Legal
Privacy Policy
How we collect, use, store and protect your personal information.
Last updated: 27 April 2026
Draft for review: this policy is a working draft and must be reviewed by a qualified legal practitioner before publication. It has not been independently reviewed for compliance with the Australian Privacy Act 1988, the Australian Privacy Principles (APPs), the GDPR, or any other applicable law.
1. About this policy
costed.app (“costed.app”, “we”, “our”, “us”) is operated by Takeoff and Estimating Pty Ltd, a company registered in Australia. We respect your privacy and are committed to handling your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This policy describes what personal information we collect, how we use it, who we share it with, how we protect it, and the rights you have over it.
2. Information we collect
We collect information that you provide to us directly, information generated by your use of the service, and information from third parties where you have authorised it.
Information you give us
- Account details: name, email address, password (hashed), phone number, company name, billing address.
- Project data: bills of quantities, supplier prices, drawings and documents, progress claims, invoices and other content you choose to store in costed.app.
- Payment information: card details are processed by our payment provider; we do not store full card numbers.
- Communications: any messages you send us by email, phone, chat or contact form.
Information we collect automatically
- Device and connection: IP address, browser type, operating system, referring URL.
- Usage data: pages viewed, features used, errors encountered, session timestamps.
- Cookies and similar technologies (see section 8).
3. How we use your information
- To provide, maintain and improve costed.app.
- To authenticate you and secure your account.
- To process payments and manage subscriptions.
- To respond to support requests and other communications.
- To send service notifications, security alerts and (where you have consented) marketing communications.
- To detect, prevent and respond to fraud, abuse and security incidents.
- To comply with our legal and regulatory obligations.
4. How we share your information
We do not sell your personal information. We share it only in the following circumstances:
- Service providers who help us operate costed.app (hosting, email delivery, payment processing, analytics, customer support tooling), bound by confidentiality and data protection obligations.
- Within your organisation: information you upload to costed.app is visible to other authorised users in your account.
- Legal compliance: where required by law, court order, or to protect our rights, property or safety.
- Business transfers: as part of a merger, acquisition, financing or sale of assets, subject to ongoing confidentiality.
5. Where we store your information
Your data is hosted on cloud infrastructure located in Australia. Backups are encrypted at rest. Some service providers (for example email delivery and analytics) may process your information overseas; we take reasonable steps to ensure those providers meet appropriate data protection standards.
6. How long we keep your information
We retain your information for as long as your account is active and for a reasonable period afterwards to comply with legal, accounting and audit obligations. You can request export or deletion of your data at any time by contacting us.
7. Your rights
Under the Australian Privacy Principles you have the right to:
- Access the personal information we hold about you.
- Ask us to correct information that is inaccurate or out of date.
- Ask us to delete your information, subject to our legal obligations.
- Withdraw your consent to marketing communications at any time.
- Make a complaint about how we have handled your personal information.
To exercise any of these rights, contact us at privacy@costed.app. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner at oaic.gov.au.
8. Cookies and analytics
We use a small number of cookies and similar technologies to keep you logged in, remember your preferences, and understand how the service is used. You can control cookies through your browser settings; turning them off may break some features.
9. Security
We use industry-standard practices to protect your information, including TLS for data in transit, encryption at rest, access controls, audit logging, and regular reviews of our systems and providers. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.
10. Children
costed.app is intended for use by businesses and is not directed at children under 16. We do not knowingly collect information from children.
11. Changes to this policy
We may update this policy from time to time. The “last updated” date at the top reflects the most recent change. If the change is material we will notify customers by email or by a notice in the product before it takes effect.
12. Contact us
Takeoff and Estimating Pty Ltd
Sydney, Australia
privacy@costed.app
+61 2 9146 4301