Privacy Policy
The Board Cartel Pty Ltd ("The Board Cartel", "we", "us") is committed to protecting the privacy of individuals who use our board governance platform. This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and the rights you have in relation to your information.
We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using the The Board Cartel platform you consent to the collection and use of your information as described in this Policy.
1. Information We Collect
We collect information that is necessary to provide you with access to the The Board Cartel board portal. This includes:
- Account information: name, email address, role (administrator or director), and a securely hashed password.
- Profile information: optional profile photo, board role or title, and contact details you choose to add.
- Governance records: meeting agendas and minutes, board papers, conflict of interest declarations, action items, risk register entries, and calendar events that you or your organisation create within the platform.
- Communication content: messages posted to the board message board.
- Usage data: log data including IP address, browser type, pages visited, and timestamps, used for security monitoring and service improvement.
- Billing information: processed by our payment provider (Stripe). We do not store full credit card details on our servers.
2. How We Use Your Information
We use personal information to:
- Provide, maintain, and improve the The Board Cartel platform.
- Authenticate users and enforce access controls.
- Send transactional emails such as meeting notifications, password resets, and document-signing requests.
- Respond to support enquiries.
- Comply with legal obligations, including requirements under the Corporations Act 2001 (Cth) relevant to board governance records.
- Analyse aggregated, de-identified usage patterns to improve features.
We do not sell personal information to third parties. We do not use personal information for direct marketing without your explicit consent.
3. Disclosure of Information
We may disclose personal information to:
- Other board members in your organisation — names and profiles are visible to other users in the same The Board Cartel account as necessary for governance functions.
- Service providers — trusted sub-processors including Microsoft Azure (hosting and storage), Stripe (payments), and Resend (transactional email). These providers are contractually bound to handle data securely and not use it for their own purposes.
- Law enforcement or regulators — where required by Australian law or a valid court order.
We do not transfer personal information outside Australia except where our sub-processors operate overseas infrastructure with appropriate safeguards.
4. Data Retention
We retain personal information and governance records for the duration of your organisation's subscription plus seven (7) years, after which data is securely deleted or anonymised. This retention period reflects common legal obligations for board records under Australian company and charity law.
You may request earlier deletion of your personal profile information (see Section 6 below), subject to our legal obligations to retain certain records.
5. Security
We take reasonable steps to protect personal information from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. Our security practices include AES-256 encryption at rest, TLS in transit, role-based access controls, and audit logging. For full details, see our Security page.
6. Access, Correction, and Complaints
Under the Australian Privacy Principles you have the right to access the personal information we hold about you and to request corrections. You may also make a complaint if you believe we have breached the APPs.
To exercise these rights or to lodge a complaint, contact our Privacy Officer at privacy@theboardcartel.com.au. We will respond within 30 days.
If you are unsatisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
7. Cookies
The The Board Cartel application uses a single session token stored in the browser's local storage for authentication. We do not use third-party tracking cookies or advertising cookies.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify account administrators by email and update the "Last updated" date at the top of this page. Continued use of the platform after changes constitutes acceptance of the revised policy.
9. Contact
The Board Cartel Pty Ltd
Level 2, 123 Collins Street, Melbourne VIC 3000
Email: privacy@theboardcartel.com.au