Privacy Policy

Last updated: 26 May 2026

Innov8Hub ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and disclose personal information when you visit our website, subscribe to our services, or use our Job Tracker portal. We comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth).

1. Who we are

Innov8Hub is an Australian automation and operations consultancy based in Sydney, NSW. We build and operate software systems for small service businesses (trades, gardening, cleaning, and similar). You can contact us at hello@innov8hub.io.

2. Information we collect

2.1 Information you provide directly

  • Account information: name, email address, phone number, business name, ABN
  • Authentication credentials: hashed password, multi-factor authentication factors
  • Business operational data: bank details (for invoice display only — we do not process payments through these), customer records you create, jobs, invoices, notes
  • Communications: messages you send us via email, contact forms, or support requests

2.2 Information collected automatically

  • Usage data: log-in times, pages visited, features used, actions performed (job created, invoice sent, etc.)
  • Device and browser information: IP address, browser type, operating system, device identifiers
  • Cookies and session tokens: stored in your browser's session storage (cleared on browser close) or local storage (only if you tick "Keep me signed in")

2.3 Information from third parties

Our edge functions and integrations may receive delivery and status information from Twilio (SMS), Stripe (payments), and Resend (email).

3. How we use your information

We use your information to:

  • Provide, operate, and maintain the Job Tracker portal and consultancy services
  • Authenticate you, secure your account, and prevent unauthorised access
  • Send transactional communications (password resets, MFA codes, invoice SMS, payment reminders on your behalf)
  • Generate the reports and dashboards you request
  • Respond to support enquiries and improve our service
  • Send marketing communications about new features or offers (you can opt out at any time)
  • Comply with legal obligations, including tax and record-keeping requirements

4. Third-party service providers

We use the following sub-processors to operate the service. Each is contractually bound to handle your data with appropriate safeguards:

  • Supabase — database, authentication, and serverless functions. Data is hosted in ap-southeast-2 (Sydney, Australia).
  • Vercel — web application hosting (CDN edge — static assets only; no personal data stored).
  • Twilio — sending SMS messages to your customers on your behalf.
  • Resend — sending transactional emails (password resets, login links, notifications).
  • Stripe — payment processing for subscriptions and customer payment links (when used).
  • Namecheap / DNS providers — DNS resolution.

5. Where your data is stored

All core operational data (your customers, jobs, invoices, account information) is stored in our Supabase PostgreSQL database in the Sydney, Australia (ap-southeast-2) region. Some sub-processors (Twilio, Stripe, Resend, Vercel) may process data overseas as part of their global infrastructure — we only use providers with appropriate cross-border safeguards.

6. How we protect your information

  • Encryption in transit: all connections use HTTPS/TLS
  • Encryption at rest: database storage encrypted by Supabase
  • Tenant isolation: Row-Level Security (RLS) ensures one business cannot access another's data, even if a request were misrouted
  • Authentication: passwords hashed with industry-standard algorithms; multi-factor authentication (MFA / TOTP) available to all account owners
  • Access controls: staff access to your data is restricted to what is needed to provide support
  • Audit logs: sensitive actions (invoice creation, SMS sends, settings changes) are recorded

7. Sharing and disclosure

We do not sell your personal information. We only disclose your information:

  • To the sub-processors listed in Section 4, only as needed to operate the service
  • To your own customers when you instruct us to (e.g. sending an invoice SMS that includes your bank details)
  • When required by Australian law, a court order, or to protect our rights or safety
  • In the event of a business sale or merger, with notice to you

8. How long we keep your data

We keep your information for as long as your account is active and as needed to provide our services. After account closure, we retain certain records (such as invoices and audit logs) for up to 7 years to meet Australian tax and record-keeping requirements. You can request deletion of data not subject to legal retention at any time.

9. Your rights

Under the Australian Privacy Principles you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information (subject to legal retention)
  • Opt out of marketing communications at any time
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, email hello@innov8hub.io. We will respond within 30 days.

10. Children

Our service is not directed at people under 18. We do not knowingly collect personal information from children.

11. Cookies and tracking

The Innov8Hub portal uses essential session storage to keep you logged in. We do not use third-party advertising cookies. The marketing website (www.innov8hub.io) does not currently use tracking analytics; if we add analytics in future, this policy will be updated.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or a notice in the portal. The "Last updated" date above reflects when the current version took effect.

13. Contact us

Questions, requests, or complaints about privacy can be sent to:

Innov8Hub
Email: hello@innov8hub.io
Location: Sydney, NSW, Australia