FormFinder logoFormFinder

Legal

Privacy Policy

Last updated: 1 May 2026

FormFinder Pty Ltd ("FormFinder", "we", "us") respects your privacy and is committed to handling personal information in accordance with the Australian Privacy Principles ("APPs") under the Privacy Act 1988 (Cth). This policy explains what we collect, why, and what control you have.

1. What we collect

  • Account data — email address, password hash, preferred language, subscription tier.
  • Profile data you choose to add — name, date of birth, address, ABN, TFN (encrypted), Medicare number (encrypted), and other details you enter to auto-fill forms.
  • Documents — images and PDFs uploaded to your wallet, encrypted at rest.
  • Voice and OCR input — audio recordings and document scans processed to fill forms. Discarded after processing unless you opt in to save them.
  • Usage data — anonymised analytics (via Plausible) covering page views, feature use, and crash reports.

2. Why we collect it

To provide the FormFinder service: pre-filling forms, sending reminders, identifying applicable concessions, and routing council issue reports. We also use minimal data to operate the business — billing, fraud prevention, customer support, and improving the product.

3. What we don't do

  • We don't sell or rent your personal information.
  • We don't train AI models on your personal data.
  • We don't share your data with advertisers or data brokers.
  • We don't submit forms to government agencies on your behalf without your explicit, per-submission confirmation.

4. Where data is stored

Personal data is stored on infrastructure located in Australia (Supabase, AWS Sydney region). Backups are encrypted and stored within Australia. Sub-processors used (Resend for email, Plausible for analytics, Cloudflare for CDN and bot protection) may process traffic outside Australia but do not store personal customer data long-term.

5. How we protect it

Encryption in transit (TLS) and at rest (AES-256). Sensitive identifiers (TFN, Medicare, driver licence numbers) are encrypted with per-user keys. Access to production data is restricted to staff with operational need. Annual third-party security review.

6. Your rights

Under the APPs and applicable law, you can:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your account and all associated data.
  • Export your data in a portable format.
  • Make a complaint about how we've handled your information.

Email hello@formfinder.com.au to exercise any of these rights. We respond within 30 days.

7. Children

FormFinder is not directed to children under 16. If you believe a child has provided personal information, contact us and we'll delete it.

8. Updates to this policy

We'll update this page when our practices change and notify active users by email for material changes.

9. Complaints

If you're unhappy with our response to a privacy concern, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

FormFinder Pty Ltd · ACN 698 094 843 · Australia