CPM Pro

Privacy Policy

Last updated: 22 June 2026

CPM Pro Pty Ltd ("we", "us") handles personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. This policy explains what we collect, why, and what you can do about it.

What we collect

  • Name, email, and password (hashed with bcrypt) when you sign up
  • Business details you enter (ABN, address, bank details) to populate your PDFs
  • Your construction data — projects, clients, estimates, invoices, defects, etc.
  • Billing details — handled by Stripe; we never see full card numbers
  • Usage logs — basic access logs for security, retained 30 days
  • Optional, user-triggered: voice recordings + photos you upload to the app

Why we collect it

To operate the Service, bill you, and help you with support when you ask.

Who we share it with

  • Stripe (payment processing)
  • Our hosting provider (servers located in our APAC datacentre)
  • OpenAI — only if you provide your own API key and only for AI features you trigger
  • Government agencies if compelled by law

We never sell your data. We never use your data to train AI models. We don't show you advertising.

Data location

Your workspace data is hosted in our APAC datacentre. Backups are kept in the same region. Stripe (payments) operates internationally — refer to Stripe's privacy policy for their handling.

Security

Passwords are stored as bcrypt hashes (work factor 12). Traffic is encrypted via TLS. We offer optional two-factor authentication via TOTP. Each tenant's data is isolated at the database level — we've audited every query end-to-end to prevent cross-tenant leakage.

Your rights

You can access, correct, or export your data any time from the app. To permanently delete your account and all data, email privacy@cpmpro.app and we'll action it within 14 days. We retain backups for 30 days after deletion.

Questions or complaints

Contact privacy@cpmpro.app. If you're not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC).

Placeholder wording — to be reviewed by a lawyer before commercial launch.