Effective 16 April 2026

Privacy Policy

This page explains, in plain English, what information Revenue Rescue collects, why we collect it, and how you control it. We wrote this ourselves. No template, no trick clauses.

Who we are

Revenue Rescue is a service operated by Mr Tayne Rongo, a sole trader based in Perth, Western Australia (ABN 40 300 987 116). We are the data controller for your account information, and the data processor for any customer list you upload.

What we collect

When you sign up:

  • your name and email address
  • your business name (optional)
  • a password (stored hashed — we can’t read it)

When you pay:

  • we do not store your card details. Payments are handled by Stripe, who are certified to the highest level of card-data security (PCI DSS Level 1).
  • we store the Stripe customer ID and the amount/date of each payment for accounting and refunds.

When you upload a customer list:

  • the contents of the CSV you upload: customer names, email addresses, purchase history, whatever you chose to include.
  • these are stored encrypted at rest on our infrastructure (Supabase, hosted on AWS) and used only to generate your campaign.
  • we never sell, share, or use your uploaded contacts for any other purpose.

When you use the site:

  • anonymous analytics (which pages you visited, how long you stayed). We do not use cookies that follow you around other websites.
  • standard server logs (IP address, user-agent) kept for 30 days for security and abuse prevention.

Why we collect it

  • To provide the service you signed up for.
  • To send you the campaign output and related service emails.
  • To prevent fraud and abuse.
  • To comply with tax and accounting obligations in Australia.

We do not use your data to train AI models, to sell to data brokers, or to enrich marketing databases. Full stop.

Your rights

Under the Australian Privacy Act 1988 and the EU GDPR, you can:

  • See what we have: request a copy of all data tied to your account.
  • Fix it:correct anything that’s wrong.
  • Delete it: request full deletion of your account and all uploaded contacts. We action this within 24 hours.
  • Take it elsewhere: export all your data in a standard format (CSV / JSON) at any time.
  • Object: tell us to stop processing your data in any specific way, without losing access to the service you paid for.

To exercise any of these rights, email privacy@revenue-rescue.com. We reply within 7 business days.

Where your data lives

Your account data and uploaded lists are stored on Supabase infrastructure hosted by AWS in the ap-southeast-2 (Sydney) region. Stripe processes payments in the region closest to you.

How long we keep it

  • Uploaded contacts: kept as long as your account is active. Deleted within 24 hours if you delete the list, or within 24 hours of account deletion.
  • Campaign output: kept as long as your account is active.
  • Payment records: kept for 7 years, as required by Australian tax law.
  • Server logs: kept for 30 days.

Cookies

We use only essential cookies required for the service to work (e.g., to keep you logged in). We do not use tracking cookies, advertising cookies, or any third-party marketing pixels. No consent banner is required under EU law for essential cookies, but we show one anyway so you know what’s happening.

Data breach promise

If we ever have a data breach that affects you, we will tell you within 72 hours of discovering it, explain what happened, what we’ve done about it, and what you should do next. This meets both the Australian Notifiable Data Breaches scheme and GDPR Article 33.

Changes to this policy

If we change this policy, we’ll email every active account at least 14 days before the change takes effect. You can delete your account any time if you disagree with a change.

Complaints

If you think we’ve mishandled your data, first contact us at privacy@revenue-rescue.com. If we can’t resolve it, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. EU residents may also complain to their local data protection authority.