data: subscription duration + 7 years (Australian tax record obligations)
• Etsy order fulfilment data: retained only for the period necessary to fulfil the order, unless required by law

11. Your rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

• Access personal information we hold about you (APP 12)
• Correct personal information that is inaccurate, out of date, incomplete, or misleading (APP 13)
• Request deletion of personal information we hold about you, subject to our legal retention obligations
• Complain about how we handle your personal information
• Unsubscribe from marketing emails at any time

To make a request, contact us at p.vieyra@cybersecurityguy.org. We will respond within 30 days and will not charge a fee for access or correction requests.

12. Complaints

If you have a complaint about how we have handled your personal information, please contact us first at p.vieyra@cybersecurityguy.org. We will acknowledge your complaint within 5 business days and work to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• GPO Box 5218, Sydney NSW 2001

13. Notifiable data breaches

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of a data breach that is likely to result in serious harm to affected individuals, we will:

• Notify affected individuals as soon as practicable
• Notify the OAIC within 30 days of becoming aware of the eligible breach
• Publish a statement on our website where required

14. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, technology, or legal obligations. The current version and effective date are shown at the top of this page. We will notify newsletter subscribers of material changes. Continued use of our website or apps after changes are published constitutes acceptance of the updated policy.

15. Contact