Privacy Policy

1. Introduction

Envisage Australia Pty Ltd ATF Malouf Family Trust (ABN 11 331 804 705) trading as Wisdom Coaching ("we", "us", "our") is committed to protecting your privacy and complying with the Australian Privacy Principles ("APPs") contained in the Privacy Act 1988 (Cth).

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our business coaching platform and related services (the "Platform").

By using the Platform, you consent to the collection and use of your information as described in this policy.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Name, email address, phone number, and business address
• Business name, ABN, and role within your organisation
• Account credentials (username and encrypted password)
• Payment and billing information (processed securely via Stripe)
• Business performance data, goals, and coaching session notes
• Financial data you choose to integrate from Xero
• Communications between you and your coach

2.2 Automatically Collected Information

When you use our Platform, we automatically collect:

• Device information (browser type, operating system)
• IP address and general location data
• Usage data (pages visited, features used, time spent)
• Cookies and similar tracking technologies

2.3 Sensitive Information

We do not intentionally collect sensitive information as defined under the Privacy Act 1988. If you provide sensitive information to us (such as health information relevant to your business performance), we will only use it for the purpose for which it was provided and with your explicit consent.

3. How We Use Your Information

We use your personal information to:

• Provide and improve our coaching platform and services
• Create and manage your account
• Facilitate coaching sessions and track your business progress
• Process payments and manage subscriptions via Stripe
• Integrate with third-party services at your request (e.g., Xero)
• Send you service-related communications and updates
• Analyse usage patterns to improve user experience
• Comply with legal obligations and resolve disputes
• Protect against fraud and unauthorised access

4. How We Share Your Information

We may share your personal information with:

4.1 Your Business Coach

Your assigned coach will have access to your business data, goals, session notes, and performance metrics to provide effective coaching services.

4.2 Service Providers

We use trusted third-party service providers including:

• Supabase - Database hosting and authentication (data stored in Australia/Singapore)
• Stripe - Payment processing (PCI-DSS compliant)
• Xero - Accounting integration (only when you authorise connection)
• Vercel - Application hosting

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or to protect our rights, property, or safety, or that of our users or the public.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with password hashing
• Role-based access controls
• Regular security assessments and updates
• Secure cloud infrastructure with reputable providers

While we take reasonable steps to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Specifically:

• Account data is retained while your account is active
• Coaching records and session notes are retained for 7 years after your last session
• Financial records are retained as required by Australian tax law (minimum 5 years)
• You may request deletion of your data at any time (subject to legal retention requirements)

7. Your Rights

Under Australian privacy law, you have the right to:

• Access - Request a copy of the personal information we hold about you
• Correction - Request correction of inaccurate or incomplete information
• Deletion - Request deletion of your personal information (subject to legal requirements)
• Portability - Request your data in a portable format
• Withdraw consent - Withdraw consent for specific processing activities
• Complaint - Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, please contact us using the details below.

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. These include:

• Essential cookies - Required for the Platform to function (authentication, security)
• Analytics cookies - Help us understand how users interact with the Platform
• Preference cookies - Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect Platform functionality.

9. Third-Party Integrations

9.1 Xero Integration

If you choose to connect your Xero account, we will access financial data including profit and loss reports, balance sheets, and account information. This data is used solely to provide coaching insights and is subject to Xero's own privacy policy. You can disconnect Xero at any time through your account settings.

9.2 Stripe Payments

Payment information is processed directly by Stripe and is subject to Stripe's privacy policy. We do not store your full credit card details on our servers.

10. Cross-Border Data Transfers

Your data may be transferred to and processed in countries outside Australia where our service providers are located. We ensure that any such transfers comply with the APPs and that appropriate safeguards are in place. Our primary service providers maintain data centres in Australia, Singapore, and the United States.

11. Children's Privacy

Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on the Platform and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.