Privacy Policy

1. Who we are

FairWork Mate (https://fairworkmate.com.au) is operated by SP Williams Holdings Pty Ltd (ACN 683 151 304, ABN 89 683 151 304), an Australian proprietary limited company. We are bound by the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). For privacy questions, contact hello@fairworkmate.com.au.

2. The short version

• Calculators: run in your browser. We never see the salary, dates, employer name, or other inputs you enter.
• AI advisor (free, anonymous): messages are PII-scrubbed before reaching our servers or Claude. Anonymous chats are deleted after 30 days.
• AI advisor (signed-in paid tiers): we keep your email + plan + per-period usage to bill correctly and show your chat history. Chat history is kept for 90 days, then auto-deleted.
• Document upload (Pro / Business / Premium / Enterprise): uploaded files are PII-scrubbed for the AI but kept in Supabase Storage for 30 days for audit, then deleted.
• Payment: Stripe handles your card. We never see or store it — only your Stripe customer ID.
• No sale of personal information. Ever.

3. Calculator tools

We do not collect, store, or transmit any data you enter into our calculators. All calculations are performed entirely in your web browser (client-side). No salary figures, employment details, personal information, or calculator inputs are sent to our servers or any third party. Your calculator data stays on your device.

4. AI Workplace Advisor

The AI advisor at /advisor processes your questions to provide general workplace information:

• PII scrubbing: Before your message is processed, we automatically detect and remove personal information including tax file numbers, ABNs, Medicare numbers, phone numbers, email addresses, bank account / BSB numbers, and street addresses. Scrubbing runs both in your browser and again on the server as defence-in-depth.
• Anonymous use: If you use the advisor without signing in, we store your scrubbed messages and the AI's responses linked to a session token (random ID, not tied to your identity) and a hashed IP for rate limiting. Anonymous chat history is deleted after 30 days.
• Signed-in use (Pro / Business / Premium / Enterprise): We also store your account email against each chat so we can show your chat history across devices. The auto-generated chat titles (short labels for the sidebar) are generated by Claude from your first message. Signed-in chat history is deleted after 90 days, or sooner if you delete the chat yourself from the sidebar.
• AI provider: Scrubbed messages are sent to Anthropic (Claude) for processing. PII scrubbing means no personal information reaches Anthropic. See Anthropic's Privacy Policy.
• Rate limiting: We store a cryptographically hashed version of your IP address to enforce free-tier limits. The hash cannot be reversed to identify you.
• Cost + abuse logging: We log token consumption per query (counts only — not the message content) against your account or hashed IP for billing reconciliation and abuse detection.

5. Document upload (paid tiers)

Pro, Business, Premium and Enterprise customers can upload documents (PDF, Word, plain text) for the AI to review:

• Text extraction + PII scrubbing: The document's text content is extracted server-side and put through the same PII scrubber as chat messages before reaching Claude.
• Storage: The original file is stored in Supabase Storage (Sydney region) keyed by a hashed version of your email so the bucket layout doesn't reveal who uploaded what. The extracted text is stored in our database (also Sydney).
• Retention: Files and extracted text are auto-deleted 30 days after upload by a daily retention cron. You can also remove a document at any time by deleting the chat it's attached to.
• Quota: We log per-month upload counts against your email so we can enforce your plan's limit.

6. Payment + subscription data

Paid plans are billed by Stripe. When you subscribe:

• Stripe handles your card. Card details are entered on Stripe's own checkout page, hosted by Stripe. We never see, transmit or store your card details.
• We store: your email address, your Stripe customer ID, your current plan, your per-period AI question consumption, and a per-month document upload count. This is the minimum needed to enforce your plan and bill correctly.
• Receipts + invoices: Issued by Stripe to the email you provide at checkout.
• Cancellation: You can cancel a subscription at any time from your account dashboard. Cancellation takes effect at the end of your current billing period.

Stripe's privacy practices are described in Stripe's Privacy Policy.

7. API tiers

API Basic and API Full customers integrate our REST API into their own software. We log:

• API call counts (for quota enforcement and overage billing)
• The endpoint called and timestamp
• Your API key (or a hash of it) as the requester

We do not log request bodies in production. We do not retain response payloads. API call logs are retained for 90 days for billing reconciliation and abuse detection, then deleted.

8. Template tools (letter generators)

Some tools on this site generate template documents (such as a letter to an employer about a pay query). When you use a template tool:

• Form inputs (employer name, pay rate, dates, etc.): processed in your browser to produce the document. If you choose to have a copy emailed to you, these values are sent to our server only long enough to generate the PDF and send the email, then discarded. We do not retain them.
• Generated PDF: generated in memory and either downloaded to your device or attached to the email we send you. We do not store a copy.
• Your email address (if you ask for an emailed copy): used only to send that one email via Resend. We do not add it to any marketing list unless you separately subscribe.
• Consent record: we record a timestamp, a hashed IP, your browser user-agent, which confirmations you ticked, and whether you chose to be redirected to the Fair Work Ombudsman instead. We retain this for up to seven years as an evidence trail.

9. Newsletter + email subscriptions

If you sign up to the FairWork Mate newsletter, we store your email address in our database and (where applicable) in our email service's audience list. You can unsubscribe at any time from any newsletter we send, or by emailing hello@fairworkmate.com.au. Unsubscribe is honoured within 1 business day.

10. Analytics + advertising

We use Google Analytics 4 (GA4) to understand how visitors use our website. GA4 collects pages visited, referring source, general geographic location, device + browser type, and anonymised interaction data. GA4 does not collect personally identifiable information.

You can opt out via the Google Analytics Opt-out Browser Add-on.

We currently run display advertising through Monumetric and Google AdSense. Advertising partners may use cookies to serve relevant ads. Opt out at NAI Opt-Out or DAA Opt-Out.

11. Cookies

• Essential: Session cookie (fwm-session) for signed-in users, set as HttpOnly + Secure. Required to keep you logged in.
• Analytics: Google Analytics. Can be disabled via your browser or the GA opt-out add-on.
• Advertising: Monumetric / AdSense (free audience only). See Section 10 for opt-out.

12. Subprocessors

Third parties that process personal information on our behalf:

• Vercel — website + API hosting. Runtime data is processed in Sydney (syd1) region. See Vercel Privacy Policy.
• Supabase — Postgres database + storage, Sydney region. See Supabase Privacy Policy.
• Anthropic — Claude AI model provider for the advisor. See Anthropic Privacy Policy.
• Stripe — payment processing. See Stripe Privacy Policy.
• Resend — transactional email (one-off PDF copies + newsletter). See Resend Privacy Policy.
• Google — Analytics + AdSense + Google OAuth sign-in. See Google Privacy Policy.
• Monumetric — display ad partner. See Monumetric Privacy Policy.

13. Data residency + security

All FairWork Mate-controlled data sits in Australian regions: Supabase (Sydney) for our database + document storage; Vercel (Sydney) for application compute. Some subprocessors (Anthropic, Stripe, Google, Resend) operate global infrastructure — your scrubbed AI requests may transit to their nearest region for processing. All connections use TLS 1.2 or later.

We encrypt data at rest in the database. Passwords are hashed with bcrypt before storage. Session tokens are short-lived JWTs. We follow the principle of least privilege for internal access.

14. Retention summary

• Calculator data: never stored
• Anonymous chat messages: 30 days
• Signed-in chat messages: 90 days (or sooner if you delete)
• Uploaded documents: 30 days
• API call logs: 90 days
• Account record (email + plan): while your account is active, plus 7 years for tax + Stripe reconciliation if you ever paid
• Auth rate-limit records: 7 days
• Template-tool consent records: 7 years
• Analytics data: 12 months

15. Your rights

Under the Australian Privacy Act 1988 you have the right to:

• Know what personal information we hold about you
• Access that information
• Request correction of inaccurate information
• Request deletion of your account + associated data
• Complain about a breach of the APPs

To exercise any of these, email hello@fairworkmate.com.au from your account email. We'll respond within 30 days.

If you believe we've breached the APPs, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

16. Children

This website is not directed at children under 16. We do not knowingly collect personal information from children.

17. International users

FairWork Mate is built for Australian workplaces. If you access the site from outside Australia, your data is still processed in Australia (database + compute) plus the subprocessor regions listed in Section 12. We do not target users in the EU/UK, but if you're an EU/UK user using the site, you can still exercise the rights in Section 15.

18. Changes

We may update this privacy policy from time to time. Material changes will be highlighted at the top of this page and emailed to active paid subscribers. The "Last updated" date at the top reflects the most recent revision.

19. Contact

SP Williams Holdings Pty Ltd, trading as FairWork Mate.
ACN 683 151 304 · ABN 89 683 151 304.
Email: hello@fairworkmate.com.au.

Also see our Terms of Service.