Privacy Policy

Last updated: 18 April 2026 · Effective from: 18 April 2026

The short version

We're an Australian business that provides CAML, a customer and job management tool for service businesses.
We collect account info, the customer records you store in CAML, and basic usage data. We don't sell it. We don't use it to train third-party AI models.
Your customer data is stored encrypted at rest on Amazon Web Services infrastructure. Passwords and sensitive tokens are hashed using industry-standard algorithms.
We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles, including the Notifiable Data Breaches scheme.
You can request access, correction or deletion of your data at any time by emailing privacy@caml.app.

This Privacy Policy explains how CAML ("CAML", "we", "us" or "our") collects, holds, uses, discloses and protects personal information when you use caml.app, any related subdomain, and the software and services we provide (together, the "Service"). This policy is written to meet our obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"), as well as equivalent obligations where we handle data of individuals in the European Economic Area, the United Kingdom or elsewhere.

By creating an account or using the Service, you acknowledge that you have read and understood this policy.

1. Who we are

The Service is operated by CAML, a business based in Australia. If you need to contact us about privacy, use privacy@caml.app. Our full legal entity name and ABN will be listed here once registered; until then, we remain accountable under this policy as the operator of the Service.

2. The types of personal information we collect

2.1 Information you give us as a CAML account holder

Account and profile: name, email address, password (stored as a salted, one-way hash — we cannot see your password), phone number if provided, and two-factor authentication details.
Business details: business name, trading address, ABN, logo, bank details for invoicing, default quote and invoice terms, hours of operation, services offered, and payment terms.
Billing: subscription plan, Stripe customer and subscription identifiers, invoice history, and billing email. We do not store full card numbers — those are held and processed directly by Stripe under their privacy policy.
Communications: emails, support requests and feedback you send us.

2.2 Information you enter into CAML about your customers and jobs

When you use CAML, you add records such as customer names, addresses, phone numbers, emails, service history, job notes, quotes, invoices, photos and related business records ("Your Customer Data"). You are the collector and primary handler of that data; CAML holds it on your behalf to provide the Service. Section 5 explains the division of responsibility.

2.3 Information collected automatically

Log data: IP address, browser and device type, pages visited, actions taken, timestamps and referring URL.
Security data: login attempts, rate-limiting triggers, two-factor events, and device/session identifiers. This is used to detect abuse and protect your account.
Cookies: a strictly necessary session cookie for authentication and CSRF protection. We do not run third-party advertising cookies. If we add analytics in future, we will update this policy and, where required, ask for your consent.

2.4 Information from Google when you connect a Google account

If you connect a Google account (for contact sync, calendar sync or Gmail sending), we receive only the information needed for the scopes you have granted — typically your Google account identifier, email address, contacts and/or calendar events. We store an encrypted OAuth refresh token so that you don't have to re-authenticate constantly.

Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we do not use Google user data to serve advertising, we do not allow humans to read your Google data except with your explicit consent or where required by law, and we do not transfer or sell your Google data to third parties. You can disconnect Google at any time from your CAML settings, and you can revoke access at myaccount.google.com/permissions.

2.5 Sensitive information

CAML is not designed for storing sensitive information as defined under the Privacy Act (for example, health information, racial or ethnic origin, political views, or criminal records). Please do not enter this kind of information into CAML.

3. Why we collect and how we use it

We use personal information to:

Create and operate your account and the Service.
Process subscriptions, renewals, refunds and GST tax invoices via Stripe.
Send transactional messages (account security, invoice receipts, password resets, service status).
Provide and maintain third-party integrations you have explicitly connected (e.g. Google).
Monitor, troubleshoot and secure the Service, including detecting fraud, abuse and vulnerabilities.
Meet legal, tax, accounting and record-keeping obligations.
Improve the Service using aggregated or de-identified usage patterns that cannot identify you or your customers.
With your consent, send you product updates or marketing emails (you can opt out at any time — every marketing email has a one-click unsubscribe link, consistent with the Spam Act 2003 (Cth)).

We do not sell your personal information, we do not rent it, and we do not share Your Customer Data with advertisers. We do not use your data to train third-party AI or machine-learning models.

4. Legal basis for processing (EEA / UK users)

Where EU or UK data-protection law applies, we process personal information on the following bases: (a) performance of a contract with you; (b) our legitimate interests in operating, securing and improving the Service, balanced against your rights; (c) compliance with legal obligations; and (d) your explicit consent (for example, marketing emails or optional integrations).

5. Your role vs our role (controller / processor)

Under Australian, EU and UK privacy law, there is a distinction between the party that decides why personal data is collected (the controller) and the party that handles it on their behalf (the processor):

For Your Customer Data (data you enter about your customers, jobs, quotes, invoices), you are the controller and CAML acts as your processor. You are responsible for having a valid legal basis to collect that data from your customers, for providing them with your own privacy notice, and for responding to their access/correction/deletion requests. We will help you action such requests on reasonable notice.
For your own CAML account data (your name, email, billing, etc.), we are the controller.

6. Who we share information with

We only share personal information with service providers that need it to operate CAML, and only under written agreements that require confidentiality and appropriate data protection. Our current sub-processors are:

Sub-processor	Purpose	Data location
Amazon Web Services (Lightsail)	Hosting, database, backups	Australia / United States
Stripe	Subscription billing & payment processing	Australia / United States
Google (OAuth, Calendar, Contacts, Gmail)	Integrations you choose to connect	Global (per Google)
Cloudflare	DNS, DDoS protection, TLS termination	Global edge
Our outbound email provider	Transactional and marketing email delivery	Global

We may also disclose information (a) if required by law, regulation, court order or government request; (b) to protect the rights, property or safety of CAML, our customers or the public; or (c) in connection with a merger, sale of all or substantially all of our assets, or change of control — in which case the acquirer will be bound to the same privacy commitments or we will give you the chance to withdraw your data first.

7. Where your information is stored

CAML runs on Amazon Web Services infrastructure. Your account data and Your Customer Data are stored in the AWS region we have configured for production (currently AWS Asia Pacific, Sydney). Automated backups are stored in the same region. Some sub-processors listed above operate globally — for example, email delivery and Google integrations — which may involve a cross-border transfer of personal information. Where a cross-border transfer occurs, we take reasonable steps required by APP 8 to ensure the overseas recipient handles the information in a way consistent with the APPs, or we rely on an exception under the Privacy Act.

8. How we protect your information

We take information security seriously. Our current controls include:

HTTPS/TLS encryption for all traffic between you and the Service.
At-rest encryption of sensitive columns (including OAuth refresh tokens) using AES-based Fernet encryption with a key we control and rotate.
One-way HMAC-SHA256 hashing of password reset tokens, email verification tokens and two-factor authentication codes, so a database leak does not expose live credentials.
PBKDF2/bcrypt-style one-way hashing for user passwords.
Optional two-factor authentication on every account.
Rate limiting and account lockout on authentication endpoints.
CSRF protection, secure and HttpOnly session cookies, and a strict security header policy.
Least-privilege database access, daily automated backups and disk-level encryption on the underlying AWS volume.
Internal access to production data is restricted to authorised personnel and logged.

No system is perfectly secure, and we cannot guarantee absolute security. If we ever detect a data breach that is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required, without undue delay.

9. How long we keep your information

Active accounts: for as long as your account is open.
Closed accounts: we retain account and customer data for up to 90 days after closure to allow recovery from accidental deletion, then we delete or de-identify it, except where we're required to keep it longer (see below).
Financial records (invoices, tax data, Stripe records): retained for at least 7 years to comply with Australian tax and corporations law.
Backups: rolling backups are retained for up to 30 days. Data you delete from CAML continues to exist in those backups until they naturally age out.
Security and access logs: retained for up to 12 months for fraud prevention and investigation.

If you want us to delete your account and data before these retention periods naturally expire, email privacy@caml.app and we will action it consistent with any legal hold.

10. Your rights

You have the right to:

Ask us what personal information we hold about you and get a copy.
Ask us to correct information that is inaccurate or out of date.
Ask us to delete your account and associated personal information, subject to the retention rules in Section 9.
Export Your Customer Data in a machine-readable format (CSV).
Withdraw consent for marketing communications at any time.
Complain to us about how we've handled your information.

To exercise any of these rights, email privacy@caml.app. We will acknowledge within 7 days and respond substantively within 30 days, or tell you if we need longer. We may need to verify your identity before acting on a request. You may also authorise an agent to make a request on your behalf; we will verify both the agent's authority and your identity.

If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. EEA/UK residents may complain to their local data protection authority. US state residents may complain to their state Attorney General.

11. Additional information for EEA and UK residents (GDPR / UK GDPR)

If you are located in the European Economic Area, Switzerland or the United Kingdom, the General Data Protection Regulation ("GDPR") or UK GDPR applies to our processing of your personal information. This section supplements (and to the extent of any conflict, overrides) the earlier sections.

11.1 Data controller

For your own CAML account data, CAML is the data controller. For information you put into CAML about your own customers, you are the data controller and we act as your data processor under Article 28 GDPR. If you need a Data Processing Addendum (DPA) for your records or audit, email privacy@caml.app and we will provide one.

11.2 Legal bases

We rely on the legal bases already described in Section 4: performance of contract, legitimate interests, legal obligation, and (where relevant) consent.

11.3 Your GDPR rights

In addition to the rights in Section 10, you have the right to:

Object to processing based on legitimate interests (including direct marketing).
Restrict processing in certain circumstances (for example, while we verify accuracy of data you've challenged).
Data portability — receive your personal data in a structured, commonly used, machine-readable format, and have it transmitted to another controller where technically feasible.
Withdraw consent at any time where we rely on consent, without affecting the lawfulness of processing before withdrawal.
Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not carry out such processing.

11.4 International transfers out of the EEA / UK

CAML is based in Australia and uses sub-processors in Australia, the United States and globally. When personal data is transferred out of the EEA or UK, we rely on appropriate safeguards as required by GDPR Articles 44–49, including:

The European Commission's Standard Contractual Clauses (SCCs) (and the UK International Data Transfer Addendum where relevant) with sub-processors that require them;
Transfers to the United States to recipients certified under the EU-US Data Privacy Framework (and UK extension / Swiss-US Framework) where available;
Australia is not currently the subject of an EU adequacy decision; transfers to CAML in Australia rely on SCCs between the controller (you) and CAML, available on request.

You can request a copy of the safeguards in place, with commercially sensitive terms redacted, by emailing privacy@caml.app.

11.5 Supervisory authority

You have the right to lodge a complaint with your local data protection authority. A list is maintained by the European Data Protection Board. UK residents may contact the Information Commissioner's Office (ICO).

11.6 EU / UK representative

CAML's processing of EEA/UK data is occasional and limited to operating the Service for individual business customers who choose to sign up, and does not involve large-scale processing of special-category data. On that basis we currently rely on the exemption in Article 27(2) GDPR from appointing an EU representative. We will appoint a representative if and when we are required to, and will update this policy to identify them.

12. Additional information for United States residents

12.1 California (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA") gives you the following rights in addition to those in Section 10:

Right to know what categories of personal information we have collected about you, the sources, the business purposes for collecting it, and the categories of third parties we share it with.
Right to delete personal information we have collected, subject to exceptions permitted by law (for example, to complete a transaction, detect security incidents or comply with a legal obligation).
Right to correct inaccurate personal information.
Right to limit use of sensitive personal information. We do not use sensitive personal information for purposes beyond providing the Service.
Right to opt out of sale or sharing. We do not sell your personal information, and we do not share it for cross-context behavioural advertising, as those terms are defined under the CCPA. Accordingly there is nothing for you to opt out of, but the right exists and we will honour it if that ever changes.
Right to non-discrimination for exercising your rights.

To exercise CCPA rights, email privacy@caml.app. We will verify your identity before responding and will respond within the statutory 45-day period (extendable by another 45 days where permitted).

12.2 Other US states

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana and other US states with comprehensive privacy laws have comparable rights (access, correction, deletion, portability, opt-out of targeted advertising and sale). We treat all such requests under the same process as Section 10. Email privacy@caml.app and we will respond within the timeframes required by your state law.

12.3 Do Not Track

Our Service does not currently respond to "Do Not Track" browser signals because no consistent industry standard has been adopted. We do honour Global Privacy Control (GPC) signals where technically feasible as an opt-out of sale/sharing — though, as noted above, we do not sell or share personal information.

12.4 Children under 13

The Service is not directed at children under 13 and we do not knowingly collect personal information from children under 13 as defined under the Children's Online Privacy Protection Act (COPPA). If you believe we have collected information from a child under 13, contact us and we will delete it.

12.5 Commercial email (CAN-SPAM)

Our commercial emails comply with the US CAN-SPAM Act: accurate sender identification, clear subject lines, a physical mailing address, and a functional unsubscribe mechanism. You are responsible for ensuring that any commercial emails you send through CAML to your own customers comply with CAN-SPAM and equivalent laws (see Section 4 of our Terms of Service).

13. Children

The Service is for businesses and is not directed at children. We do not knowingly collect personal information from anyone under 16 (or under 13 if you are in the United States). If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

14. Marketing communications

When you sign up, we may send you infrequent product updates and onboarding emails. Every marketing email contains a one-click unsubscribe link. Transactional emails (receipts, invoices, password resets, security alerts, critical service notices) will continue even if you unsubscribe from marketing, because they are required to operate your account. For recipients in the EEA or UK, we rely on opt-in consent for marketing as required by the ePrivacy Directive and UK PECR.

15. Changes to this policy

We will update this policy from time to time. If we make a change that materially affects your rights, we will tell you by email or a prominent in-app notice at least 14 days before it takes effect, except where the change is required for legal or security reasons. The "Last updated" date at the top of this page always shows the current version.

16. Contact us

Privacy enquiries: privacy@caml.app
General support: support@caml.app