Privacy Policy

Last updated: 9 August 2025

This Privacy Policy explains how Hamiware (ABN 55 224 152 641) (“Hamiware”, “we”, “us”, “our”) collects, uses, discloses and protects personal information in connection with our websites hamiware.com and pulseowl.dev, the PulseOwl application at app.pulseowl.dev, our APIs, and our Slack app/bot (together, the “Services”). We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If we process personal data of individuals in the EEA/UK, the GDPR/UK GDPR addendum in Section 12 also applies.

1) What we collect

“Personal information” has the meaning given in the Privacy Act (information or an opinion about an identified individual, or an individual who is reasonably identifiable). We collect only what is reasonably necessary to operate and improve the Services. This includes:

  • Name, business email, organisation name and role/title.
  • Account and authentication information (including data received from our identity provider for sign-in).
  • Service usage, diagnostics and telemetry (e.g., device/IP headers, timestamps, pages or features used).
  • Cloud/integration metadata that you choose to connect on a read-only basis (e.g., configuration and status needed to deliver PulseOwl functionality). We do not ingest customer application data.
  • Communications you send to us (support requests, feedback).
  • Payment metadata (when paid plans commence). Card details are processed by our payment provider and are not stored by Hamiware.

We do not collect sensitive categories (e.g., health, biometric data). If you provide personal information about others, you must ensure you are authorised to do so and have notified them as required by law.

2) How we collect information

  • Directly from you (account creation, forms, emails, support, in-product actions).
  • Automatically via the Services (logs, telemetry, cookies/analytics—see Section 6).
  • From service providers and integrations you authorise (e.g., identity provider, cloud/integration endpoints on a read-only basis).
  • Public sources where appropriate (e.g., domain records) and only as permitted by law.

You may decline to provide information; however, some features may not work without it.

3) How we use information

  • Provide, operate, secure and support the Services you request.
  • Improve and develop the Services (including troubleshooting, testing, analytics).
  • Communicate with you about the Services, including important notices and support.
  • Billing and account administration when paid plans commence.
  • Comply with legal obligations and enforce our terms.

4) Direct marketing

We may send product updates and marketing communications where permitted by law. You can opt out at any time using the unsubscribe link in the message or by contacting [email protected]. We will continue to send service/transactional emails necessary to operate your account.

5) Disclosure of information

We disclose personal information only for purposes described in this Policy, including to trusted service providers who assist us in operating the Services. Examples include:

  • Hosting and infrastructure, networking and security.
  • Identity/authentication, customer support tools, and email delivery.
  • Product and website analytics.
  • Payments processing (when paid plans commence).
  • Professional advisers and auditors, where required.

We may also disclose information if required or authorised by law, in connection with a transaction (e.g., merger/acquisition), or with your consent. We do not sell personal information.

6) Cookies & analytics

We use cookies and similar technologies to operate the Services and understand usage. On our sites and app we currently use Google Analytics and PostHog. You can control cookies via your browser settings; blocking some cookies may impact functionality. We may update our analytics tools over time and will update this Policy accordingly.

7) Service providers & subprocessors

To deliver the Services, we use service providers that process personal information on our behalf (“subprocessors”). Our current core providers include:

  • AWS (hosting/IaaS), Cloudflare (DNS/DDoS/CDN).
  • Clerk (authentication & sessions).
  • Google Analytics and PostHog (analytics).
  • Stripe (payments) when paid plans commence.
  • Optional AI model providers for specific features (e.g., OpenAI or Anthropic) if enabled; where used, we require safeguards appropriate to enterprise use and do not permit providers to use your content to train their models.

We may add or replace providers as our Services evolve. Material changes will be reflected in this Policy.

8) Data retention & deletion

We retain personal information only for as long as necessary for the purposes described in this Policy or as required by law. Operational logs may be retained briefly for security and audit.

On verified request to close your account, we will delete or de-identify personal information within 48 hours, subject to legal retention obligations. Confirmation will be provided once complete.

9) Security

We implement reasonable administrative, technical and organisational measures to protect personal information (including encryption in transit and at rest, access controls, and network protections).

No method of transmission or storage is completely secure. If a data breach occurs that is likely to result in serious harm, we will notify affected individuals and regulators as required by law and as soon as practicable given the circumstances.

10) International transfers

Our service providers may process personal information outside Australia. Where we transfer personal information overseas, we take reasonable steps to ensure recipients protect it in a way that is consistent with applicable privacy laws (for example, by using contractual protections).

11) Your rights: access, correction, deletion

You may request access to, or correction of, the personal information we hold about you, and you may request deletion subject to legal retention requirements. We will respond within a reasonable time (normally within 30 days) after verifying your identity. We do not charge a fee unless a request is manifestly unfounded or excessive.

To make a request, contact us at [email protected].

12) GDPR/UK GDPR addendum (if you are in the EEA/UK)

When the GDPR/UK GDPR applies, Hamiware is the data “controller” for personal data processed via the Services. Legal bases for processing typically include:

  • Contract (to provide and support the Services you request).
  • Legitimate interests (e.g., service improvement, security, and fraud prevention).
  • Consent (e.g., certain marketing or optional features), which you can withdraw at any time.
  • Legal obligation (where processing is required by law).

You may have additional rights, including: access; rectification; erasure; restriction; portability; and objection to processing (including direct marketing). You also have the right to lodge a complaint with your local supervisory authority.

For international transfers, we use appropriate safeguards (e.g., contractual protections) to protect your personal data. To exercise rights, contact [email protected].

13) Children

The Services are intended for business users and are not directed to individuals under 18. If we learn we have collected personal information from a minor, we will delete it.

14) Complaints & contact

Questions, requests, or complaints about this Policy or our handling of personal information can be sent to [email protected]. We will respond as soon as reasonably practicable and within required timeframes.

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner at www.oaic.gov.au.

15) Changes to this Policy

We may update this Policy to reflect changes to our practices or applicable laws. We will post the updated version on this page with a new “Last updated” date. If changes are material, we will provide additional notice where appropriate.