Last Reviewed: 06 January 2025

Privacy Policy

This Privacy Policy explains how Haystack Australia Pty Ltd (“Haystack”, “us”, “we”, or “our”) collects, uses, discloses, and otherwise processes Personal Data when you use our website (https://thehaystackapp.com) and the Haystack App mobile application (collectively, the “Service”). It also describes your choices regarding the use, access, and correction of your Personal Data and outlines certain rights that residents of specific regions (such as the European Economic Area (EEA), California, and Australia) may have under applicable data protection laws.

Please read this Privacy Policy carefully. By using the Service, you agree to the collection, use, and disclosure of information in accordance with this Privacy Policy and our Terms and Conditions. If you do not agree with these terms, you may not use our Service.

1. Definitions

Service: Refers to the https://thehaystackapp.com website and the Haystack App mobile application operated by Haystack Australia Pty Ltd.
Personal Data: Data about a living individual who can be identified from that data (or in combination with other data likely to come into our possession).
Usage Data: Data collected automatically either generated by the use of the Service or from the Service infrastructure itself (e.g., the duration of a page visit).
Cookies: Small text files stored on your device (computer or mobile) by websites you visit.
Data Controller: The natural person or legal entity (alone or jointly) who determines the purposes and means of the processing of Personal Data.
Data Processors (or Service Providers): A natural or legal person who processes the data on behalf of the Data Controller. For the purpose of this Privacy Policy, we act as a Data Processor.
Data Subject (or User): Any living individual who is using our Service and is the subject of Personal Data.

2. Information Collection and Use

We collect several types of information for a variety of purposes to provide and improve our Service.

2.1 Personal Data

While using our Service, you may provide us with, or we may ask you to provide, certain personally identifiable information (“Personal Data”) that can be used to contact or identify you. This may include, but is not limited to:

Contact details: Email address, phone number, social media profiles
Identity details: First name, last name
Work-related information: Company name, job title, and work contact information
Media: Profile image, image of paper business cards
Cookies and Usage Data

We may use your Personal Data to:

Provide you with the features and functionalities of our Service
Communicate with you about updates, marketing materials, and other information that may be of interest
Respond to your requests or questions
Improve the security and performance of our Service

You may opt out of receiving certain marketing communications by clicking the “unsubscribe” link in any email or contacting us at any time.

2.2 Usage Data

When you use our Service, certain information is automatically collected, including:

Your computer's IP address, browser type/version, the pages you visit, and the time/date of your visit
When accessing the Service via mobile device: device type, unique device ID, IP address, operating system, browser type, and other diagnostic data

2.3 Location Data

We may request permission to use and store information about your location. We use location data to provide certain features and customize the Service. You may enable or disable location services at any time in your device settings.

Cookies and Tracking

Our Service uses cookies (or similar technologies) to enhance user experience and analytics. You can control cookies at the browser or device level, but disabling cookies may limit certain functionalities of our Service.

3. Use of Data

Haystack Australia Pty Ltd uses the collected data for various purposes, including:

To provide and maintain our Service
To notify you about changes to our Service
To allow you to participate in interactive features of our Service
To provide customer support
To gather analysis or valuable information so that we can improve our Service
To monitor the usage of our Service
To detect, prevent, and address technical issues

4. Legal Bases for Processing (EEA)

If you are from the European Economic Area, our legal basis for collecting and using the Personal Data described in this Privacy Policy depends on the context of collection:

Consent: You have given us permission to process your data.
Contract: Processing is necessary for the performance of a contract with you or your employer.
Legitimate interests: Processing is in our legitimate interests (e.g., improving our Service), balanced against your data protection rights.
Legal obligation: We must comply with a legal requirement.
Payment processing: As needed to facilitate your transactions.

5. Retention of Data

We retain Personal Data only for as long as necessary for the purposes set out in this Privacy Policy, including to comply with legal obligations, resolve disputes, and enforce our agreements:

Customer Data: Retained for as long as the account remains active. You can delete your data and/or close your account at any time. Upon your request, we will remove your data within 30 days.
Usage Data: Generally retained for shorter periods unless used for security, functionality improvements, or legal obligations.

We encourage you to download any data you wish to keep before closing your account.

6. International Data Transfers

Haystack's cloud servers are located in the EEA region. Some of our employees are located in the US, Australia and the EEA, and some of our Sub-Processors may store some data outside of the EEA. Your information, including Personal Data, may be transferred to and stored on servers located outside your jurisdiction (including servers in the EEA, the United States, Australia, or other locations where our or our service providers' facilities operate). We ensure adequate data protection measures in place, including the use of Standard Contractual Clauses or equivalent mechanisms for cross-border transfers from the EEA.

7. Disclosure of Data

7.1 Business Transactions

If Haystack Australia Pty Ltd is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before such a transfer becomes subject to a different privacy policy.

7.2 Law Enforcement

We may disclose your Personal Data when required by law or in response to valid requests by public authorities (e.g., a court or government agency).

7.3 Other Legal Requirements

We may disclose your Personal Data if we believe such action is necessary to:

Comply with a legal obligation
Protect or defend the rights or property of Haystack Australia Pty Ltd
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Service users or the public
Protect against legal liability

8. Security of Data

We implement strong security measures to protect your Personal Data; however, no method of electronic transmission or storage is fully secure. We strive to use commercially acceptable means to protect your Personal Data but cannot guarantee absolute security.

9. Your Rights

If you are in the EEA, you have certain data protection rights, including:

Access: Request a copy of your Personal Data.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your data (where applicable).
Restriction: Request we limit processing of your data (where applicable).
Data Portability: Request a copy of your data in a structured, commonly used format.
Objection: Object to processing of your data under certain circumstances.
Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time.

We may request verification of your identity before fulfilling certain requests. You also have the right to lodge a complaint with your local data protection authority.

9.2 CCPA (California Residents)

If you are a California resident, you have specific privacy rights under the California Consumer Privacy Act (CCPA), including the right to:

Know what Personal Data we collect, use, disclose, and sell (we do not sell Personal Data).
Request that we delete Personal Data we have collected about you (subject to certain exceptions).
Opt-out of the sale of Personal Data (we do not sell Personal Data).
Non-discrimination for exercising any of your CCPA rights.

If you wish to exercise any of your rights under CCPA, please contact us at the email provided at the end of this policy.

9.3 Australian Privacy Principles (APPs)

If you are an Australian resident, this Privacy Policy and our practices are designed to comply with the Australian Privacy Principles (APPs). You have the right to:

Access and correct your Personal Data
Make a complaint about our handling of your Personal Data
Withdraw consent to any direct marketing communications

We will handle any complaints in accordance with our obligations under the APPs.

10. Service Providers and Sub-Processors

We employ third-party companies and individuals to facilitate our Service (“Service Providers” or “Sub-Processors”), provide the Service on our behalf, or assist us in analyzing its use. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

A list of third-party sub-processors of Personal Data is available upon request by contacting our support team at moc.ppakcatsyaheht@ycavirp+troppus.

11. Analytics

We use third-party analytics providers (e.g., Google Analytics, Firebase, PostHog) to help us understand how our Service is being used. These providers use Cookies and/or similar technologies to collect information about your use of the Service, which helps us improve performance and user experience. For more information about their practices, please visit their respective privacy policies.

12. Behavioral Remarketing

While our core Service is free from Behavioral Remarketing, our marketing website may use such technologies. We may use certain remarketing services (e.g., Google Ads) to advertise on third-party websites after you visited our Website. You can opt-out of Google's interest-based ads and control your ad preferences via Google's Ad Settings page. We do not use Facebook remarketing services.

13. Payments

If you purchase our paid products or services, we use third-party payment processors (e.g., Stripe). We do not store or collect payment card details—those are provided directly to the payment processors and are governed by their privacy policies. The payment processors we use adhere to the PCI-DSS standards, which ensure the secure handling of payment information.

14. Links to Other Sites

Our Service may contain links to third-party sites that are not operated by us. If you click these links, you will be directed to those sites. We strongly advise you to review the Privacy Policy of every site you visit, as we have no control over their content or practices.

15. Children’s Privacy

Our Service does not knowingly address or collect Personal Data from individuals under 18. If you are a parent or guardian aware that your child has provided us with Personal Data, please contact us so we can take steps to remove such information.

16. AI Privacy Notice

Where we use Artificial Intelligence (“AI”) services or AI-driven tools to process certain Personal Data (e.g., for automated analysis, categorization, or personalization), we do so in accordance with applicable data protection laws and with appropriate safeguards in place. The use of AI may include:

Data analysis and insights: We may use AI to identify trends or patterns in usage for improving our Service.
Personalization: AI-driven algorithms may tailor certain functionalities or user experiences, but only after we have ensured that the algorithm's outputs align with users' reasonable expectations and applicable laws.
Security: AI-based tools may assist in threat detection and prevention of fraudulent activities.

We regularly monitor and review our AI systems to ensure fairness, transparency, and compliance with relevant laws (including GDPR, CCPA, and Australian privacy laws). If you have any concerns or would like more information about our AI practices, please contact us.

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Any changes become effective when we post the revised policy on this page. We will notify you via email or through a prominent notice on our Service prior to the changes becoming effective and update the “Last Reviewed” date at the top of this Privacy Policy.

We encourage you to review this Privacy Policy regularly to stay informed about our practices.

18. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: moc.ppakcatsyaheht@ycavirp+troppus

Haystack Australia Pty Ltd is an Australian-registered SaaS company providing services to clients in Europe, the US, Australia, and other regions. We strive to protect your privacy in accordance with all relevant legislation, including the GDPR, CCPA, and applicable Australian privacy laws.