TradesFieldTradesField
Open appGet started

Privacy Policy

Effective Date: 19 April 2026

TradesField Pty Ltd (ABN 41 686 483 536) ("TradesField", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in connection with our workforce management and onboarding platform (the "Services"). By using our Services, you agree to this Privacy Policy and our Terms of Service. This policy applies to both Client Users (staff or representatives of businesses using our platform) and Vendor Users (suppliers, subcontractors, or vendors who either are invited by a Client User or sign up directly on the TradesField platform).

1. Personal Information We Collect

We collect personal information to provide our Services, which help businesses onboard their workforce and detect potential issues efficiently. The types of information we collect depend on whether you are a Client User or a Vendor User.

1.1 Client Users

We collect the following personal information from Client Users (staff or representatives of businesses):

  • Full name, email address, and password.
  • Date of birth and certification identifiers (if provided).
  • Billing information (e.g., organisation’s payment details for subscriptions).
  • IP addresses and device information for audit and legal purposes.
  • Additional fields as configured by your organisation’s admin (e.g., job titles or custom data).

1.2 Vendor Users

We collect the following personal information from Vendor Users (suppliers, subcontractors, or vendors), whether invited by a Client User or signed up directly on the TradesField platform:

  • Names, email addresses, ABN, ACN, and addresses.
  • Banking information (e.g., BSB, account number, bank statements).
  • Certificate documents (e.g., insurances, licences), including certificate numbers and expiry dates.
  • IP addresses and device information for audit and legal purposes.
  • Additional information as configured by the Client User’s organisation admin.

The same categories of information are collected regardless of entry path, and the same retention and security rules apply.

1.3 Other Data

We collect additional data to improve our Services:

  • Website Analytics: IP addresses, device information, and user activity (e.g., platform interactions) via analytics tools like PostHog.
  • Feedback: Full name and email address when you provide feedback or reviews, though email addresses are not disclosed publicly.

2. How We Collect Personal Information

  • Client Users: We collect information directly during signup, through platform use, or when accounts are created on your behalf by TradesField or another Client User. Additional data (e.g., IP addresses) is collected automatically via analytics tools.
  • Vendor Users: We collect information when you (a) submit data via an email invitation from a Client User, (b) sign up directly on the TradesField platform and opt into the TradesField Network (see Terms of Service Section 4A), or (c) have your data imported from an external integration (e.g., an ERP system).
  • Anonymity: Due to the compliance-focused nature of our Services, Vendor Users cannot remain anonymous or use a pseudonym. Client Users may use an alias where practicable, but full identification is typically required for account management and billing.

3. Consent

  • Client Users: You consent to this Privacy Policy by:
    • Clicking a checkbox during signup.
    • Paying an invoice referencing this policy (for accounts created on your behalf).
    • Using the platform (implied consent for onboarded users).
  • Vendor Users: You consent by:
    • Completing a submission via an email invitation.
    • Having your data imported by a Client User, who warrants they have obtained your consent as per our Terms of Service.
    • Signing up directly on the TradesField platform and accepting this Privacy Policy and our Terms of Service via a checkbox at signup (clickwrap).
    • Opting into the TradesField Network, either on the opt-in screen at the end of an invited submission or during direct signup. Network opt-in is separate consent from the default consent to share information with the inviting Client User.
    • Optionally opting into "auto-approve" for Client User access requests on the Network. Auto-approve is off by default and may be revoked at any time from the vendor portal.
  • Withdrawal from the Network: A Vendor User may withdraw from the Network at any time. Withdrawal stops the discovery profile, prevents new Client User access requests, and stops future updates flowing to previously approved Client Users. Withdrawal does not retract information already legitimately disclosed. See Terms of Service Section 4A for the full mechanics.
  • Ensuring Consent: Client Users are responsible for obtaining consent from Vendor Users before sharing their information (e.g., email addresses) with us, as outlined in our Terms of Service.

4. Purposes of Collection

We collect personal information for the following primary purposes:

  • Onboarding vendors and integrating data with your ERP system.
  • Verifying vendor information against external sources (e.g., ASIC, ABR, trade licence regulators like QBCC).
  • Communicating with users (e.g., sending onboarding emails or alerts about issues).
  • Managing billing and accounts.
  • Improving our Services through analytics tools (e.g., PostHog).
  • Maintaining audit logs for legal and compliance purposes.
  • For Vendor Users who have opted into the TradesField Network, making a limited discovery profile (e.g., trading name, ABN, trade categories, general service areas) discoverable to verified Network participants.
  • Facilitating per-Client-User approval workflows for full-record disclosure on the TradesField Network, so that detailed vendor information (including insurance certificates, licences, and bank details) is shared only with Client Users that a Vendor User has specifically approved.

Marketing and identification as a User. Where you have accepted our Terms of Service, we may use your organisation's name, trading name, logo, and brand marks to identify your organisation as a TradesField customer, Vendor User, or Network participant in our marketing and promotional material, in accordance with Section 15 of our Terms of Service. For individuals and sole traders, this is limited to the business name and any associated brand marks, not to personal photographs or likenesses, which require separate consent.

Beyond this identification use, we do not use personal information for other marketing or promotional activities (such as attributed quotes, testimonials, or case studies) without your separate explicit consent. If we send product updates to select Client Users, you can opt out by contacting [email protected]. You may also opt out of identification use in marketing material at any time by emailing [email protected], as described in Section 15 of our Terms of Service.

5. Disclosure of Personal Information

We may disclose personal information as follows:

  • Default (Non-Network) Sharing: By default, a Vendor User's information is shared only with the Client User organisation that invited them, based on configuration and permissions within that organisation. Not all Client Users inside that organisation may have access, depending on settings. Information is not shared with other Client User organisations, and is not shared with competitors.
  • TradesField Network (Opt-In): Where a Vendor User has opted into the TradesField Network, an additional layer of sharing applies in two distinct tiers:
    • Discovery layer: A limited set of business identity information (for example, trading name, ABN, trade categories, and general service areas) is visible to verified Network participants, so that Client Users can find and request access to vendors relevant to their projects.
    • Full record: Detailed vendor information — including insurance certificates, licence records, supporting documents, and bank account details — is disclosed to a specific Client User only after the Vendor User approves that Client User's access request for that specific record. Once approved, future updates to the record flow to that Client User until approval is withdrawn.
    • Withdrawal from the Network stops future updates and prevents new access requests, but does not retract information already legitimately disclosed. See Terms of Service Section 4A for the full mechanics.
    • Network membership is opt-in and does not change the default sharing behaviour described above for vendors who have not opted in.
  • Third-Party Providers: We share personal information with third parties to provide our Services, including:
    • Stripe (USA) for payment processing.
    • AWS and Digital Ocean (Sydney, Australia) for data hosting.
    • Cloudflare for document storage and WAF services.
    • Australian Courts and government agencies (e.g., ASIC via Alares, ABR, trade licence regulators like QBCC, NSW Fair Trading, VBA, ESV, CBS, DMIRS, CBOS, Access Canberra, BPB) for verification.
    • OpenAI (USA) for document parsing and sentiment analysis.
    • PostHog (USA) for anonymised analytics.
    • Other government agencies for compliance checks, as needed.
  • De-Identified Data: Where possible, we share only de-identified data (e.g., company legal name, ABN) with third parties for verification.
  • Legal Requirements: We may disclose information to government bodies if required by Australian law (e.g., for investigations) or to maintain access logs.
  • Analytics: Anonymised data is shared with Facebook and LinkedIn Pixel for analytics purposes.

6. Cross-Border Data Transfers

Some personal information is transferred to third parties in the USA, including:

  • Stripe for payment processing.
  • PostHog for product analytics.
  • OpenAI for document parsing and sentiment analysis.

We ensure these providers comply with standards equivalent to the Australian Privacy Principles (APPs) through contractual agreements. All other data is hosted in Australia (Sydney region) via AWS and Digital Ocean.

7. Data Storage and Security

  • Storage: Personal information is stored on secure servers in Sydney, Australia, via AWS and Digital Ocean.
  • Security: Data is encrypted at rest and in transit using AES-256 encryption. We take reasonable steps to protect data from unauthorised access, misuse, or loss.
  • Retention: We retain personal information for 7 years for legal, audit, and tax purposes, unless you request deletion earlier.
  • Network Withdrawal vs Retention: Withdrawing from the TradesField Network is not the same as requesting deletion. Withdrawal removes a Vendor User's discovery profile from the Network and stops future updates flowing to previously approved Client Users, but the underlying submission record is retained on the TradesField platform under the 7-year retention policy above, unless the Vendor User separately requests deletion. Client Users who received information legitimately before withdrawal retain the copy of the record they received, subject to their own retention obligations.
  • Deletion: To have your data deleted or anonymised, contact [email protected]. We will process requests in accordance with Australian law.

8. Access and Correction

  • Access: Client Users can access their personal information via the platform at admin.tradesfield.com. Invited Vendor Users can access their information through submission invites sent by Client Users. Vendor Users who signed up directly on the TradesField platform access and correct their information through the vendor portal on the same terms as invited Vendor Users. There are no additional fees for access, beyond subscription costs.
  • Correction: You can update your information directly via the platform. For corrections to third-party data (e.g., from ASIC or QBCC), contact your account representative or [email protected].
  • Contact: For access or correction requests, email [email protected].

9. Complaints and Data Breaches

  • Complaints: If you have a privacy concern, email [email protected]. We will respond within 30 days. If unresolved, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
  • Impersonation on the Network: If a Vendor User believes another party is impersonating their business on the TradesField Network, they should report it to [email protected]. TradesField may suspend a suspect profile pending verification.
  • Data Breaches: In the event of a data breach likely to cause serious harm, we will notify affected users and the OAIC within 72 hours, as required by the Notifiable Data Breaches scheme.

10. Children’s Privacy

Our Services are designed for business-to-business use and are not intended for individuals under 16. We do not knowingly collect personal information from children.

11. Feedback

If you provide feedback or reviews, we may associate it with your full name and email address to follow up for more information. Email addresses are not disclosed publicly, but we may quote feedback and reference your organisation’s name with your consent.

12. Disclaimer

While we take all reasonable efforts to ensure the accuracy and currency of data, we are not liable for inaccuracies in compliance data (e.g., from third-party sources like ASIC, ABR, or trade licence regulators). Users are responsible for verifying the accuracy of their data and ensuring compliance with relevant regulations.

13. Updates to This Policy

We may update this Privacy Policy to reflect changes in our Services or legal requirements. Updates will be posted at www.tradesfield.com/privacy, and we will notify you when you next access our platform. Continued use of the Services constitutes acceptance of the updated policy.

14. Contact Us

For questions, concerns, or requests regarding your personal information, contact us at:

You can download or save a copy of this Privacy Policy from our website. Thank you for trusting TradesField with your personal information.