Privacy Policy

Effective date: 1 May 2026  ·  Last updated: 1 May 2026

This Privacy Policy explains how ProPath Group ABN 58 799 467 500 ("ProPath", "we", "us", "our") collects, uses, stores, and discloses personal information when you use the ProPath platform and its associated applications (collectively, the "Services").

We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using the Services, you consent to the practices described in this policy.

Contents

  1. 1. Who We Are
  2. 2. What Information We Collect
  3. 3. How We Use Your Information
  4. 4. Third-Party Services and Disclosure
  5. 5. How We Store Your Data
  6. 6. How Long We Keep Your Data
  7. 7. Your Rights
  8. 8. Cookies and Usage Tracking
  9. 9. Children's Privacy
  10. 10. Changes to This Policy
  11. 11. Contact Us

1. Who We Are

ProPath is an Australian SaaS (software as a service) business providing cloud-based tools for businesses across multiple industries. Our platform includes applications for:

  • Social media management — AI-assisted content generation and automated scheduling to Instagram and Facebook for businesses.
  • Manufacturing and operations — workforce time tracking, job management, and production monitoring tools.
  • Business administration — subscription management, account access, and client portal tools.
  • Such other industry-focused applications as ProPath develops and offers from time to time.

Our website is propath.com.au. The platform is accessed at cdi.propath.com.au.

2. What Information We Collect

2.1 Account and identity information. When you register or subscribe, we collect your name, business name, email address, and billing details (billing details are handled directly by Stripe — we do not store your card number or bank account details).

2.2 Content you upload. Depending on the Services you use, we may collect images, videos, and other media files you upload to the platform (for example, for social media publishing). We also collect any captions, notes, or instructions you provide alongside that content.

2.3 Business contact data. If you use our CRM or lead management tools, we collect the business contact information you enter (names, email addresses, phone numbers, and business details of your leads and customers). You are responsible for ensuring you have the right to store and process that information.

2.4 Usage and technical data. We collect logs of your activity on the platform, including pages accessed, actions taken, IP address, browser type, and session tokens. This is used for security, support, and improving the Services.

2.5 Communications. If you contact us by email or through the platform, we retain a record of that correspondence.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Services
  • Process your subscription and manage your account
  • Publish content to your connected social media accounts at your direction
  • Generate AI-assisted captions and content suggestions using your uploaded media
  • Send you transactional communications (receipts, account alerts, product updates)
  • Troubleshoot technical issues and respond to support requests
  • Maintain the security and integrity of our systems
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising purposes or share it with other businesses for their own marketing.

4. Third-Party Services and Disclosure

To deliver the Services, we share certain information with the following third-party providers. Each provider is contractually required to handle data securely and in accordance with applicable law.

Stripe — Payment Processing

Subscription payments are processed by Stripe, Inc. Stripe collects and stores your payment card information directly and securely. We do not receive or store your card details. See stripe.com/au/privacy.

OpenAI — AI Content Generation

When you use ProPath's AI-assisted caption or content generation features, images, video frames, and associated context notes you upload are sent to OpenAI's API for processing. OpenAI is based in the United States. By using these features, you consent to your content being processed by OpenAI for the purpose of generating responses on your behalf. We do not use your content to train AI models. See openai.com/policies/privacy.html.

Meta (Facebook and Instagram) — Social Publishing

If you connect your Facebook or Instagram business accounts, content you schedule for publication is transmitted to Meta's Graph API on your behalf. This includes images, videos, and captions. Your use of connected Meta accounts is also subject to Meta's own terms and data policies. See facebook.com/privacy/policy.

Email Delivery

We use an internal mail server to send transactional emails (account notifications, receipts, password resets). Your email address is used solely for service-related communications.

We may also disclose your personal information where required or permitted by law, including to regulators, law enforcement, or in connection with legal proceedings.

5. How We Store Your Data

Your data is stored on our own servers located in Australia (Ubuntu/Linux environment). We take reasonable technical and organisational measures to protect your information, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Strict access controls — only authorised personnel can access production systems
  • Daily encrypted backups to network-attached storage
  • Passwords stored using industry-standard one-way hashing (bcrypt)
  • Authentication tokens cryptographically signed with Ed25519

Note that some content you upload (images and video frames) is transmitted to OpenAI's servers in the United States for AI processing, as described in section 4. OpenAI applies its own data security measures to that content.

6. How Long We Keep Your Data

We retain your personal information for as long as necessary to:

  • Deliver the Services you have subscribed to or accessed
  • Provide ongoing customer support
  • Meet legal, regulatory, and accounting obligations (typically 7 years for financial records)

On cancellation of your subscription, your account data and uploaded content are retained for 30 days before deletion, giving you time to export anything you need. System logs are reviewed and purged regularly. We may retain anonymised or aggregated data (from which you cannot be identified) indefinitely for analytical purposes.

7. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or out-of-date information
  • Request deletion of your personal information (subject to our legal retention obligations)
  • Withdraw consent to marketing or promotional communications at any time
  • Complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have handled your information in breach of the APPs

To exercise any of these rights, contact us at support@propath.com.au. We will respond within a reasonable time and no later than 30 days.

Data Deletion — Connected Facebook & Instagram Accounts

If you have connected a Facebook Page or Instagram Business account to ProPath Socials, we store access tokens and basic page information (page name, page ID) to publish content on your behalf. You can remove this data at any time:

  1. Disconnect from within the portal — Log in to your ProPath Socials portal at cdi.propath.com.au/socials/portal/, go to Settings → Social Media Accounts, and click Disconnect. This immediately revokes our access and deletes your stored tokens.
  2. Revoke access via Facebook — Go to Facebook Settings → Apps and Websites, find ProPath Socials, and click Remove. This revokes our permissions at the Meta platform level.
  3. Request full data deletion — Email us at support@propath.com.au and we will delete all data associated with your connected accounts within 30 days.

8. Cookies and Usage Tracking

The ProPath platform uses session cookies and authentication tokens to keep you logged in and protect your account. These are essential for the Services to function and cannot be disabled without preventing login.

We do not currently use third-party advertising cookies or behavioural tracking cookies. We do not use Google Analytics or similar third-party analytics services on the authenticated platform. Our public marketing website (propath.com.au) may use basic analytics to understand visitor traffic; no personally identifiable information is collected for this purpose.

9. Children's Privacy

The Services are intended for use by businesses and are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal obligations, or data handling practices. When we make material changes, we will notify you by email to your registered address at least 14 days before the changes take effect. The updated policy will also be posted at propath.com.au/policy.html with a revised effective date.

11. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or the handling of your personal information, please contact us:

ProPath Group

Since 1999

ABN: 58 799 467 500

Email: support@propath.com.au

Website: propath.com.au


© 2026 ProPath Group — Since 1999. All rights reserved.  ·  Terms of Service