Privacy Policy

Last updated: 12 July 2026

Suiviro Pty Ltd (trading as Smart Scheduler AI) is the data controller for personal information collected through the Service. This policy explains what we collect, why, how we protect it, and your rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as the GDPR and UK GDPR where applicable.

1. What we collect

  • Account data - name, email, organisation, role.
  • Usage & telemetry - pages visited, features used, error reports.
  • IP address and device metadata - for security and auth.
  • Support messages - anything you send us via email or in-app.
  • Job & customer data - jobs, addresses, staff schedules you enter.
  • Geolocation from addresses - we geocode job and staff addresses via Google Maps Platform to compute travel time.
  • Calendar busy time - when you connect Google or Microsoft calendars, we read busy-time metadata (not event details) for scheduling.

2. Why we use it (purpose and legal basis)

  • To provide the Service (contract).
  • To secure the Service and prevent abuse (legitimate interest).
  • To meet legal, tax, and audit obligations (legal obligation).
  • To send transactional and service notifications (contract).
  • To send optional marketing where you've opted in (consent).

3. Subprocessors

  • Paddle.com - Merchant of Record for payments.
  • Lovable Cloud (Supabase) - hosting, database, auth, storage (Sydney region).
  • Google Maps Platform - geocoding and travel-time routing.
  • Google & Microsoft calendar APIs - busy-time sync where you connect them.
  • ClickSend - SMS delivery for reminders (where enabled).
  • Microsoft Graph - email delivery via Outlook (where enabled).

4. Retention

We keep account and operational data while your account is active. On account deletion, personal data is purged within 30 days, subject to legal retention (tax records: 7 years). Backups are rotated on a rolling 30-day cycle.

5. Security

Row-level security on every user-facing table, encrypted OAuth tokens for calendar integrations, TLS 1.2+ in transit, webhook signature verification, and quarterly restore drills. See our Security page.

6. International transfers

Personal data is stored in Sydney, Australia. Some subprocessors (Google, Microsoft, Paddle) may process data in other jurisdictions under Standard Contractual Clauses or equivalent safeguards.

7. Your rights

Under the Australian Privacy Principles, and where applicable under the GDPR/UK GDPR, you have rights to access, correct, erase, restrict, port, and object to processing of your personal data, and to withdraw consent. To exercise any of these, email privacy@smart-scheduler.com. We respond within 30 days.

8. Complaints

You can complain to us first at privacy@smart-scheduler.com. If unsatisfied, you can complain to the Office of the Australian Information Commissioner (OAIC), or, in the EU/UK, to your local supervisory authority.

9. Notifiable Data Breaches

We maintain an incident response plan. If a notifiable data breach occurs, we notify affected individuals and the OAIC within the statutory timeframes.

10. Cookies

See our Cookie Policy.

11. AI-specific processing

Smart Scheduler AI uses constraint programming and, where enabled, generative AI. We do not sell your data. We do not train third-party foundation models on your customer or staff data.

12. Contact

Suiviro Pty Ltd, Australia. privacy@smart-scheduler.com.