← Back to Legal

Privacy Policy

Last Updated: January 2025

1. Introduction

Adam McVeigh trading as TapHead.co ("HeadOS", "we", "us", or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based business management platform and related services (the "Service").

By accessing or using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when registering for and using the Service, including:

  • Account information: name, email address, phone number, business name, and password
  • Business information: industry type, business address, ABN/tax identifiers
  • Payment information: billing address and payment card details (processed securely via Stripe)
  • Customer Data: all data you input into the Service including customer records, invoices, inventory, production data, and communications
  • Support communications: messages sent to our support team

2.2 Information Collected Automatically

When you access the Service, we automatically collect:

  • Device information: browser type, operating system, device identifiers
  • Log data: IP address, access times, pages viewed, referring URLs
  • Usage data: features used, actions taken within the Service
  • Location data: general geographic location based on IP address

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to maintain your session, remember preferences, and analyse usage patterns. You can control cookies through your browser settings, though disabling them may affect Service functionality.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Send administrative messages, updates, and security alerts
  • Respond to your comments, questions, and support requests
  • Analyse usage to improve features and user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms
  • Send marketing communications (with your consent, where required)

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers: We share information with third-party vendors who perform services on our behalf, including payment processing (Stripe), email delivery, cloud hosting (Cloudflare), and analytics. These providers are contractually obligated to protect your information.

Integrations: If you connect third-party services (e.g., QuickBooks, Xero), we share necessary data to enable the integration as you direct.

Legal Requirements: We may disclose information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

With Your Consent: We may share information for other purposes with your explicit consent.

5. Data Security

We implement appropriate technical and organisational measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication and access controls
  • Regular security assessments and monitoring
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. After account termination, we retain data for 30 days to allow for reactivation or data export, after which it may be permanently deleted.

We may retain certain information longer as required by law (e.g., tax records) or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Data Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing of your information for certain purposes.
  • Marketing Opt-Out: Unsubscribe from marketing communications at any time via the link in our emails or by contacting us.

To exercise these rights, please contact us at info@taphead.co. We will respond within 30 days.

8. International Data Transfers

HeadOS is based in Australia. Your information may be transferred to and processed in countries other than your own, including countries that may have different data protection laws. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where applicable.

9. Australian Privacy Principles

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). Australian residents may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if they believe we have breached the APPs.

10. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local supervisory authority. Our legal bases for processing include contract performance, legitimate interests, and consent where required.

11. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Adam McVeigh trading as TapHead.co
Privacy Officer
Email: info@taphead.co
Website: www.taphead.co

Your privacy matters to us. Thank you for trusting HeadOS with your business.