Privacy Policy
Last updated: 3 July 2026
Serve By Example is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, and safeguard personal information.
1. What We Collect
- Account Info: Name, email address, and venue affiliation.
- Profile Data: Plan type, display name, and preferences.
- Training Data: Responses entered during AI scenario evaluations and performance metrics.
- Communication Data: Messages sent to us via email or forms.
- Automated Data: Usage patterns, device identifiers, IP addresses, and server logs.
2. How We Use Your Information
We use your information to:
- Operate the Service and manage your account.
- Provide AI-powered training evaluations and personalised feedback.
- Allow Venue Managers to track training compliance.
- Improve the platform and fix bugs.
- Comply with our legal obligations.
3. Data Storage and Sovereignty
We prioritize data security and utilize infrastructure primarily hosted in Australia (ap-southeast-2).
4. How We Share Your Information
We share information only with trusted service providers contractually obligated to protect your data:
- Supabase: Authentication and database storage.
- Cloudflare: Hosting and security.
- OpenAI: Used for AI scenario evaluation (OpenAI does not use data submitted via the API to train their foundational models).
- Google Analytics: We use Google Analytics (ID: G-EF9YRFXKBG) to understand platform usage patterns and improve user experience. See Google's Privacy Policy. You can opt out using the Google Analytics Opt-out Browser Extension.
- Legal Requirements: Disclosure as required by Australian law.
5. Data Retention
We retain account data while the account is active. If you delete your account, we delete or anonymise your personal data within 30 days, unless required for legal purposes. Aggregated, anonymised usage data may be retained indefinitely for analytics.
5.1 Data Retention Schedule
- Account & Profile Data: Retained while account is active; deleted within 30 days of account deletion (unless required by law).
- Training Progress & Quiz Responses: Retained for the duration of active subscription; deleted within 30 days upon account deletion.
- Billing Records & Stripe Webhook Events: Retained for 7 years to comply with Australian tax and financial regulation requirements.
- Manager Analytics & Staff Performance Data: Retained for the duration of venue subscription; deleted within 30 days of venue removal.
- Aggregated & Anonymised Data: Retained indefinitely for service improvement and analytics purposes.
6. Payment Processing
We use Stripe to process payments for subscriptions. When you subscribe, Stripe receives your payment information (credit card details are not stored by us). Stripe may issue webhook events (e.g., subscription creation, updates, and invoice notifications) which we store securely to track billing state. Stripe's privacy practices are governed by their Privacy Policy.
7. Manager Analytics
Venue managers can access real-time team analytics and staff training progress through Mission Control. We track staff_progress, scenario_mastery, and venue_staff membership data to provide managers with compliance reporting and performance insights. Only the managers of a specific venue can see that venue's staff data; data is segregated by row-level security (RLS) policies in our database.
8. Venue Codes & Staff Invitations
Venues can generate unique venue codes to invite staff members. When a staff member joins via a venue code, they are added to the venue_memberships table and receive sponsored access to training modules. Only the venue that created the code can see its associated staff; staff members can see their own profile and progress, and managers at their venue can see aggregated team performance.
9. Your Rights Under Australian Law
Under the APPs, you have the right to:
- Access/Correction: Request a copy of or correction to the personal data we hold about you.
- Deletion: Request that we delete your personal data.
- Complaints: Contact us at [email protected]. If unsatisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
10. Security and Changes
We implement industry-standard measures, including encryption and strict access controls. We may update this policy periodically; continued use of the Service constitutes acceptance of the updated policy.
Contact Us
For privacy related inquiries, please contact:
Serve By Example
Email: [email protected]