Privacy Policy

This Privacy Policy explains how Support Fusion Pty Ltd (ACN 685 654 326), an Australian proprietary limited company with its registered office at Level 2/88 Jolimont St, East Melbourne VIC 3002, Australia ("Support Fusion", "we", "us" or "our"), collects, uses, discloses and protects personal information when you use our websites, applications, products or services (the "Services"). Capitalised terms not defined here have the meanings given in our Terms of Service.

We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"). Where the Services are used by individuals in other jurisdictions, we also have regard to other applicable data protection laws to the extent they apply to our processing.

By using the Services, you acknowledge the practices described in this Privacy Policy. If you do not agree, do not use the Services.

1. Information We Collect

We collect information that is reasonably necessary to provide, support, secure and improve the Services. The categories of information we collect are described below.

1.1 Information you provide

When you register for an account, communicate with us or use the Services, we collect information such as name, work email address, phone number, employer name, job title, account credentials, billing and payment details (processed by our payment processors), and the content of support enquiries and feedback.

1.2 Information collected automatically

When you access the Services, we automatically collect technical information such as IP address, device and browser information, operating system, language preferences, log and diagnostic data, performance metrics, and information about your interactions with the Services (including pages viewed, actions taken and timestamps). We use cookies and similar technologies as described in Section 7.

1.3 Information from Connected Systems

When you connect a third-party platform (such as an ITSM, PSA, RMM or CRM system) to the Services, the Services interact with that platform's APIs to read and route tickets and related records. In doing so, we process:

(a) ticket reference numbers, identifiers and routing metadata (such as source and destination system, timestamps, status and error codes);

(b) the body and free-text content of tickets in transient memory only at the moment of routing - this content is not persistently stored by Support Fusion after the routing operation completes;

(c) service request, incident and operational records reasonably necessary to perform routing; and

(d) contract and billing metadata exchanged between Connected Systems.

Technical and diagnostic logs generated by the Services are designed to mask or redact ticket free-text content and other fields configured by Support Fusion as sensitive. We do not deliberately log ticket content.

1.4 Information about your customers and end users

To the extent ticket content processed through the Services contains personal information of your end users or customers, we process that information on your behalf and at your direction to provide the Services to you. You are responsible for ensuring you have a lawful basis to share that information with us.

1.5 Sensitive information

The Services are not designed or certified for the collection of sensitive information (as defined in the Privacy Act 1988 (Cth)), payment card data, government identifiers, health information or biometric data, and we do not knowingly collect such information for our own purposes. You are solely responsible for determining what information you route through the Services; if you route such information, you do so at your own risk and remain responsible for any associated compliance obligations, as described in our Terms of Service.

2. How We Use Information

We use personal information for the following purposes:

(a) to provide, operate, secure, support and maintain the Services and to route tickets and related records between Connected Systems;

(b) to authenticate users, manage accounts and provide customer support;

(c) to bill and collect fees, and to detect and prevent fraud, abuse and security incidents;

(d) to communicate with you about the Services, including service announcements, security alerts and administrative messages (which are not marketing communications you can opt out of), and, with your consent or as permitted by law, to send you marketing communications about Support Fusion;

(e) to monitor, analyse, troubleshoot and improve the Services, including by generating Aggregated Data and Service-Generated Data;

(f) to develop new products, features and services; and

(g) to comply with our legal, regulatory, audit and contractual obligations and to enforce our agreements.

We may aggregate or de-identify information so that it no longer identifies a particular individual or entity. Aggregated or de-identified information is not personal information and may be used for any lawful business purpose.

3. Why We Are Permitted to Process Your Information

We collect and use personal information in accordance with the APPs. Where another data protection law applies, we generally rely on the following bases: (a) performance of a contract with you or steps taken at your request before entering into a contract; (b) our legitimate interests in operating, securing and improving the Services and our business, where those interests are not overridden by your rights; (c) compliance with a legal obligation; and (d) your consent, where required.

4. How We Disclose Information

We disclose personal information only as described in this Privacy Policy. We do not sell personal information, and we do not "sell" or "share" personal information as those terms are defined under applicable US state privacy laws (including the California Consumer Privacy Act, as amended). Where we process personal information contained in tickets and related records that we route on behalf of a customer, we act as that customer's service provider or processor and process such information only on the customer's documented instructions and for the purposes of providing the Services, and not for our own independent purposes.

4.1 Service providers

We disclose information to third-party service providers that help us operate, host, secure, analyse and support the Services, including cloud hosting, payment processing, identity, monitoring, customer support and analytics providers. Our service providers are bound by contractual obligations of confidentiality and to process personal information only on our instructions and for purposes specified by us.

4.2 Connected Systems

We exchange information with Connected Systems you have authorised us to access. We do so on your behalf and at your direction.

4.3 Professional advisers

We may disclose information to our legal, accounting and other professional advisers under obligations of confidentiality.

4.4 Compliance and protection

We may disclose information to regulators, law enforcement or other authorised third parties where we believe in good faith that disclosure is required by law, necessary to comply with legal process, or necessary to protect the rights, property or safety of Support Fusion, our customers or others, including to investigate or address suspected fraud, security incidents or violations of our Terms.

4.5 Business transfers

If Support Fusion is involved in a merger, acquisition, financing, reorganisation or sale of all or part of its business or assets, personal information may be disclosed to the actual or prospective counterparties and their advisers, subject to appropriate confidentiality protections.

4.6 Support access

Where you authorise us to do so under our Terms of Service, our personnel may access your account and log in to and access your Connected Systems and configuration on your behalf to set up, monitor, support, maintain and troubleshoot the Services. Personal information accessed in the course of providing such support is handled in accordance with this Privacy Policy.

4.7 With your consent

We may disclose information to other parties with your consent or at your direction.

5. International Data Transfers

Support Fusion is based in Australia, and our customers and service providers are located in the United States, Australia and other jurisdictions. As a result, personal information we collect may be transferred to, and processed and stored in, jurisdictions outside the country in which you are located, including jurisdictions whose data protection laws differ from those of your country.

Because our customers and much of our infrastructure are located in the United States, personal information is routinely processed and stored in the United States. Where we transfer personal information outside Australia, we take reasonable steps to ensure that the recipient handles the information in a way that is consistent with the APPs, including by entering into appropriate contractual protections with our service providers. To the extent we process personal data that is subject to the EU or UK General Data Protection Regulation, we do so as a processor acting on the relevant customer's documented instructions, and we will enter into a data processing addendum with that customer on request (see our Data Processing Addendum).

6. Security

We maintain commercially reasonable administrative, technical and physical safeguards designed to protect personal information from unauthorised access, use, disclosure, alteration and destruction. These measures include encryption in transit, access controls and authentication, network security controls, hosting in secure environments, log masking of sensitive fields, and personnel training. The Services are designed to process ticket content in transient memory only and not to persistently store ticket body content after routing.

No system can be guaranteed to be completely secure, and we cannot guarantee absolute security. If we become aware of an eligible data breach involving your personal information, we will notify you and the Office of the Australian Information Commissioner where required by the Privacy Act 1988 (Cth).

7. Cookies and Similar Technologies

Our websites and applications use cookies and similar technologies (such as local storage, pixels and SDKs) to operate, secure and analyse the Services, remember your preferences, and measure performance. You can control cookies through your browser settings, although disabling certain cookies may affect the functionality of the Services. For full details, see our Cookie Policy.

8. Retention

We retain personal information for as long as reasonably necessary to provide the Services, to comply with our legal, regulatory and audit obligations, to resolve disputes, and to enforce our agreements. Ticket free-text content is processed in transient memory only and is not persistently retained by Support Fusion. Account information, routing metadata, ticket reference numbers, technical logs and similar Service-Generated Data are retained for the duration of the subscription and for a reasonable period thereafter for the purposes set out above. Aggregated and de-identified data may be retained indefinitely.

9. Your Rights and Choices

Subject to applicable law, you may have rights with respect to your personal information, including the right to:

(a) request access to the personal information we hold about you;

(b) request correction of inaccurate or incomplete personal information;

(c) request deletion of personal information, subject to our legal and operational retention requirements;

(d) withdraw consent where we rely on consent (without affecting prior processing);

(e) opt out of marketing communications, by following the unsubscribe instructions in those communications or by contacting us; and

(f) lodge a complaint with a supervisory authority (see Section 11).

To exercise these rights, please contact us using the details in Section 11. We may need to verify your identity before fulfilling your request, and we may decline a request where permitted by law (for example, where granting it would unreasonably impact the privacy of another person).

If we process personal information about you on behalf of one of our customers (for example, where you are an end user of a system connected to the Services by our customer), please direct requests in the first instance to that customer.

10. Children

The Services are intended for use by businesses and their personnel and are not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us so that we can take appropriate steps to delete it.

11. Contact Us

If you have any questions about this Privacy Policy or our handling of personal information, please contact:

Support Fusion Pty Ltd
ACN 685 654 326
Level 2/88 Jolimont St, East Melbourne VIC 3002, Australia
Email: privacy@suppfusion.com
Website: www.suppfusion.com

We will investigate your question, concern or complaint and respond to you within a reasonable period (and in any event within 30 days where required by law). If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner at www.oaic.gov.au, or, where applicable, with the supervisory authority in your jurisdiction.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services or applicable law. If we make material changes, we will notify you by email or through the Services and update the Effective Date above. Your continued use of the Services after the effective date of any update constitutes acceptance of the revised Privacy Policy.