Privacy Policy

Colliq ("we", "us", "our") is a digital operations platform serving Australian Not-For-Profits (NFPs) and Small-to-Medium Enterprises (SMEs). Colliq is operated by Colliq Pty Ltd, registered in Australia. Our platform centralises volunteer coordination, board management, event planning, and CRM capabilities.

By creating an account or using any Colliq service, you agree to the collection and use of your information as described in this policy.

2.1 Information You Provide

• Account registration: Full name, email address, phone number (optional), password (hashed — never stored in plain text), and timezone.
• Organisation details: Organisation name, ABN, address, type (NFP/SME), and contact details you enter on behalf of your organisation.
• Profile information: Profile photo, biography, and professional details you choose to add.
• Communications: Messages sent through our support channels, feedback forms, or in-platform communications.

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, click interactions, and session duration — used to improve the platform.
• Device and browser information: Browser type and version, operating system, screen resolution, and language settings.
• IP address and approximate location: Used for security monitoring and Australian tax/compliance purposes.
• Log data: Server logs including request timestamps, error reports, and performance metrics.

2.3 Information From Third Parties

• Google OAuth: If you sign in with Google, we receive your name, email address, and profile picture. We do not receive your Google password.
• Payment processors: Payment details are handled directly by our payment processor (e.g. Stripe). We receive only confirmation tokens — never your card number.

We use your personal information to:

• Create and manage your account and authenticate your identity.
• Provide, operate, and improve the Colliq platform and its features.
• Send transactional emails — account verification, password resets, meeting invitations, event reminders.
• Provide customer support and respond to your enquiries.
• Monitor platform security, detect fraud, and investigate suspicious activity.
• Comply with our legal obligations under the Privacy Act 1988 and Corporations Act 2001.
• Aggregate and anonymise usage analytics to understand platform performance — this data cannot identify you personally.

We may share your information only in these circumstances:

• Other users within your organisation: Your name, role, and profile details are visible to other members of organisations you belong to on Colliq, as required to deliver collaboration features.
• Service providers: Trusted third-party vendors who help us operate the platform (cloud hosting, email delivery, error tracking). These providers are contractually bound to use your data only to provide services to us.
• Regulatory authorities: Where required by Australian law, court order, or to respond to lawful requests from government bodies.
• Business transfers: In the event of a merger, acquisition, or sale of all or part of our business. We will notify affected users before any transfer occurs.

Colliq uses HttpOnly cookies to store authentication tokens (access and refresh tokens). These cookies cannot be accessed by JavaScript, providing protection against cross-site scripting (XSS) attacks.

We also use:

• Session storage: Temporary data such as in-progress form state, cleared when you close your browser tab.
• Local storage: Non-sensitive UI preferences (theme, sidebar state) to improve your experience across sessions.
• Analytics cookies: Anonymised usage tracking to understand how the platform is used. You may opt out via your browser settings.

You can configure your browser to refuse cookies, but this may prevent you from logging in or using some features of the platform.

We implement industry-standard security measures to protect your information:

• TLS encryption for all data in transit.
• Passwords hashed using bcrypt — never stored in plain text.
• Multi-factor authentication (MFA) available for all accounts.
• Role-based access control limiting data access within organisations.
• Regular security audits and penetration testing.
• Automatic session expiry and cross-tab logout synchronisation.

Despite these measures, no system is completely secure. If you discover a security vulnerability, please disclose it responsibly to security@colliq.com.au.

We retain your personal information for as long as your account is active or as needed to provide our services. We also retain data to comply with legal obligations, resolve disputes, and enforce our agreements.

When you delete your account, we will delete or anonymise your personal information within 30 days, except where retention is required by law — for example, financial records are retained for 7 years under Australian tax law.

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or outdated information.
• Request deletion of your personal information, subject to legal retention obligations.
• Withdraw consent for uses of your information that are based on consent.
• Make a complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe your privacy rights have been breached.

To exercise any of these rights, contact us at privacy@colliq.com.au. We will respond within 30 days.

Colliq is not directed at children under the age of 15. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@colliq.com.au.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email and by displaying a prominent notice in the platform at least 14 days before the changes take effect. Your continued use of Colliq after that date constitutes your acceptance of the updated policy.

For privacy-related enquiries, access requests, corrections, or complaints, reach out to our Privacy Officer: