Privacy Policy

Micromarkets Technology Proprietary Limited (ABN 67 683 366 378) ("Micromarkets," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"). This Privacy Policy explains how we collect, use, disclose, store and secure personal information when you visit or use micromarkets.ai and related services (the "Service").

By creating an account, submitting a form, continuing to use the Service after this Policy is made available, or otherwise providing personal information, you consent to our handling of that information as described below. For analytics and advertising tags, you can opt out at any time through your browser settings or the controls described in "Your Privacy Choices & Rights".

• Identity & Contact — first name, last name, email, industry (and, optionally, job title & company).
• Payment — transaction status and last-4 card digits supplied by Stripe; we never store full card details.
• Usage — log files (IP address, session IP, browser, OS, pages viewed, timestamps) and in-product analytics events.
• Communications — support tickets, email threads, in-app messages.
• Marketing Preferences — opt-in/opt-out flags, email engagement (opens/clicks).
• Technical — device type, connection metadata, error reports.
• Location — approximate location inferred from IP; precise location only if a future feature explicitly asks for it and you grant permission.
• Voluntary submissions — survey responses, feedback, uploaded attachments.

We do not intentionally collect sensitive information (e.g., health or biometric data). Please do not provide it.

• Directly from you — account sign-up, forms, surveys, emails, live-chat.
• Automatically — cookies, local-storage objects, web beacons, SDKs and similar technologies.
• Service Providers — payment processor (Stripe), cloud hosting, analytics and support platforms.

Provide & Maintain the Service

• Create and manage accounts; authenticate users.
• Process subscription payments and send receipts.
• Deliver platform features, dashboards and alerts.

Improve & Personalise

• Analyse aggregate usage to fix bugs, improve performance and enhance UX.
• Tailor content, insights and recommendations in-product.

Communications & Marketing

• Send transactional notices (security, billing, policy updates).
• With your opt-in, send product news, surveys, research and promotions.
• Measure campaign effectiveness and convert high-level interest into product education.

Legal, Security & Compliance

• Enforce our Terms of Service and prevent fraud or abuse.
• Comply with court orders, subpoenas and regulatory obligations.

We use cookies and similar technologies for three purposes: (1) essential (authentication, security), (2) analytics (feature adoption, performance, and first-party measurement of the pages viewed and the navigation path taken, which is anonymous or pseudonymous and is never sold), and (3) marketing/advertising (audience measurement and ad relevance). You can manage non-essential categories through your browser settings; essential cookies cannot be switched off.

We use analytics/advertising tools including Meta (Facebook) Pixel and Google tags (e.g., Google Analytics 4 / Ads). For the limited purpose of attribution and improving our services and advertising effectiveness, we may share: email (hashed where applicable), IP address, and session IP with these providers.

• Meta technologies — to measure conversions and build/measure audiences for our ads on Meta platforms.
• Google technologies — to understand site usage and attribute ad performance across Google properties.

You can opt-out of personalised ads by adjusting your Meta Ad Preferences and Google Ads Settings. Browser-level controls (including private browsing and blocking third-party cookies) may also limit tracking.

• Payment processing — Stripe (we receive tokenised results; see privacy policy).
• Cloud hosting & infrastructure — Supabase (authentication & database), Vercel (application hosting & delivery) and similar providers that store and process platform data and logs on our behalf.
• Analytics & advertising — Meta and Google (limited identifiers: email, IP, session IP) for measurement and ad relevance as described above.
• Professional advisers — lawyers, auditors and insurers under confidentiality obligations.
• Regulators or law-enforcement — where required by law or to protect rights, safety or property.
• Business transfers — in a merger, acquisition or reorganisation, subject to this Policy or equivalent protections.
• With your consent — any other disclosure you authorise.

All vendors are vetted and bound by obligations consistent with the APPs.

Some providers store or process information in the United States, the European Union and other jurisdictions. Where we disclose personal information overseas, we take reasonable steps (contractual clauses, security controls, due diligence) to ensure it is handled in a manner that offers a level of protection comparable to the APPs (APP 8).

• Encryption in transit (TLS 1.2+) and at rest for applicable systems.
• Role-based access controls and multi-factor authentication for staff.
• Regular security reviews, vulnerability scanning, and least-privilege practices.
• ISO-27001 aligned cloud hosting zones and audit logging.
• Incident-response plan aligned with the Notifiable Data Breaches scheme.

No internet transmission is 100% secure; you use the Service at your own risk.

We keep personal information only as long as needed for the purposes described in this Policy or as required by law. When no longer required, data is securely erased or de-identified. Backups are overwritten on a rolling 35-day cycle. Transactional records may be retained to meet tax, accounting and regulatory obligations.

• Access — request a copy of personal information we hold about you.
• Correction — ask us to rectify inaccurate or incomplete information.
• Deletion — request deletion or de-identification where we no longer need the data or where we are not required to retain it.
• Marketing controls — unsubscribe via any email footer, adjust your preferences in-product, or email us.
• Cookies & tags — decline non-essential tags (analytics/advertising) at any time through your browser settings or device controls.

Contact privacy@micromarkets.ai. We respond within 30 days and may verify your identity first.

The Service is intended for business and adult users and is not directed to anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us and we will take appropriate steps to delete it.

If we suspect an eligible data breach under the Privacy Act 1988, we will promptly investigate. Where required, we will notify affected individuals and the OAIC as soon as practicable and provide guidance on steps you can take.

Our platform may link to external sites. We are not responsible for their privacy practices. Review the privacy statements of any site you visit.

If you have questions or concerns about how we handle your personal information, email contact@micromarkets.ai. We will work with you to resolve your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

We may update this Policy from time to time. Material changes will be announced by email or in-app banner at least 14 days before taking effect, unless earlier implementation is required for legal or security reasons. The "last updated" date below reflects the latest revision.