Privacy Policy

1. About Us

TicketMate is operated by Damien Brandon Bryan (ABN 84 316 477 494), trading as TicketMate ("we", "us", "our"). We provide cloud-based IT helpdesk software to Australian businesses.

We are committed to protecting personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Scope of This Policy

This policy explains how we handle personal information that we collect directly (for example, when you sign up as a TicketMate customer or contact us), and how we handle personal information that is uploaded to our platform by our customers ("tenants") on behalf of their own end users.

It does not cover how our tenants handle personal information within their own businesses. Each tenant is responsible for their own privacy obligations to their end users.

3. Information We Collect

Account Holders (Tenants)

When you register for a TicketMate account, we collect:

• Name and email address of the account administrator
• Organisation name and subdomain
• Billing contact details
• Login credentials (passwords are hashed and never stored in plain text)

Portal Users (Your Customers)

When end users interact with a tenant's support portal, we collect on behalf of that tenant:

• Name and email address
• The content of support tickets and correspondence, including any attachments
• Login credentials where portal authentication is enabled

Website Visitors

When you visit ticketmate.com.au, we may collect your IP address, browser type, pages visited, and referring URL via analytics software. This information is used in aggregate to understand how our marketing website is used.

Newsletter Subscribers

If you subscribe to our mailing list, we collect your email address for the purpose of sending you product news and updates. You may unsubscribe at any time.

4. How We Use Your Information

We use personal information collected directly from account holders to:

• Create and manage your TicketMate account
• Provide, maintain, and improve the platform
• Send you transactional communications (billing receipts, account notices)
• Respond to support requests and enquiries
• Comply with our legal obligations

We do not use personal information for direct marketing without your consent, and we do not sell personal information to third parties under any circumstances.

5. Data We Process on Your Behalf

The nature of information processed depends entirely on how each tenant uses the platform. This may include personal, financial, legal, health-related, or other sensitive information submitted through support tickets or email. We process this information solely for the purpose of delivering the TicketMate service to that tenant.

By using TicketMate, tenants agree that:

• They have lawful grounds to upload and process any personal information they submit to the platform
• They have made appropriate disclosures to their end users about the use of third-party service providers
• They remain responsible for responding to access, correction, and complaint requests from their own end users

We will assist tenants in meeting their obligations by providing access to and deletion of data held on their behalf upon written request.

6. Disclosure to Third Parties

We do not sell, rent, or trade personal information. We may share information with trusted third-party service providers solely for the purpose of delivering our services:

• Amazon Web Services (AWS), Sydney region — cloud hosting, database storage, and email delivery. All data is stored in the ap-southeast-2 region (Sydney, Australia).
• Loops.so — email marketing platform, used only to send newsletters to subscribers who have opted in. Only subscriber email addresses are shared.

We may also disclose personal information where required to do so by law, court order, or in response to a lawful request by a government authority.

In the event of a business sale or transfer, personal information held by us may be transferred to the new owner, subject to the same privacy obligations contained in this policy.

7. Data Storage and Security

All TicketMate data is stored exclusively within Australia (AWS ap-southeast-2, Sydney). We do not transfer personal information outside of Australia in the ordinary course of providing the service.

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. Our security measures include:

• Encryption of data in transit (TLS) and at rest
• Per-tenant isolated databases
• Access controls and role-based permissions
• Multi-factor authentication for administrative access
• Regular review of security practices

No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to addressing any security incidents promptly.

8. Data Retention

We retain personal information for as long as necessary to provide the service and meet our legal obligations. Specifically:

• Active tenant account data is retained for the duration of the subscription
• Upon account closure, tenant data is permanently deleted within 7 business days of the request being processed
• Website analytics data is retained in aggregate and not linked to identifiable individuals
• Newsletter subscriber data is retained until you unsubscribe

Tenants may request deletion of their data at any time by contacting us at support@ticketmate.com.au.

9. Your Privacy Rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Correct personal information that is inaccurate, out of date, or incomplete
• Complain if you believe we have breached the APPs

To exercise any of these rights, contact us using the details in section 13. We will respond within a reasonable time (generally 30 days). If we are unable to fulfill a request, we will explain why in writing.

If you are an end user of a tenant's portal (not a direct TicketMate customer), you should contact that tenant directly, as they are the data controller for your information.

10. Data Breaches

We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of a data breach that is likely to result in serious harm to affected individuals, we will:

• Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
• Notify affected individuals directly where required and possible
• Notify affected tenants promptly so they can meet their own obligations to their end users

11. Cookies and Analytics

Our marketing website (ticketmate.com.au) uses Google Analytics to collect anonymised usage data. This service may use cookies. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

The TicketMate application itself uses session cookies solely for authentication and does not use third-party tracking cookies within the platform.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be notified to active account holders via email at least 14 days before taking effect. The current version will always be published at ticketmate.com.au/privacy with its effective date.

13. Contact and Complaints

For privacy enquiries, access requests, or complaints, contact us at:

• Email: support@ticketmate.com.au
• Post: TicketMate, PO Box 7031, Warrnambool VIC 3280

We will acknowledge your enquiry within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: oaic.gov.au
• Phone: 1300 363 992