What Information We Collect

Running a financial records platform means we need certain information to function. Here's what we gather and why it matters:

Information You Give Us Directly

When you create an account or use our services, you provide details like your name, email, phone number, and business information. If you're uploading financial records, those come with transaction data, account numbers, and vendor details. We also collect payment information when you subscribe to our services, though credit card data goes straight to our payment processor.

Data We Collect Automatically

Your browser tells us things like IP address, device type, and operating system. We track how you move through our platform using cookies and similar tech. This includes which features you use most, how long you stay, and where you click. It helps us spot problems and improve the experience.

Information From Other Sources

Sometimes we receive data from accounting software integrations, bank feeds you've authorized, or business verification services. This only happens when you've explicitly connected those services to your Cavitorant account.

How We Use Your Information

Every piece of data we collect has a purpose. We don't gather information just to have it sitting in a database somewhere.

Data Sharing and Disclosure

We're pretty selective about who gets access to your information. Most of the time, your data stays within Cavitorant's systems. But there are specific situations where sharing becomes necessary.

Service Providers We Work With

Cloud hosting providers store your data on secure servers in Australia. Payment processors handle subscription billing without us ever seeing full credit card numbers. Email service providers send notifications you've requested. These companies sign strict agreements and can only use your data to perform their specific services.

Legal Requirements

Australian law sometimes requires us to share information with government agencies, tax authorities, or law enforcement. We only comply with valid legal requests and will notify you unless prohibited by law. In three years of operation, we've received exactly four such requests and challenged two of them successfully.

Business Transfers

If Cavitorant is acquired or merges with another company, your information would transfer to the new entity. We'd notify you beforehand and you'd have options for downloading or deleting your data before the transition.

Your Privacy Rights

Under Australian privacy law, you have substantial control over your personal information. These aren't theoretical rights - we've built systems specifically to honor them.

• Access Your Data: Request a complete copy of all information we hold about you. We'll provide it in a readable format within 30 days. No charge for reasonable requests.
• Correct Inaccuracies: Found an error in your records? Let us know and we'll fix it promptly. You can also update most information directly through your account settings.
• Delete Your Information: Want out? Request account deletion and we'll remove your personal data within 45 days. Financial records required for legal compliance get anonymized instead of deleted.
• Object to Processing: Disagree with how we're using your data? You can object to specific processing activities. We'll stop unless we have compelling legal grounds to continue.
• Data Portability: Moving to a different platform? We'll export your data in common formats so you can take it elsewhere. Usually takes 3-5 business days.
• Withdraw Consent: For activities requiring your explicit consent, you can withdraw that consent whenever you want. Takes effect immediately.

To exercise any of these rights, email contact@cavitorant.com with your request. We'll verify your identity first, then process the request. Most take under two weeks unless they're particularly complex.

Data Security Measures

Security isn't something we tacked on later - it's built into every layer of our platform. Financial data makes you a target, so we treat protection seriously.

Encryption Everywhere

Data traveling between your device and our servers uses TLS 1.3 encryption. Stored data gets encrypted using AES-256. Your password goes through bcrypt hashing with individual salts. Even our database backups are encrypted.

Access Controls

Two-factor authentication is available for all accounts and required for admin access. Our staff can't view your financial records without documented business need and manager approval. Every access attempt gets logged.

Infrastructure Security

Servers are housed in Australian data centers with physical security measures. Network monitoring runs continuously, checking for intrusions or unusual patterns. We patch vulnerabilities within 24 hours of discovery. Quarterly security audits by external firms keep us honest.

Incident Response

If a breach occurs, we'll notify affected users within 72 hours and report to the Office of the Australian Information Commissioner. You'll get clear information about what happened, what data was affected, and what steps to take next.

Data Retention and Deletion

We don't keep your information longer than necessary. But "necessary" varies depending on the type of data and legal requirements.

Active Account Data

While your account is active, we maintain all your financial records and personal information. You control what gets uploaded and can delete specific records anytime through your dashboard.

After Account Closure

Close your account and most personal data gets deleted within 45 days. Financial transaction records must be kept for seven years under Australian tax law - these get anonymized so they can't be traced back to you personally.

Backup Systems

Deleted data persists in encrypted backups for up to 90 days, then gets permanently purged. This protects against accidental deletions while respecting your right to be forgotten.

Inactive Accounts

No activity for 18 months? We'll email asking if you want to keep the account. No response within 60 days and we'll start the deletion process. You get another warning before anything permanent happens.

Cookies and Tracking Technologies

Like most websites, we use cookies. But we're transparent about what they do and give you control over non-essential ones.

Essential Cookies

These make the site function - handling logins, remembering your preferences, maintaining security. You can't disable these without breaking core functionality. They don't track you across other websites.

Analytics Cookies

We use privacy-focused analytics to understand how people use Cavitorant. This helps us spot confusing interfaces or broken features. IP addresses get anonymized before collection. You can opt out in your account settings.

What We Don't Use

No advertising cookies. No social media tracking pixels. No cross-site tracking for marketing purposes. We're not building profiles to sell to advertisers.

Browser settings let you block or delete cookies entirely, though this might affect site functionality. Most modern browsers have privacy modes that prevent persistent tracking.

Third-Party Integrations

Cavitorant connects with external services when you authorize those connections. Each integration has its own privacy implications.

• Banking institutions provide transaction data through secure API connections you explicitly enable
• Accounting software sync moves data both ways based on your configuration settings
• Cloud storage services can back up your records if you activate that feature
• Payment processors handle billing but only share transaction success/failure status with us

Each integration requires separate authorization. You can revoke access anytime, which immediately stops data sharing. The external service's privacy policy governs how they handle information after receiving it from Cavitorant.

Before connecting any third-party service, we show you exactly what data will be shared and update frequency. No hidden data transfers.

International Data Transfers

Your data primarily stays in Australia. Our servers are located in Sydney and Melbourne data centers. But there are limited exceptions worth knowing about.

When Data Leaves Australia

Some support functions use overseas providers with strong privacy laws. Email infrastructure runs through servers in Singapore and the United States, both covered by adequate data protection frameworks. Payment processing might route through international networks, but actual financial data stays encrypted in transit.

Safeguards in Place

Any overseas data transfer requires contractual protections matching Australian privacy standards. We assess each provider's security measures before engagement. If a provider's country changes its data laws in concerning ways, we'll migrate to alternative services.

You can request that your data remain exclusively in Australia by contacting our support team, though this limits some integration options.

Children's Privacy

Cavitorant isn't designed for children under 18. Our terms of service require users to be legal adults. If we discover someone under 18 has created an account, we'll delete it immediately along with all associated data.

Parents or guardians who find their child has used Cavitorant should contact us at contact@cavitorant.com. We'll prioritize removal of that information.

Changes to This Policy

Privacy practices evolve as technology and regulations change. When we update this policy, we'll notify active users by email at least 30 days before changes take effect.

Significant changes require your explicit consent to continue using Cavitorant. Minor clarifications or additions go into effect after the notice period. The "Last Updated" date at the top always reflects the current version.

Previous versions are archived and available on request. We maintain a change log documenting what was modified and why.

Complaints and Disputes

Think we've mishandled your information? We want to know. First step is contacting our privacy team at contact@cavitorant.com with specific details about the concern.

We'll acknowledge your complaint within two business days and investigate thoroughly. Most issues get resolved within two weeks. If our response doesn't satisfy you, escalate to our senior management team.

Still not resolved? You have the right to lodge a complaint with the Office of the Australian Information Commissioner. They're the independent authority overseeing privacy law compliance in Australia. Contact them at oaic.gov.au or by phone at 1300 363 992.