HomePrivacy Policy

Privacy Policy

How Rundeck collects, uses, and protects your personal information — in compliance with the Australian Privacy Act 1988 and the Australian Privacy Principles.

Last updated: 7 April 2026
This Privacy Policy applies to Rundeck, a product of Abide Media Group ABN 95 696 579 683. By using Rundeck, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our services.

1. Overview

Rundeck ("we", "us", "our") is committed to protecting the privacy of all individuals who use our platform, including business owners, managers, and their staff members. We operate in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy explains what personal information we collect, why we collect it, how we use and disclose it, and how you can access or correct it. It applies to all users of rundeck.com.au and any associated mobile applications or services.

2. Information we collect

We collect personal information in two ways: information you provide directly, and information collected automatically when you use the platform.

Information you provide

  • Account registration details: name, email address, business name, ABN (optional)
  • Staff records: employee names, email addresses, phone numbers, roles, employment type, pay rate information
  • Operational data: roster schedules, timesheet entries, clock-in and clock-out records, leave requests
  • Checklist submissions, cash count records, stock take data, incident and maintenance reports
  • Photos submitted via the Store Photos feature
  • Messages sent through the Team Messaging feature
  • Payment and billing information (processed securely by our payment provider — we do not store full card details)
  • Communications you send us (e.g. support requests, emails)

Information collected automatically

  • Device type, browser type, and operating system
  • IP address and approximate location (country/region)
  • Pages visited, features used, and time spent on the platform
  • Session data and authentication tokens
  • Error logs and performance data used to diagnose issues

3. How we use your information

We use the personal information we collect only for legitimate purposes directly related to operating and improving Rundeck. These purposes include:

  • Providing and operating the Rundeck platform and its features
  • Creating and managing your account
  • Processing subscription payments and managing billing
  • Sending transactional communications (e.g. account confirmations, invoices, password resets)
  • Providing customer support and responding to enquiries
  • Improving the platform through usage analytics and error monitoring
  • Complying with our legal obligations
  • Detecting and preventing fraud, abuse, or unauthorised access

We do not sell, rent, or trade your personal information to third parties. We do not use your information for unsolicited direct marketing without your consent.

4. Disclosure to third parties

We share personal information with third-party service providers only to the extent necessary to deliver our services. All third parties are bound by appropriate data processing agreements and are required to handle data securely.

Our key sub-processors

  • Supabase Inc. — database hosting and authentication. Your data is stored on Supabase infrastructure (AWS, US East region). Supabase is SOC 2 Type II certified.
  • Vercel Inc. — application hosting and content delivery. Servers are located in the United States and Australia (via CDN edge nodes).
  • Google LLC — optional Google OAuth sign-in. No additional data is shared with Google beyond the authentication process.
  • Stripe Inc. — payment processing. Stripe is PCI-DSS Level 1 certified. We never store raw card numbers.
  • Resend / email provider — transactional email delivery (e.g. invitations, password resets).

We may also disclose personal information where required by law, court order, or a request from a law enforcement agency with appropriate authority.

5. Cross-border disclosure

Some of our third-party service providers are located outside Australia, primarily in the United States. By using Rundeck, you consent to your personal information being transferred to and stored in these countries for the purposes described in this policy.

Where personal information is transferred overseas, we take reasonable steps to ensure recipients handle it in a way that is consistent with the Australian Privacy Principles (APP 8).

6. Data security

We take the security of your personal information seriously and implement a range of technical and organisational measures, including:

  • All data is encrypted in transit using TLS 1.2 or higher
  • All data is encrypted at rest using AES-256
  • Access to production systems is restricted to authorised personnel only
  • Row-level security (RLS) policies ensure businesses can only access their own data
  • Authentication supports secure password policies and optional OAuth via Google
  • Regular security reviews and dependency updates

No method of transmission or storage is 100% secure. In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act.

See our Security page for more detail on our infrastructure and practices.

7. Data retention

We retain personal information for as long as your account is active or as needed to provide our services. Specifically:

  • Active account data is retained for the duration of your subscription
  • Upon account cancellation, we retain your data for 90 days to allow recovery if required
  • After 90 days post-cancellation, data is deleted from our production systems
  • Anonymised analytics data may be retained indefinitely
  • Backups may persist for up to 30 days beyond deletion from production systems

You may request early deletion of your data by contacting us at hello@rundeck.com.au.

8. Your rights

Under the Australian Privacy Act and Privacy Principles, you have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correction — request correction of inaccurate or incomplete information
  • Deletion — request deletion of your personal information (subject to legal obligations)
  • Opt-out of marketing — unsubscribe from any marketing communications at any time
  • Portability — request your data in a portable format (e.g. CSV export of timesheets, rosters)
  • Complaints — lodge a complaint if you believe we have mishandled your information

To exercise any of these rights, contact us at hello@rundeck.com.au. We will respond within 30 days.

9. Cookies & tracking

Rundeck uses cookies and similar technologies to operate and improve the platform. We use:

  • Strictly necessary cookies — required for authentication and session management. These cannot be disabled.
  • Analytics cookies — used to understand how users interact with the platform. These may be disabled without affecting core functionality.
  • Preference cookies — store your settings and preferences (e.g. selected location).

We do not use advertising or cross-site tracking cookies. You can manage cookies through your browser settings. Disabling strictly necessary cookies may prevent you from logging in.

10. Children's privacy

Rundeck is designed for use by businesses and their staff. We do not knowingly collect personal information from individuals under the age of 15. If you believe a person under 15 has provided us with personal information, please contact us immediately and we will take steps to delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify account holders via email and update the "Last updated" date at the top of this page. Continued use of Rundeck after changes are posted constitutes acceptance of the updated policy.

12. Contact & complaints

If you have questions, concerns, or a complaint about how we handle your personal information, please contact our Privacy Officer:

  • Email: hello@rundeck.com.au
  • Subject line: Privacy Enquiry
  • Response time: Within 30 days

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001