Startege Logo

Privacy Policy

Last Updated: January 2025

Company: Innovationera Pty Ltd
ACN: 643 136 752

Innovationera Pty Ltd ("we", "our", "us", or "the Company") operates Startege ("the Platform", "our platform", or "our service"). We are committed to protecting your privacy and handling your personal information in accordance with applicable privacy laws, including the Australian Privacy Act 1988 (Cth), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

Introduction

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use Startege. It also explains your rights regarding your personal information and how you can exercise those rights.

By using our Platform, you consent to the collection and use of your personal information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Platform.

1. Information We Collect

We collect personal information that you provide directly to us and information that is automatically collected when you use our Platform. The types of personal information we collect include:

1.1 Account Information

When you create an account, we collect:

  • Email address (required)
  • Name or display name (optional)
  • Authentication credentials (managed by Firebase Authentication)
  • Profile picture (if provided via OAuth providers)

1.2 Profile Information

During onboarding, we collect:

  • Persona type (e.g., Compliance Officer, AI Developer, Business Executive)
  • Custom persona description (if "Other" is selected)
  • Knowledge level (Beginner, Intermediate, Advanced)
  • Interests (selected from predefined list)
  • Learning goals (selected from predefined list)
  • Knowledge assessment answers

1.3 Usage and Activity Data

We automatically collect information about how you use our Platform:

  • Concept cards viewed and completed
  • Exam attempts, scores, and results
  • Learning progress and achievements
  • Points earned and badges received
  • Streak information
  • Feature usage patterns
  • Time spent on different sections
  • Startegizer conversation history
  • Market scan article interactions

1.4 Payment and Subscription Information

When you purchase a subscription or AI credits:

  • Payment method information (processed by Stripe - we do not store full card details)
  • Billing address
  • Subscription tier and status
  • Purchase history
  • AI credit balance and usage
  • Refund information (if applicable)

Note: Payment card information is processed securely by Stripe and is not stored on our servers. We only receive confirmation of successful transactions and subscription status.

1.5 Technical Information

We automatically collect technical information:

  • IP address
  • Browser type and version
  • Device information (type, operating system)
  • Screen resolution and display settings
  • Referrer URL
  • Access times and dates
  • Error logs and crash reports

1.6 Communication Data

If you contact us or submit feedback:

  • Contact information you provide
  • Message content
  • Support ticket history

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 Service Provision

  • Create and manage your account
  • Provide access to Platform features and content
  • Personalize your learning experience based on your profile
  • Track and display your learning progress
  • Process payments and manage subscriptions
  • Provide AI-powered features (Startegizer)
  • Deliver market scan articles and updates

2.2 Communication

  • Send important service updates and notifications
  • Respond to your inquiries and support requests
  • Send administrative information (account changes, security alerts)
  • Send marketing communications (with your consent - you can opt-out)

2.3 Improvement and Analytics

  • Analyze Platform usage and performance
  • Improve our services and develop new features
  • Conduct research and analytics
  • Identify and fix technical issues
  • Ensure Platform security and prevent fraud

2.4 Legal Compliance

  • Comply with legal obligations
  • Respond to legal requests and court orders
  • Enforce our Terms of Service
  • Protect our rights and the rights of our users
  • Prevent fraud and abuse

Lawful Basis (GDPR): We process your personal information based on: (1) Contract - to provide our services; (2) Consent - for marketing communications; (3) Legitimate Interest - for analytics and security; (4) Legal Obligation - to comply with applicable laws.

3. Disclosure of Your Information

We may disclose your personal information to:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Google Firebase: Authentication and user management
  • Stripe: Payment processing
  • Google Cloud Platform: Hosting, data storage, and AI services (Vertex AI/Gemini)
  • Cloud SQL: Database hosting

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose information if required by law or in response to:

  • Court orders or legal processes
  • Government requests
  • Regulatory investigations
  • To protect our rights or the rights of others
  • To prevent fraud or abuse

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

3.4 With Your Consent

We may share your information with other parties when you have given us explicit consent to do so.

4. Cross-Border Data Transfers

Your personal information may be stored and processed in countries outside of Australia, including:

  • United States: Google Cloud Platform data centers, Firebase, Stripe
  • European Union: Google Cloud Platform data centers (for EU users)
  • Other countries: Where our service providers operate

When we transfer personal information outside Australia, we take reasonable steps to ensure that:

  • The recipient is subject to laws that provide adequate protection (or we use appropriate safeguards)
  • We have contractual arrangements in place to protect your information
  • For EU users: We use Standard Contractual Clauses (SCCs) or other approved transfer mechanisms

By using our Platform, you consent to the transfer of your information to these countries.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Limited access to personal information on a need-to-know basis
  • Authentication: Secure authentication via Firebase
  • Regular Updates: Security patches and updates applied regularly
  • Monitoring: Security monitoring and intrusion detection
  • Backups: Regular backups with secure storage

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain security and prevent fraud

Specific retention periods:

  • Account Information: Retained while your account is active and for 7 years after closure (for legal compliance)
  • Payment Records: Retained for 7 years (tax and legal requirements)
  • Usage Data: Retained for 2 years after account closure
  • Marketing Data: Retained until you opt-out or withdraw consent

When we no longer need your information, we will securely delete or anonymize it.

7. Your Rights

Depending on your location, you have certain rights regarding your personal information:

7.1 Australian Privacy Act Rights

  • Access (APP 12): Request access to your personal information
  • Correction (APP 13): Request correction of inaccurate information
  • Complaint: Make a complaint about how we handle your information

7.2 GDPR Rights (EU Users)

  • Right to Access (Article 15): Obtain a copy of your personal information
  • Right to Rectification (Article 16): Correct inaccurate information
  • Right to Erasure (Article 17): Request deletion of your information ("right to be forgotten")
  • Right to Restrict Processing (Article 18): Limit how we use your information
  • Right to Data Portability (Article 20): Receive your data in a portable format
  • Right to Object (Article 21): Object to certain types of processing
  • Rights Related to Automated Decision-Making (Article 22): Not be subject to automated decision-making

7.3 CCPA Rights (California Users)

  • Right to Know: Know what personal information is collected, used, and disclosed
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us:

  • Email: startege.info@gmail.com
  • Subject: "Privacy Rights Request"
  • Include: Your account email and the specific right you wish to exercise

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

8. Direct Marketing

We may use your personal information to send you marketing communications about our services, including:

  • New features and updates
  • Educational content and resources
  • Special offers and promotions
  • Newsletters

Opt-Out: You can opt-out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in marketing emails
  • Updating your preferences in your account settings
  • Contacting us directly

We will not use sensitive information for direct marketing without your explicit consent.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information about our use of cookies, please see our Cookie Policy.

You can control cookies through your browser settings. However, disabling cookies may affect Platform functionality.

10. Children's Privacy

Our Platform is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.

11. Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will:

  • Notify affected users as soon as practicable
  • Notify the Office of the Australian Information Commissioner (OAIC) within 30 days (if required)
  • For EU users: Notify the relevant supervisory authority within 72 hours (if high risk)
  • Provide information about the breach and steps we are taking
  • Recommend actions you can take to protect yourself

12. Third-Party Links

Our Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification (for significant changes)
  • Displaying a notice on the Platform

Your continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact us:

Innovationera Pty Ltd

ACN: 643 136 752

Email: startege.info@gmail.com

Complaints: If you are not satisfied with how we handle your privacy complaint, you may contact:

  • Australia: Office of the Australian Information Commissioner (OAIC) - www.oaic.gov.au
  • EU: Your local data protection authority
  • UK: Information Commissioner's Office (ICO) - ico.org.uk