Privacy Policy

LegalLast updated: March 2026

1. About This Policy

This Privacy Policy explains how Syntaq Solutions Pty Ltd (ABN 78 623 223 889), the operator of StructureGram (“we”, “us”, “our”), collects, uses, stores, discloses, and protects personal information when you use our web application StructureGram (“Service”).

We are committed to protecting your privacy and complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

2. Information We Collect

2.1 Information You Provide

When you use StructureGram, we collect information you provide directly, including:

  • Account information: Name, email address, and password when you create an account
  • Profile information: Optional details you add to your profile
  • Entity data: Information about individuals, companies, trusts, SMSFs, partnerships, and other entities you create or upload, including names, relationships, and associated details. This may include personal information about clients, directors, shareholders, beneficiaries, family members, and other third parties.
  • Organisation information: Details about organisations you create or join, including team member information
  • Integration and import data: Data you choose to import, sync, or upload from third-party services or external sources, including services such as Xero, Xero Practice Manager, ASIC, and similar providers
  • Payment information: When you subscribe to a paid plan, payment details are collected and processed by our payment provider, Stripe
  • Communications: Messages you send to us for support or feedback

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Usage data: How you interact with the Service, features you use, and actions you take
  • Device information: Browser type, operating system, and device identifiers
  • Log data: IP addresses, access times, pages viewed, request metadata, and diagnostic information
  • Cookies: We use essential cookies to keep you logged in and remember your preferences
  • Security and audit events: Login activity, access attempts, sensitive-data access events, integration events, and other audit and security records used to protect the Service and investigate incidents

2.3 Information From Third Parties and Connected Services

If you connect third-party services or use import features, we may receive information from those sources on your behalf. This can include account identifiers, organisation data, registry data, and records relating to your clients or other third parties.

You are responsible for ensuring that you have the necessary authority, rights, notices, and consents to provide that data to StructureGram and to instruct us to process it for you.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Send you technical notices, updates, support messages, and, where permitted by applicable law, information about relevant features, offers, promotions, and events related to the Service
  • Respond to your comments, questions, and requests
  • Monitor and analyse trends, usage, and activities
  • Detect, investigate, and prevent fraudulent transactions and abuse
  • Operate imports, exports, syncs, and third-party integrations that you enable
  • Maintain audit trails, security logs, and incident response records
  • Personalise and improve your experience
  • Process account deletion requests and maintain limited records needed after deletion
  • Comply with legal obligations

Where we send promotional communications, you may opt out of those messages using the unsubscribe mechanism in the communication or by contacting us. Service-related notices and operational communications will still be sent where necessary for your account or use of the Service.

4. How We Share Your Information

We share information with trusted third parties who help us operate our Service, such as:

  • Supabase: Database hosting and authentication (data stored in Australia)
  • Vercel: Application hosting (application hosted on Australian servers, but may transfer data globally for processing)
  • Stripe: Payment processing (PCI-DSS compliant)
  • Monitoring and logging providers:Providers that help us monitor errors, performance, abuse, and security events
  • Third-party integration providers:Services you choose to connect or exchange data with, such as Xero, Xero Practice Manager, ASIC, and similar providers
  • Organisation administrators and team members: Information made available within the tenancy or organisation workspace you belong to
  • Professional advisers, regulators, and law enforcement: Where reasonably necessary to comply with law, protect our rights, investigate incidents, or respond to valid legal requests

5. Data Retention and Deletion

We keep personal information for as long as reasonably necessary to provide the Service, manage your account, comply with our legal obligations, resolve disputes, enforce our agreements, and maintain security and audit records.

If you confirm account deletion, we permanently delete your core account data and user content from the application promptly and without a recovery window. Deleted content cannot be restored.

Even after account deletion, we may retain limited records where reasonably necessary, including audit logs, security logs, billing and transaction records, support records, records needed for fraud prevention or dispute resolution, and records we are required to keep by law or security standards. Where integrations such as Xero are enabled, related integration audit logs may be retained for at least 12 months.

6. Overseas Disclosure and Cross-Border Processing

We primarily store application data in Australia, but some service providers and integration partners may process data outside Australia. This may occur in connection with hosting, content delivery, payment processing, monitoring, support tooling, and third-party integrations you choose to enable.

By using the Service and enabling integrations, you acknowledge that personal information may be disclosed to overseas recipients or processed in overseas jurisdictions, subject to the protections and contractual controls we put in place.

7. Security and Logging

We use technical and organisational safeguards designed to protect personal information, including access controls, encryption, monitoring, and audit logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

We maintain logs and audit records to help secure the Service, investigate incidents, detect misuse, and support compliance requirements. Some of these records may contain personal information and may be retained after account deletion as described in this policy.

8. Access, Correction, and Complaints

You may request access to personal information we hold about you and request correction of inaccurate or incomplete information, subject to applicable legal exceptions.

If you have a privacy complaint, please contact us first so we can investigate and try to resolve it. If you are not satisfied with our response, you may be able to refer your complaint to the Office of the Australian Information Commissioner.

9. Contact

If you have questions about this Privacy Policy, please contact us via the details provided in the app.