Privacy Policy
Last Updated: 14 February 2025
At carnavexilo, we believe your financial data deserves serious protection. This isn't just another legal document – it's our commitment to you about how we handle the information you share with us.
We've tried to keep this straightforward. If something feels unclear or you want more details about any part of our privacy practices, reach out to us directly. We're happy to talk through anything.
Who We Are and What This Covers
carnavexilo (ABN registered in Australia) operates from 13/14 Holbeche Rd, Arndell Park NSW 2148. We provide business activity analysis tools that help companies understand their financial patterns better.
This policy applies to all data we collect through our platform, including when you visit our website, sign up for our services, or interact with our support team. It covers information collected directly from you and data generated through your use of our analysis tools.
We comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and relevant state regulations. For international users, we also align with applicable data protection standards in your jurisdiction.
Information We Collect
What You Give Us Directly
When you create an account or use our services, you provide us with certain information. We collect your name, email address, phone number, and business details during registration. Payment information goes through our secure processors – we don't store complete card numbers on our systems.
Financial Data You Upload
Our platform analyses business activity, which means you'll upload financial records, transaction histories, or accounting data. We process this information to generate insights and reports. The specific data varies based on what you need analysed, but it might include revenue figures, expense categories, cash flow patterns, or customer transaction records.
Technical Information
Like most online services, we automatically collect certain technical data. This includes your IP address, browser type, device information, and how you interact with our platform. We track which features you use most, where you spend time, and what analysis tools you access.
| Data Category | Purpose | Retention Period |
|---|---|---|
| Account Information | Service delivery and authentication | Duration of account + 7 years |
| Financial Records | Analysis and reporting generation | Duration of account + 7 years |
| Usage Analytics | Platform improvement and support | 24 months |
| Communication Records | Support and service quality | 3 years from last contact |
How We Use Your Information
Your data serves specific purposes. We use it to deliver the analysis services you've signed up for, process your requests, and maintain your account. Our algorithms analyse your financial data to identify patterns, generate reports, and provide actionable insights about your business activity.
We also use information to improve our platform. This means looking at how users interact with different features, which analysis tools get used most, and where people encounter difficulties. Sometimes we'll reach out with tips about features you might find helpful based on your usage patterns.
Important: We never sell your financial data to third parties. Your business information stays confidential and is used solely for providing you with analysis services and platform improvements.
Communication is another key use. We'll send you service updates, respond to support queries, and occasionally share educational content about business analysis that relates to your industry. You can adjust these communication preferences in your account settings.
Sharing and Disclosure
We limit data sharing significantly. Here's who might access your information and why:
- Service Providers: Cloud hosting partners (AWS Sydney region), payment processors, and email service providers. These companies operate under strict confidentiality agreements.
- Legal Requirements: If Australian authorities issue valid legal demands, or if we need to protect our rights or prevent fraud. We'll notify you when legally permitted.
- Business Transitions: If carnavexilo is acquired or merges with another company, your data transfers to the new entity under equivalent privacy protections.
- With Your Permission: If you explicitly authorise us to share information with your accountant, financial advisor, or other professionals.
We don't share aggregated or anonymised data with research partners or industry analysts. Your specific business information remains private and identifiable data never leaves our controlled systems without explicit authorisation.
Your Rights and Control
Australian privacy law gives you substantial control over your personal information. You can exercise these rights by contacting us directly – we've kept the process simple.
Access Your Data
Request a complete copy of all personal and financial data we hold about you. We'll provide this in a readable format within 30 days.
Correct Information
Update inaccurate details or add missing information. Most account data can be edited directly through your dashboard.
Delete Your Account
Request complete deletion of your account and associated data. Note that some financial records may need retention for legal compliance.
Export Your Data
Download your financial data and analysis reports in portable formats. This helps if you're switching to another service.
Restrict Processing
Limit how we use certain information while keeping your account active. Useful if you're disputing data accuracy.
Object to Processing
Challenge specific uses of your data, particularly for marketing or analytics purposes not essential to service delivery.
To exercise any of these rights, email us at support@carnavexilo.com with your account details and specific request. We'll respond within 5 business days and complete most requests within 30 days. Complex requests might take longer – we'll keep you updated.
Security Measures
Financial data demands serious security. We've implemented multiple layers of protection across our systems.
All data transmits via TLS 1.3 encryption. Stored information uses AES-256 encryption at rest. Our servers operate in Australian data centres with physical security controls and 24/7 monitoring. Access to financial data is restricted through role-based permissions – only staff who genuinely need access for their work can view it.
We maintain regular security audits, conduct penetration testing twice yearly, and have incident response procedures ready. Staff undergo annual security training and sign strict confidentiality agreements.
Two-factor authentication is available for all accounts. We strongly recommend enabling it – adds another barrier against unauthorised access even if someone gets your password.
No system is completely invulnerable. If we detect a data breach affecting your information, we'll notify you within 72 hours and explain what happened, what data was involved, and what steps we're taking.
Data Retention
We keep your information as long as your account remains active, plus additional periods required by Australian financial regulations. Most financial records must be retained for 7 years after you close your account – this isn't our choice but a legal requirement under tax and corporate law.
Usage analytics and technical logs get deleted after 24 months. Communication records (support emails, chat transcripts) stay for 3 years from your last interaction. Marketing preferences are deleted immediately when you opt out.
If you close your account, we delete unnecessary personal data within 60 days. Financial records move to secure archival storage with restricted access until the retention period expires. After that, everything gets permanently deleted using secure data destruction methods.
Cookies and Tracking
Our platform uses cookies to function properly. Essential cookies handle authentication, remember your preferences, and maintain security. Without these, you can't use the service effectively.
Analytics cookies help us understand usage patterns and improve features. These track which tools get used, where users encounter problems, and how people navigate through analysis workflows. You can disable these through browser settings, though it limits our ability to improve your experience.
We don't use advertising cookies or third-party tracking for marketing purposes. No information gets shared with ad networks or data brokers.
International Transfers
Your data primarily stays in Australia. Our servers are located in AWS Sydney region, and most processing happens domestically.
Limited situations require international transfers – for example, if our email service provider routes messages through overseas servers, or if you specifically request access while travelling abroad. When this happens, we ensure adequate protection through standard contractual clauses and encryption.
If you're based outside Australia and use our services, your data comes to Australian servers. We treat it with the same protections described here.
Children's Privacy
carnavexilo provides business analysis services intended for commercial use. We don't knowingly collect information from anyone under 18. Our platform isn't designed for or marketed to children.
If we discover we've accidentally collected data from someone underage, we'll delete it immediately. Parents or guardians who believe their child has provided us information should contact us straight away.
Changes to This Policy
Privacy practices evolve. We'll update this policy when we add new features, change how we handle data, or need to comply with new regulations.
Significant changes get announced via email to all active accounts at least 30 days before taking effect. Minor clarifications or updates that don't change how we handle your data might happen without advance notice, but we'll always post the current version here with the update date.
Continuing to use carnavexilo after changes take effect means you accept the updated policy. If you disagree with changes, you can close your account before they become active.
Third-Party Links
Our platform occasionally links to external resources – industry articles, regulatory websites, or partner tools. We're not responsible for those sites' privacy practices. They operate under their own policies.
Before providing personal information to any external site, check their privacy policy. Our protections don't extend beyond our platform.