Legal
Privacy Policy
How Matora collects, uses, stores, discloses, and protects your personal information.
Last updated: 15 June 2026
1. Introduction
1.1 This Privacy Policy explains how Matora [Pty Ltd] (ABN [to be inserted upon incorporation]), trading as Matora ("we", "us", "our"), collects, uses, stores, discloses, and protects personal information in connection with the Matora application and related services (the "Service"). The Service is a report-building application that enables users to organise job-based data (including images, text, and audio recordings) and generate professional reports.
1.2 We are committed to complying with the Australian Privacy Principles ("APPs") set out in Schedule 1 of the Privacy Act 1988 (Cth) ("Privacy Act").
1.3 By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.
1.4 This Privacy Policy applies to the Matora iOS and iPad application ("App"), any associated web-based services, and any other platforms through which we may offer the Service.
2. Who We Are
2.1 Matora [Pty Ltd] (ABN [to be inserted upon incorporation]) is an Australian entity based in Victoria.
2.2 Our contact details are set out in Section 20 of this Privacy Policy.
3. Information We Collect
3.1 We collect the following categories of personal information in connection with the Service:
3.2 Account Information
When you create an account, we collect your name, email address, company name, business details, and role.
3.3 Job Data
3.3.1 The Service enables you to create and manage job records, which may include job descriptions, site addresses, client details, notes, and custom fields.
3.3.2 Where you input personal information relating to your clients or other third parties into the Service, you are the data controller (or equivalent under applicable law) for that information, and Matora acts as a data processor on your behalf. You are responsible for ensuring that you have obtained all necessary consents and authorisations before entering third-party personal information into the Service.
3.4 Media
3.4.1 The Service allows you to capture or upload photographs and record audio within the App. Audio recordings may be transcribed using on-device speech recognition provided by your device's operating system (Apple Speech framework). Transcription is performed entirely on your device and audio data is not transmitted to external servers for transcription purposes.
3.4.2 Photographs may contain identifiable information about individuals or locations. Audio recordings may capture the voices of individuals present during recording. You are responsible for obtaining any necessary consents before capturing photographs or recording audio using the Service.
3.5 Reports
The Service enables you to generate PDF reports using templates. Generated reports, report templates, and associated data are stored as part of your account.
3.6 Financial Data
The Service may store quotes, cost estimates, and labour rates that you enter. We do not collect or store payment card information directly; payment processing is managed by Apple (for in-app purchases) or Stripe (for web-based subscriptions).
3.7 Device Information
3.7.1 We collect information about the device you use to access the Service, including device type, operating system version, application version, and device identifiers used for synchronisation purposes.
3.8 Usage Data
3.8.1 We collect data relating to your use of the Service, including feature usage statistics, crash logs, and performance data. On our website, this data is collected using Microsoft Clarity, which provides analytics, heatmaps, and session recordings, and Tawk.to, which provides our live chat function. The Matora App does not currently incorporate third-party analytics or crash-reporting tools; if we introduce them, we will update this Privacy Policy to identify the providers. This information helps us improve the Service and diagnose technical issues.
3.9 Subscription Data
We collect information about your subscription tier and billing status. Subscription payments are managed by Apple (for in-app purchases) or Stripe (for web-based subscriptions).
3.10 Location Information
With your permission, the Service accesses your device's location to display the location of a job site on a map and to associate location information with your job records. The App may collect approximate (coarse) location data for this purpose. You can enable or disable location access at any time through your device settings. If you decline location access, location-dependent features will be unavailable, but you may otherwise continue to use the Service.
3.11 Calendar and Reminders Access
With your permission, the Service can access your device's calendar and reminders to sync scheduled site visits and job appointments so that they appear alongside your other events. This information is processed through your operating system's calendar and reminders on your device. You can enable or disable this access at any time through your device settings.
4. How We Collect Information
We collect personal information in the following ways:
- Directly from you when you create an account, enter data into the Service, or contact us.
- Automatically when you use the Service, including device information and usage data.
- From Apple when you make in-app purchases or subscribe to the Service.
- When you share reports via your device's native sharing functionality.
- From third-party integrations that you choose to enable.
5. How We Use Information
5.1 We use your personal information for the following purposes:
- To provide, maintain, and improve the Service.
- To create and manage your account.
- To process and manage your subscription.
- To enable you to create, store, and manage job data and generate reports.
- To enable you to share reports via your device's native sharing functionality and to send links to clients for quote acceptance.
- To synchronise your data across devices using cloud storage.
- To provide customer support and respond to your enquiries.
- To monitor and analyse usage trends and improve the user experience.
- To detect, prevent, and address technical issues and security threats.
- To comply with legal obligations.
5.2 We do not use your personal information for advertising purposes. We do not sell your personal information. We do not share your personal information with advertisers.
6. Legal Basis for Processing
Under Australian privacy law, we collect and process personal information on the basis that it is reasonably necessary for, or directly related to, one or more of our functions or activities. We only collect personal information by lawful and fair means.
For users located in the European Union or United Kingdom, we process personal information on the lawful bases set out in Section 16 of this Privacy Policy.
7. Data Storage and Security
7.1 Your data is stored in the following locations:
- Local device storage: Job data, media, and reports are stored locally on your device. This data remains under your control and is protected by your device's security settings.
- Cloud storage: When you use cloud synchronisation, your data is stored on servers operated by Supabase, our cloud infrastructure provider, located in Sydney, Australia (AWS ap-southeast-2 region). If Supabase changes its server locations, we will update this Privacy Policy accordingly.
7.2 We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, and regular security assessments.
7.3 No method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
7.4 You are responsible for maintaining the security of your account credentials and for any activity that occurs under your account.
8. Data Retention
8.1 We retain your personal information for as long as your account is active or as needed to provide you with the Service.
8.2 If you delete your account, we will delete or de-identify your personal information within thirty (30) days, except where we are required or permitted to retain it by law. Records required for tax, legal reporting, or auditing purposes may be retained for up to seven (7) years in accordance with the Income Tax Assessment Act 1997 (Cth) and other applicable legislation.
8.3 Data stored locally on your device is under your control and can be deleted by uninstalling the App or deleting data within the App.
8.4 We may retain de-identified or aggregated data that cannot reasonably be used to identify you for analytical and statistical purposes.
9. Sharing and Disclosure
We may disclose your personal information in the following circumstances:
- Service providers: We share information with third-party service providers who assist us in operating the Service, including cloud hosting (Supabase), payment processing, and analytics. These providers are bound by contractual obligations to protect your information.
- Report sharing: When you share reports via your device's native sharing functionality, report content (which may include personal information) is shared with the recipients you select.
- Legal requirements: We may disclose your information where required by law, regulation, legal process, or governmental request.
- Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change.
- With your consent: We may share your information for any other purpose with your consent.
10. Third-Party Services
10.1 The Service integrates with or relies on the following third-party services:
10.2 Apple
The App is distributed through the Apple App Store. Apple processes in-app purchases and subscriptions in accordance with Apple's privacy policy. We receive limited transaction information from Apple but do not receive your payment card details.
10.3 Supabase
We use Supabase as our cloud infrastructure provider for data storage and synchronisation. Supabase processes your data in accordance with its privacy policy and data processing agreement with us. Data is stored in the AWS ap-southeast-2 (Sydney, Australia) region.
10.4 Web Payment Processor
For web-based subscriptions, payments are processed by Stripe, our third-party payment processor. We do not receive or store your full payment card details. Stripe handles your financial information in accordance with its own privacy policy and PCI DSS requirements. Stripe may process and store your information overseas, including in the United States.
10.5 Analytics and Crash Reporting
We use Microsoft Clarity on our website to understand how visitors use our site through analytics, heatmaps, and session recordings, and Tawk.to to provide live chat support. These tools may collect device information, IP address, usage data, and interaction data, and may set cookies as described in Section 13. The Matora App does not currently use third-party analytics or crash-reporting services. If we introduce such services in the App, we will update this Privacy Policy to identify the providers.
10.6 Calendar and Accounting Integrations
On Professional and Business subscription tiers, the Service may integrate with calendar services and accounting platforms such as Xero and QuickBooks Online. If you enable these integrations, job data and client information may be shared with these third-party services in accordance with their respective privacy policies. You control whether to enable these integrations and what data is shared.
10.7 We encourage you to review the privacy policies of all third-party services that interact with the Service.
11. Your Rights
11.1 Under the Australian Privacy Principles, you have the following rights in relation to your personal information:
11.2 Right of Access
You have the right to request access to the personal information we hold about you. You can access most of your information directly through the App. For information that is not accessible through the App, you may contact us using the details in Section 20.
11.3 Right of Correction
You have the right to request correction of any personal information we hold about you that is inaccurate, out of date, incomplete, irrelevant, or misleading. You can correct most of your information directly through the App.
11.4 Right of Deletion
You have the right to request deletion of your personal information. You can delete your account and associated data through the App or by contacting us. Deletion is subject to our data retention obligations as set out in Section 8.
11.5 Data Portability
You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format. The Service enables you to export your data, including reports in PDF format.
11.6 Right to Withdraw Consent
You have the right to withdraw your consent to the collection and processing of your personal information at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. You may withdraw consent by deleting your account or contacting us.
11.7 Right to Opt Out of Direct Marketing
You have the right to opt out of receiving direct marketing communications from us at any time. We do not currently engage in direct marketing, but if we do so in the future, you will be able to opt out by following the unsubscribe instructions in any marketing communication or by contacting us.
11.8 To exercise any of your rights, please contact us using the details in Section 20. We may need to verify your identity before processing your request.
11.9 There is no charge for making a request unless the request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.
12. Data Breach Notification
In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth).
We will take all reasonable steps to contain and remediate any data breach and to minimise any resulting harm.
13. Cookies and Local Storage
13.1 The Matora App does not use cookies. The App uses local on-device storage (such as AsyncStorage) and device identifiers as described in Section 3.7 to store preferences and enable functionality.
13.2 Our website and other web-based services use cookies and similar technologies to enhance your experience, analyse usage, and provide functionality. In particular, Microsoft Clarity and Tawk.to (described in Section 10) may set cookies on our website. Cookies are small text files stored on your device by your web browser.
13.3 You can manage cookie preferences through your web browser settings. Disabling cookies may affect the functionality of our web-based services.
13.4 We do not use cookies or similar technologies for advertising or cross-context behavioural advertising purposes.
14. Children's Privacy
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information as soon as practicable.
If you are a parent or guardian and believe that your child has provided personal information to us, please contact us using the details in Section 20.
15. Sensitive Information
15.1 We do not intentionally collect sensitive information as defined under the Privacy Act (such as health information, biometric information, or racial or ethnic origin). However, photographs or audio recordings you upload to the Service may incidentally contain sensitive information (for example, images that capture individuals' physical features or audio that captures voice characteristics).
15.2 By uploading photographs or audio recordings to the Service, you consent to the collection of any sensitive information incidentally contained in that media, to the extent required by APP 3.3. You are responsible for ensuring that you have obtained any necessary consents from individuals whose sensitive information may be captured in media you upload.
16. International Data Transfers and Overseas Users
16.1 As an Australian-based service, your data is primarily stored and processed in Australia. However, some third-party service providers may process data in other jurisdictions.
16.2 Where we transfer personal information overseas, we rely on the accountability approach under APP 8.1 of the Australian Privacy Principles. We take reasonable steps to ensure that overseas recipients handle personal information in a manner consistent with the APPs, including through contractual arrangements that require recipients to protect personal information to a standard comparable to the protections afforded under the Privacy Act. We remain accountable for any acts or practices of overseas recipients that would breach the APPs.
16.3 As at the date of this Privacy Policy, our primary cloud infrastructure (Supabase) is hosted in Sydney, Australia (AWS ap-southeast-2 region). Certain other service providers may process limited personal information overseas: Stripe (payment processing) and our website analytics and live-chat providers, Microsoft Clarity and Tawk.to, may process information in the United States and other jurisdictions.
16.4 Users in the European Union and United Kingdom
If you are located in the European Economic Area (EEA) or United Kingdom (UK), the following additional information applies to you:
- 1. Lawful bases for processing: We process your personal data on the following lawful bases under the General Data Protection Regulation (GDPR):
- a. performance of our contract with you (Article 6(1)(b));
- b. your consent (Article 6(1)(a)), which you may withdraw at any time;
- c. our legitimate interests (Article 6(1)(f)), including improving the Service and ensuring security; and
- d. compliance with legal obligations (Article 6(1)(c)).
- 2. Data Protection Officer: We have not appointed a Data Protection Officer as we are not required to do so under Article 37 of the GDPR. For privacy-related enquiries, please contact us using the details in Section 20.
- 3. EU/UK Representative: We have not appointed an EU or UK representative under Article 27 of the GDPR. If required by applicable law, we will appoint a representative and update this Privacy Policy accordingly.
- 4. Transfer mechanisms: Where personal data is transferred outside the EEA or UK, we rely on the European Commission's adequacy decision for Australia (where applicable) or standard contractual clauses approved by the European Commission.
- 5. Automated decision-making: We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on you.
- 6. Additional rights: In addition to the rights set out in Section 11, EEA and UK users have the right to lodge a complaint with their local supervisory authority.
16.5 Users in California, United States
If you are a California resident, the following additional information applies to you under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- 7. Categories of personal information collected: identifiers, commercial information, internet or electronic network activity information, and geolocation data (as described in Section 3).
- 8. We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising.
- 9. You have the right to: (i) know what personal information we collect, use, and disclose; (ii) request deletion of your personal information; (iii) opt out of the sale or sharing of personal information (not applicable as we do not sell or share); and (iv) not be discriminated against for exercising your privacy rights.
- 10. To exercise your rights, contact us using the details in Section 20.
17. Data Processing Agreement
17.1 Where you use the Service to process personal information of your clients or other third parties and require a Data Processing Agreement (DPA) to satisfy your obligations under applicable privacy legislation (including the GDPR), we will make a DPA addendum available upon request. Please contact us using the details in Section 20 to request a DPA.
18. Changes to This Policy
18.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
18.2 We will notify you of any material changes by posting the updated Privacy Policy within the App and updating the "Last updated" date at the top of this document. Where required by law, we will provide additional notice (such as an in-app notification or email).
18.3 Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. For material changes to this Privacy Policy, if you do not agree to the changes, your sole remedy is to cancel your subscription within fourteen (14) days of the change taking effect and receive a pro-rata refund of any prepaid subscription fees for the unused portion of your subscription period.
18.4 We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.
19. Complaints
If you believe we have breached the Australian Privacy Principles or otherwise mishandled your personal information, you may lodge a complaint with us using the contact details in Section 20. We will investigate your complaint and respond to you within a reasonable period.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Online: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001, Australia
20. Contact Us
20.1 If you have any questions or concerns about this Privacy Policy or our handling of your personal information, please contact us:
- Email:
- support@matora.com.au
- Website:
- www.matora.app
- Address:
- Melbourne, VIC, Australia
Matora [Pty Ltd] (ABN [to be inserted upon incorporation])
20.2 We will respond to your enquiry within a reasonable period.
Questions about this document? Email support@matora.com.au.