Back

Privacy Policy for OneClickSWMS

Last Updated: February 7, 2026

1. Introduction

OneClickSWMS ("we," "us," or "our") is a sole trader business based in Sydney, NSW, Australia. We provide an online platform for creating Safe Work Method Statements (SWMS) and managing workplace health and safety documentation.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services at oneclickswms.com.au.

We are committed to handling your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Company/organisation name
  • ABN
  • Phone number
  • Position/role

Payment Information

Payments are processed by Stripe. We do not store your credit card details on our servers. Stripe receives your email address, user ID, and payment information to process your subscription.

SWMS Content

We collect the content you input when creating SWMS documents, including work descriptions, hazard information, control measures, and other safety-related content.

Digital Signatures

When documents are signed, we collect:

  • Signature images
  • Signer name
  • Email (optional for workers)
  • Position
  • IP address
  • Timestamps

Usage Data

We automatically collect certain information about how you use our service, including:

  • Pages visited
  • Features used
  • Session duration
  • Device type
  • Browser type

Worker Data (QR Access)

When workers access SWMS documents via QR code, we collect:

  • Name (optional)
  • Email (optional)
  • Signature image
  • IP address
  • Timestamp
  • Device information

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the service
  • Process subscriptions and payments
  • Generate AI-assisted SWMS content
  • Record and store digital signatures for WHS compliance
  • Send account notifications and service updates
  • Monitor and improve service performance
  • Detect and prevent fraud or misuse
  • Comply with legal obligations

4. AI Processing

When you use our AI SWMS generation feature, we send only the work description text to Google Gemini (AI model) for content generation. We do not send any personal information (names, emails, organisation details, or user IDs) to the AI model.

The AI processes your work description to generate SWMS content and returns structured safety documentation. No personal data leaves our servers for AI processing.

5. Third-Party Service Providers

We share limited data with the following service providers to operate our platform:

Supabase (Database & Authentication)

Stores all application data. Servers located in Sydney, Australia (ap-southeast-2 region). Receives: all account data, SWMS content, and signatures.

Stripe (Payment Processing)

Processes subscription payments. Receives: email, user ID, and payment information. Stripe's privacy policy applies to payment data.

Google Gemini (AI Content Generation)

Generates SWMS content. Receives: work description text only. No personal information is sent.

Sentry (Error & Performance Monitoring)

Monitors application errors and performance. Receives: error stack traces, page URLs, browser and device information, performance metrics, and user identifiers (email) to associate reports with specific users for debugging purposes. User email may be sent with both error reports and performance monitoring data. Only active in production.

Google Analytics 4 (Website Analytics)

Tracks anonymous usage patterns. Receives: page views, events, and device information. No personally identifiable information is sent directly.

Google Ads (Conversion Tracking)

Tracks subscription conversions. Receives: conversion events, transaction IDs, and purchase values. No personal details.

Microsoft Bing UET (Advertising Analytics)

Tracks page views and conversions. Receives: page paths and purchase events. No personal details. Only active in production.

Vercel (Hosting & Analytics)

Hosts the application and collects performance metrics. Receives: web vitals and page load times.

We do not sell, rent, or trade your personal information to any third party.

6. Data Storage & Security

  • All application data is stored in Australia (Supabase, Sydney region)
  • Encryption in transit (TLS/HTTPS) and at rest
  • Row-Level Security (RLS) ensures organisations can only access their own data
  • Signature images are stored in private storage buckets with time-limited access URLs
  • Regular security monitoring via Sentry
  • While we implement appropriate security measures, no method of electronic transmission or storage is 100% secure

7. Data Retention

  • Account data: Retained while your account is active, deleted upon request after account closure
  • SWMS documents: Retained while your account is active. We recommend you retain copies for at least 7 years as required by WHS record-keeping obligations
  • Digital signatures: Retained as long as the associated SWMS exists
  • Payment records: Retained as required by Australian tax law (minimum 5 years)
  • Usage analytics: Aggregated data retained indefinitely; individual session data retained for 26 months (Google Analytics default)
  • Error logs: Retained for 90 days (Sentry)

8. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information (subject to legal retention requirements)
  • Withdraw consent for optional data processing
  • Contact us if you believe your personal information has been handled incorrectly

To exercise these rights, contact us at support@oneclickswms.com.au.

9. Cookies & Tracking

  • Essential cookies: Session management, authentication
  • Analytics cookies: Google Analytics (_ga, _ga_*), used to understand usage patterns
  • Advertising cookies: Google Ads, Microsoft UET, used for conversion tracking
  • First-party cookies: GA client ID cached for server-side analytics stitching (90-day expiration)

You can manage cookie preferences through your browser settings. Disabling cookies may affect service functionality.

Australian law does not require cookie consent banners, but we disclose cookie use here for transparency.

10. Children's Privacy

OneClickSWMS is designed for use by businesses and workers of legal working age. We do not knowingly collect information from children under 15 years of age. If we become aware that we have collected information from a child, we will delete it promptly.

11. Cross-Border Data Transfers

Your data is primarily stored in Australia. Some third-party services (Google Analytics, Google Ads, Microsoft UET, Vercel) may process limited, non-personal data on servers outside Australia. Sentry may process user identifiers (email) and technical data on servers outside Australia for error and performance monitoring. We ensure these transfers comply with the Australian Privacy Principles.

12. Data Breach Notification

In the event of an eligible data breach likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email. The "Last Updated" date at the top will be revised accordingly.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: support@oneclickswms.com.au
OneClickSWMS, Sydney, NSW, Australia