Epplit Pty Ltd – Privacy Policy
Last updated: 04 December 2025

This Privacy Policy explains how Epplit Pty Ltd (ABN 14691288329) (Epplit, we, us or our) collects, uses, discloses and protects personal information in connection with your access to and use of the Epplit Software-as-a-Service platform, tools and related services (collectively, the Epplit Platform or the Services). It is incorporated by reference into, and forms part of, the Epplit Terms of Use and Usage Policy (Terms). Capitalised terms not defined in this Privacy Policy have the meaning given in the Terms.

  1. Scope and application

1.1 This Privacy Policy applies to:
(a) visitors to our websites and other online properties that link to this Privacy Policy;
(b) users of the Epplit Platform, including any early-access, beta, pilot or co-creation programs; and
(c) individuals who otherwise interact with us, for example by email or through participation in research or co-creation activities.

1.2 By accessing or using the Services, or by otherwise providing personal information to us, you acknowledge that you have had an opportunity to read this Privacy Policy and that you understand it.

1.3 Epplit is an Australian company. This Privacy Policy is drafted to reflect the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and is intended to be read consistently with similar privacy and data protection laws that may apply in other jurisdictions. Where such laws grant you additional rights, we will handle personal information in accordance with those rights to the extent they apply to us.

  1. Key concepts

2.1 Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether it is recorded in a material form or not.

2.2 Customer Data has the meaning given in the Terms and generally includes information that you or your organisation submit to or through the Services, which may include:
(a) information about you as an individual user (such as your name, contact details and role);
(b) information about your job, company and industry; and
(c) your needs, requirements, feedback and ideas relating to potential features or solutions.

To the extent Customer Data contains personal information, we handle it in accordance with this Privacy Policy and the Terms.

  1. Personal information we collect

3.1 The types of personal information we collect and generate will depend on how you interact with us and the Services, but may include the following.

3.2 Account and profile information: name, job title and role; business contact details (including email address, telephone number, and employer); login identifiers (such as username or account ID); and your preferences and settings. We do not store your password in plain text.

3.3 Professional and organisational information: company or organisation name, size, industry and location; information about your team structure, responsibilities and workflows where you choose to describe them to us; and information about how your organisation currently addresses the problems we are exploring.

3.4 Customer Data and co-creation content: any information, including personal information, that you or your organisation submit when Using the Services, such as descriptions of your needs and use cases; feedback, ideas, feature requests and comments; survey or interview responses; and any documents or other content you choose to upload. You are responsible for ensuring that you have the necessary rights and consents to provide Customer Data to us.

3.5 Usage and technical information: we automatically collect certain information about how you access and use the Services, including log information (such as timestamps, pages or screens viewed, features used and actions taken), device information (such as device type, operating system, browser type and version), internet protocol (IP) address and general location (for example, city or region), referrer information and clickstream data, as well as performance and diagnostic information (such as error logs and crash reports).

3.6 Communications and support: if you contact us or otherwise communicate with us, we may collect the content of your communications, any contact details you provide, information about your enquiries and support requests, and any additional information you choose to provide during meetings, workshops, research sessions or other interactions.

3.7 Marketing and events: if you subscribe to updates, join our waitlist or mailing lists, or participate in events, pilots or marketing initiatives, we may collect your contact details, your communication preferences, information about your engagement with our communications (for example, email opens and clicks), and event registration and attendance information.

3.8 Information from third parties: we may receive personal information about you from third parties, such as your organisation (for example, where your employer provisions your account or identifies you as an Authorised User), other users who invite you to the Services, publicly available sources (such as professional networking sites and company websites) and service providers that assist us to verify, enrich or analyse information.

3.9 If you do not provide certain information, we may not be able to create or manage your account, provide some or all of the Services, or respond to particular enquiries.

  1. How we collect personal information

4.1 We collect personal information in several ways, including:
(a) directly from you, when you create an account, use the Services, participate in co-creation activities, complete forms or surveys, or communicate with us;
(b) from your organisation, where your employer or another authorised representative provides information about you, including to create or manage your access as an Authorised User;
(c) automatically, through cookies, log files, analytics tools and similar technologies when you interact with the Epplit Platform, our websites or digital communications; and
(d) from third parties, as described in clause 3.8.

  1. How we use personal information

5.1 We handle personal information for the purposes described in this Privacy Policy and the Terms, to the extent permitted by applicable law. These purposes include:

(a) Providing and operating the Services: creating and administering accounts; authenticating users and authorising access; delivering the functionalities you choose to use; enabling early-access, beta, pilot and co-creation use of the Epplit Platform; and providing support and responses to enquiries.

(b) Co-creation, research and product development: engaging with you to understand your role, company, industry and requirements; gathering and analysing feedback, ideas and feature requests; designing, testing and validating potential solutions; and improving the Epplit Platform and developing new products and features.

(c) Security, compliance and risk management: protecting the Epplit Platform, our users and our infrastructure; monitoring, detecting, investigating and preventing fraud, misuse and security incidents; enforcing the Terms and other policies; and complying with legal and regulatory obligations and lawful requests.

(d) Analytics and performance: monitoring and analysing usage of the Services; understanding adoption, usage patterns and feature performance; and troubleshooting, debugging and enhancing the performance, reliability and scalability of the Epplit Platform.

(e) Communications and marketing: sending you service-related notices, including about changes to the Services or this Privacy Policy; inviting you to participate in research, pilots, workshops or surveys; sending you information about Epplit, the Epplit Platform and related offerings that we consider may be of interest to you (in accordance with applicable marketing and spam laws); and managing your communication preferences.

(f) Business operations and transactions: planning and managing our business; managing relationships with customers, partners and suppliers; maintaining appropriate records; and, where relevant, supporting any merger, acquisition, restructure or similar corporate transaction involving Epplit.

  1. Legal bases where required

6.1 In some jurisdictions (such as the European Union or the United Kingdom), data protection laws require us to identify a legal basis for our processing of personal information. Where such laws apply, we generally rely on one or more of the following legal bases:
(a) performance of a contract, including to provide the Services under the Terms and any other agreement we have with you or your organisation;
(b) our legitimate interests, including to operate, improve and secure the Services, to engage in co-creation, to communicate with you and to manage our business, provided such interests are not overridden by your rights;
(c) your consent, in circumstances where it is required (for example, for certain forms of direct marketing or research). Where we rely on consent, you may withdraw it at any time, without affecting the lawfulness of processing that occurred before withdrawal; and
(d) compliance with legal obligations, where processing is necessary for us to comply with applicable laws, regulations or lawful orders.

  1. Aggregated and de-identified information

7.1 Consistent with the Terms, we may create aggregated and/or de-identified information (Aggregated Data) by combining and transforming Customer Data and other information so that it does not reasonably identify any individual.

7.2 We may use Aggregated Data for analytics, research, benchmarking, reporting, improving the Services, developing new products and features, and other legitimate business purposes.

7.3 We will not intentionally attempt to re-identify individuals from Aggregated Data and will take reasonable steps to minimise the risk of re-identification.

  1. When we disclose personal information

8.1 We may disclose personal information for the purposes described in this Privacy Policy and the Terms, in the following circumstances and to the following categories of recipients:

(a) Within Epplit: to our directors, officers, employees and individual contractors who have a need to know the information for the purposes of developing, operating, supporting and improving the Services, subject to appropriate confidentiality obligations.

(b) Service providers: to third-party service providers who assist us with hosting, cloud infrastructure and data storage; product analytics and diagnostics; security, monitoring and logging; communication and collaboration tools (including email, video conferencing and ticketing); customer relationship management; and professional advice (including legal, accounting and audit services). Those service providers are required to handle personal information only on our behalf, for the purposes we specify, and to implement appropriate safeguards.

(c) Your organisation and collaborators: if you use the Services as an employee, contractor or representative of an organisation, we may disclose certain information (such as your usage, participation in co-creation activities and feedback) to that organisation and its designated administrators. Where you participate in group workshops, interviews or similar sessions, other participants may see your name, role and contributions to the extent reasonably necessary for the collaborative process.

(d) Business transfers: in connection with, or during negotiations of, any merger, acquisition, financing, reorganisation, sale of assets or similar transaction involving Epplit, personal information may be disclosed to one or more third parties as part of the transaction, subject to appropriate confidentiality protections.

(e) Legal and regulatory: where required or authorised by law, regulation, court order or regulatory requirement, or where we reasonably consider such disclosure necessary to protect our rights, property or safety or that of our users or the public, or to enforce the Terms or defend legal claims, we may disclose personal information to courts, regulators, law enforcement agencies or other government authorities.

(f) With your consent: we may disclose personal information to other third parties where you have expressly requested or consented to us doing so.

  1. Cross-border disclosures

9.1 Epplit is based in Australia, but our service providers and users may be located in multiple countries. As a result, personal information may be transferred to, and processed in, jurisdictions outside the country in which you are located.

9.2 Where we disclose personal information to a recipient outside Australia, we will take reasonable steps to ensure that the recipient is subject to privacy protections that are substantially similar to those under the Privacy Act, or is otherwise bound by contractual obligations that require it to protect the personal information in a manner that is consistent with this Privacy Policy and applicable law.

9.3 By Using the Services or providing personal information to us, you acknowledge that such cross-border transfers may occur, subject to applicable law.

  1. Data security

10.1 We implement reasonable technical and organisational measures designed to protect personal information, and Customer Data more broadly, from misuse, interference and loss, and from unauthorised access, modification or disclosure.

10.2 However, no method of transmission over the internet, or method of electronic storage, is completely secure. To the extent permitted by law, we do not guarantee absolute security of personal information. As stated in the Terms, you are responsible for maintaining appropriate backups of Customer Data and for using the Services in a manner appropriate to the sensitivity of the information you choose to provide.

  1. Data retention

11.1 We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy and the Terms, including to provide the Services, to comply with legal, regulatory, tax and accounting obligations, to resolve disputes and to enforce our rights.

11.2 Customer Data is generally retained for the duration of your or your organisation’s engagement with Epplit and for a reasonable period afterwards, in accordance with our internal retention policies. We may retain Aggregated Data and other de-identified information for longer periods.

11.3 When personal information is no longer required for the purposes for which it was collected, and we are not legally required to retain it, we will take reasonable steps to delete or de-identify it. In some cases, information may continue to exist in backup or archival systems for a limited period before it is deleted in accordance with our retention schedules.

  1. Your rights and choices

12.1 Depending on your location and the laws that apply to you, you may have rights in relation to your personal information, which may include rights to:
(a) request access to the personal information we hold about you;
(b) request that we correct personal information that is inaccurate, out of date, incomplete, irrelevant or misleading;
(c) request, in certain circumstances, that we delete personal information we hold about you;
(d) object to, or request that we restrict, certain processing of your personal information;
(e) request, where applicable, that we provide certain personal information to you or to another organisation in a structured, commonly used and machine-readable format; and
(f) withdraw your consent to processing where we rely on consent, without affecting the lawfulness of processing carried out before consent was withdrawn.

12.2 You may also opt out of direct marketing communications at any time by using the unsubscribe link in our emails or by contacting us using the details below. We may still send you non-marketing communications relating to your use of the Services.

12.3 To exercise your rights or update your information, you may in some cases be able to do so directly via your account settings. Otherwise, you may contact us using the details in clause 15. We may need to verify your identity and may request additional information to process your request. In some circumstances, we may be permitted or required by law to refuse your request, in which case we will provide reasons (subject to any legal restrictions).

  1. Cookies and similar technologies

13.1 We may use cookies, web beacons, local storage and similar technologies (Cookies) on the Epplit Platform and our websites to recognise you and your device, keep you signed in, remember your preferences, understand how you use the Services, improve performance and support analytics and marketing activities.

13.2 You can usually control cookies through your browser settings, for example by blocking or deleting them. However, if you disable certain cookies, some parts of the Services may not function properly.

  1. Third-party sites and services

14.1 The Services may contain links to, or integrations with, websites, products or services operated by third parties. Those third parties may have their own privacy policies, which we recommend you review. We are not responsible for the privacy practices of third-party sites or services.

  1. Children

15.1 As stated in the Terms, the Services are intended for adults in a professional or business context and may only be used by individuals who are at least 18 years old (or the age of legal majority in their jurisdiction). We do not knowingly collect personal information about individuals under 18 years of age.

15.2 If you believe that we have collected personal information about a minor in a manner that is inconsistent with this clause, please contact us using the details below so that we can take appropriate steps.

  1. Changes to this Privacy Policy

16.1 We may update this Privacy Policy from time to time to reflect changes in the Services, our practices or legal requirements. When we do so, we will update the “Last updated” date at the top of this document and may provide additional notice where required by law (for example, via the Epplit Platform or by email).

16.2 Your continued use of the Services after an updated Privacy Policy takes effect will constitute your acknowledgement of the updated terms. You should review this Privacy Policy periodically to remain informed of any changes.

  1. Contacting us and complaints

17.1 If you have any questions, requests or concerns about this Privacy Policy or our handling of personal information, or if you wish to exercise any of your rights, you may contact us at:

Epplit Pty Ltd
Email: contact@epplit.com