Privacy Policy

This Privacy Policy explains how Skip & Co Pty Ltd (ABN 99 620 526 614) (“Skip & Co”, “we”, “us”, “our”) collects, uses, stores, discloses, and protects personal information. Skip & Co operates as an Australian waste-management consultancy and software provider. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

We collect the following categories of personal information:

• Contact details you submit to us (name, business name, email address, phone number, suburb, site count) when you fill in our contact form or otherwise enquire about our services.
• Operational data generated by IoT sensors deployed at customer sites: fill levels, pickup events, battery state, temperature, timestamps. This data is collected on behalf of, and at the direction of, the customer who owns the bins.
• Technical data automatically logged by our hosting provider during your visit: IP address, browser type, page-view timestamps, referring URL.
• Authentication data for users of the client portal: session cookies, login timestamps.

We use personal information to:

• respond to enquiries you submit;
• deliver, maintain and improve our services;
• generate carbon-emissions statements, ledger entries, and operational reporting for customers;
• diagnose and prevent service abuse or fraud;
• comply with our legal and regulatory obligations.

We use the following third-party services to operate our platform. Each is bound by their own privacy and security commitments:

• Vercel Inc., website hosting and edge functions. Some processing may occur in jurisdictions outside Australia.
• Our IoT sensor partner, the platform that originates fill-level and pickup-event data on behalf of customers.
• Resend, transactional email delivery (e.g. contact form submissions).
• GitHub Inc., source code and deployment history.

We do not sell personal information to any third party. We do not share personal information with third parties for advertising purposes.

Skip & Co uses a minimal set of cookies, all of which are strictly necessary for the operation of the client portal:

• portal_gate, a session cookie that records whether you have successfully entered your portal access credentials. Expires after 30 days. Httponly, SameSite=Lax, Secure in production.

We do not currently use any analytics, advertising, or third-party tracking cookies. If this changes, we will update this policy and add a cookie-preference control before deploying them.

Contact enquiries are retained for up to 24 months unless you request earlier deletion. Operational sensor data is retained for the duration of the customer relationship plus a reasonable archival period for regulatory reporting (typically 7 years for environmental records). On customer request, we will delete personal data subject to any legal retention obligations.

We protect personal information using TLS in transit, encrypted storage at rest where supported by our processors, role-based access controls, and credentials managed through encrypted environment variables. No system is perfectly secure; we will notify affected individuals and the OAIC of any eligible data breach in accordance with the Notifiable Data Breaches scheme.

You have the right to:

• request access to the personal information we hold about you;
• request correction of inaccurate or out-of-date information;
• request deletion of your information (subject to legal retention);
• opt out of any non-essential communications (commercial electronic messages will always include an unsubscribe option under the Spam Act 2003);
• complain about our handling of your personal information, first to us, and if unresolved, to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Some of our processors (notably Vercel) may store or process data in jurisdictions outside Australia, including the United States. Where this occurs, we take reasonable steps to ensure the processor handles personal information consistently with the APPs.

Our services are not directed at children under 16. We do not knowingly collect personal information from children.

We may update this policy from time to time. Material changes will be communicated by updating the “Last updated” date above and, where appropriate, notifying account holders by email.

For any privacy-related question, request, or complaint, contact our privacy officer at privacy@skipnco.com.au. We aim to respond within 30 days.