Legal

Privacy Policy

Last updated 29 April 2026

Vectruva respects your privacy. This policy explains what personal information we collect, how we use it, who we share it with, and the rights you have under Australian privacy law.

This policy applies to the Vectruva website (vectruva.com), the Vectruva client portal (portal.vectruva.com) and any other Vectruva-operated application that links to this policy. We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information We Collect

We collect personal information in the following ways:

Account information — name, business email, role, organisation and authentication details when you accept a Portal invitation.
Engagement data — the brief, contacts, scope, pricing, deliverables and activity log associated with your Vectruva engagement.
Files and uploads — operational data, spreadsheets, documents and other files you provide in connection with the Services.
Communications — emails, messages, comments and feedback exchanged through the Portal or with our team.
Usage and device data — IP address, browser type, pages viewed, referring URL and similar information collected through cookies and analytics tools.
Marketing enquiries — name and email submitted via early-access or contact forms on our website.

We do not knowingly collect sensitive information (as defined under the Privacy Act) unless you choose to provide it.

2. How We Use Your Information

We use personal information to:

Deliver and improve the Services and the Portal.
Generate Deliverables, run AI-augmented analysis and produce engagement reporting.
Authenticate users, secure the Portal and prevent fraud or abuse.
Communicate with you about your engagement, support requests and service updates.
Send marketing communications where you have opted in (you may unsubscribe at any time).
Meet legal, regulatory and audit obligations.

We do not sell personal information. We do not use Client Data to train third-party AI models.

3. Sub-Processors

To deliver the Services we rely on a small number of trusted technology providers for hosting, AI processing, authentication, transactional email and analytics. Each is bound by contractual confidentiality and data-handling obligations that are no less protective than those described in this policy.

A current list of our sub-processors, the categories of personal information shared with them and the regions in which they operate is available on request. Email support@vectruva.com and we will respond within 30 days.

Where personal information is transferred outside Australia, we take reasonable steps to ensure the recipient handles it consistently with the APPs.

4. Where Your Data Is Stored

Client Portal data, account information and uploaded files are stored in cloud infrastructure hosted in Australia. Some processing may occur in other regions when we use specialist AI or transactional email providers; details are available on request.

5. Cookies & Analytics

We use a small number of essential cookies to keep you signed in and to remember your preferences. We use a third-party analytics service to understand aggregate usage of our website; IP addresses are anonymised before processing. Most browsers allow you to refuse cookies; doing so may impact some Portal features.

6. Data Retention

We retain personal information for as long as we need it to deliver the Services and to meet our legal obligations. Engagement records are typically retained for seven years after the engagement ends to support audit and tax obligations under Australian law. You may request earlier deletion at any time, subject to those obligations.

7. Your Rights

You have the right to:

Request access to the personal information we hold about you.
Request correction of inaccurate or out-of-date information.
Request deletion of personal information, subject to our retention obligations.
Withdraw consent for marketing communications.
Lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

To exercise any of these rights, email support@vectruva.com. We will respond within 30 days.

For visitors from the UK and EU: if the GDPR applies to you, you also have rights to data portability and to object to certain processing. You may contact our team using the details below to exercise those rights.

8. Security

We protect personal information using a combination of technical and organisational measures, including encryption in transit, role-based access control, signed URLs for storage, security headers, audit logging and vendor due diligence. No system is perfectly secure; if you believe your information has been compromised, please contact us immediately.

9. Children's Privacy

The Services are intended for business use by adults. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us so we can remove it.

10. Notifiable Data Breaches

Vectruva is subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). If we reasonably believe a data breach is likely to cause serious harm to any individual, we will notify the Office of the Australian Information Commissioner (OAIC) and the affected individuals as soon as practicable. We maintain an internal data breach response plan and conduct regular reviews of our security controls.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be notified through the Portal or by email at least 14 days before they take effect. The "last updated" date at the top of this page reflects the most recent revision.

12. Contact & Complaints

For privacy questions, complaints or requests, contact:

Damian Paterson
Privacy Officer, Vectruva
support@vectruva.com

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.