Legal

Data Privacy & Security Policy

Aquifa prioritises the protection of user data through a robust privacy policy.

Breadcrumb BG Image

Aquifa Pty Ltd (ABN: 63 676 974 235)

1. Overview

Aquifa is committed to protecting the privacy and security of our customers' data. This document outlines our current data protection practices and security infrastructure to provide transparency about how your data is handled within our platform.

2. Current Security Infrastructure

2.1. Database & Backend Security

Supabase Infrastructure: Our platform is built on Supabase, which provides:

  • PostgreSQL database with built-in security features
  • Row-level security (RLS) policies that restrict data access at the database level
  • Encrypted data at rest
  • TLS encryption for all data in transit
  • Regular automated backups

Access Controls:

  • Role-based access control (RBAC) system
  • Default principle of least privilege
  • Account separation ensuring each organization's data is logically isolated

2.2 Authentication Security

User Authentication:

  • Secure password policies
  • Email verification for new accounts
  • Session management with token-based authentication
  • Capability to implement multi-factor authentication

Account Permissions:

  • Granular permission structures using Supabase auth
  • Different access levels for owners vs. members
  • Invitation-based account access

2.3. Application-Level Security

React/TypeScript Frontend:

  • Type safety to prevent common programming errors
  • Content Security Policy implementation
  • Protection against common web vulnerabilities

API Security:

  • Token-based authentication for all API requests
  • Rate limiting capabilities
  • Input validation and sanitization

2.4. Document & Sensitive Data Handling

Document Security:

  • Secure document storage using Supabase Storage
  • Access control for document retrieval
  • Encrypted document transmission

Electronic Signatures:

  • Secure e-signature implementation
  • Tamper-evident document handling
  • Complete audit trail of signature events

3. Data Privacy Practices

3.1. Data Collection & Usage

We collect and process only the data necessary to provide our water trading platform services:

  • User account information (name, email, organization details)
  • Client and entity information
  • Water account details
  • Trade and offer information
  • Document content
  • System usage metadata

3.2. Data Retention & Deletion

  • Customer data is retained for the duration of your service agreement
  • Backups are maintained according to Supabase's retention policies
  • Upon service termination, data can be exported and/or deleted upon request

3.3. Data Portability

  • Customers have the right to export all of their data at any time
  • Data export requests can be submitted through your account representative
  • Exports are provided in standard, machine-readable formats (CSV, JSON, etc.)
  • We will process all data export requests within a reasonable timeframe, typically within 5 business days
  • There is no additional charge for standard data export requests

3.4. Data Ownership

  • Customer Data Ownership: Customers retain full ownership of all data entered into or generated by the Aquifa platform
  • Aquifa does not claim any ownership rights to customer data
  • We do not sell, rent, or otherwise commercialize customer data under any circumstances
  • Customer data is used solely for providing and improving the Aquifa service

3.5. Data Access & Control

  • Access to customer data by Aquifa staff is limited to support and maintenance purposes
  • All data access is governed by our internal access control policies
  • Customers control user access within their organization through role-based permissions

4. Security Roadmap

Aquifa is committed to continually enhancing our security posture. The following security initiatives are on our roadmap:

4.1. Planned Security Enhancements

  • Implementation of formal security testing and vulnerability assessment program
  • Development of a comprehensive security monitoring system
  • Creation of an employee security awareness training program
  • Formalization of incident response procedures
  • Regular security reviews and assessments

4.2. Compliance

While Aquifa currently does not hold specific security certifications, we are designed with compliance considerations in mind:

  • Comprehensive audit logging of system activities
  • Data structures aligned with relevant privacy regulations
  • Security controls that support compliance obligations

4.3. Incident Response

In the event of a suspected security incident:

  1. Contact your account representative immediately
  2. Provide all relevant details of the suspected incident
  3. We will investigate and take appropriate measures to address the issue
  4. You will receive communication regarding the incident, its impact, and remediation steps

5. Contact Information

For any questions or concerns about data privacy and security at Aquifa, please contact:

Email: security@aquifa.com.au

This document represents Aquifa's current security posture as of 2 March, 2025. Security practices and capabilities will evolve as our platform matures, and this document will be updated accordingly.

How we collect information
Information sharing
Data retention

Information We Collect

  1. Account Information: When you sign up for our SaaS, we collect your name, email address, and other necessary account details to create and manage your account.
  2. Usage Data: We may collect information about how you interact with our website and services, including your IP address, browser type, and pages viewed. This helps us improve our platform and provide a better user experience.
  3. Project Data: Your project-related information, tasks, files, and communications within the platform are securely stored. We do not access or share your project data unless required for support or as outlined in this Privacy Policy.

How We Use Your Information

  1. Providing Services: We use your information to provide, personalize, and improve our services. This includes delivering project management features, troubleshooting issues, and enhancing overall user experience.
  2. Communications: We may use your email address to send important updates, newsletters, or other relevant information related to your account or our services. You can opt-out of promotional emails at any time.
  3. Security: Protecting your information is a priority. We implement security measures to safeguard your data from unauthorized access, disclosure, alteration, and destruction.

Information Sharing

  1. Third-Party Service Providers: We may share your information with third-party service providers to assist with tasks such as hosting, analytics, and customer support. These providers are bound by confidentiality agreements and only receive the information necessary to perform their services.
  2. Legal Compliance: We may disclose your information if required by law or in response to a valid legal request, such as a court order or government inquiry.

Your Choices

  1. Account Information: You can update and correct your account information at any time by logging into your account settings.
  1. Communication Preferences: You have the option to opt-out of promotional communications by following the instructions provided in the emails or contacting us directly.

Data Retention

We retain your information as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. You can request the deletion of your account and associated data at any time.

Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes through email or by posting a notice on our website.

Contact Us

If you have any questions, concerns, or requests regarding your privacy or this Privacy Policy, please contact us.

Thank you for choosing our SaaS for your project management needs.

Scroll To Top Arrow