Privacy Policy

Rosze Pty Ltd trading as Crafted Portals | ABN 36 108 066 066

Effective Date: 30 April 2026

Privacy

Your Data & Privacy

This Privacy Policy describes how Rosze Pty Ltd trading as Crafted Portals, ABN 36 108 066 066 (“we”, “us”, or “our”) collects, uses, stores, and discloses personal information in connection with the TrainerOne software-as-a-service platform (the “Service”). This Privacy Policy is incorporated by reference into the SaaS Licence Agreement (“Agreement”) governing Your use of the Service.

We are committed to protecting Your privacy and handling Your personal information responsibly and in accordance with applicable Australian law.

  1. DEFINITIONS
    1. “Personal Information” has the meaning given in the Privacy Act 1988 (Cth) — information or an opinion about an identified, or reasonably identifiable, individual.
    2. “Sensitive Information” has the meaning given in s 6 of the Privacy Act 1988 (Cth), and includes health information.
    3. “Licensee Data” means any data, content, or information uploaded, submitted, stored, or generated by You through the Service, including any Personal Information or Sensitive Information of Your clients, employees, or other third parties.
    4. “Telemetry Data” means data collected automatically about usage of the Service, including performance metrics, feature usage patterns, error logs, and system diagnostics. Telemetry Data may include technical identifiers (such as IP address and device information) that constitute Personal Information under the Privacy Act 1988 (Cth).
  2. LICENSEE DATA AND YOUR PRIVACY OBLIGATIONS
    1. The Licensee retains ownership of all Licensee Data as set out in the Agreement. Licensee Data may contain Personal Information and, depending on the Licensee’s use of the Service, Sensitive Information belonging to the Licensee’s clients, employees, or other third parties.
    2. As between the parties, the Licensee is the entity that collects, holds, and is responsible for Personal Information contained in Licensee Data. We act as a processor on the Licensee’s behalf, handling Licensee Data only on the Licensee’s instructions to provide, maintain, and support the Service. We do not use Licensee Data for any independent commercial purpose.
    3. The Licensee is solely responsible for ensuring that it has obtained all necessary consents and authorisations to collect, store, and process any Personal Information or Sensitive Information contained within Licensee Data, and that its use of the Service complies with all applicable Commonwealth and state privacy laws, including any obligation to maintain its own privacy policy.
    4. The Licensee warrants that, where Licensee Data includes Personal Information of individuals under 18 years of age, it has obtained parental or guardian consent (or otherwise has lawful authority to collect and process that information). The Service is not directed at children, and we do not knowingly collect Personal Information from children other than as Licensee Data submitted by the Licensee.
    5. Nothing in this Privacy Policy is intended to override or replace the Licensee’s own privacy obligations to its clients, employees, or other third parties whose Personal Information may be contained within Licensee Data.
  3. INFORMATION WE COLLECT
    1. Account Information: When You register for the Service, we collect Your name, email address, organisation name, and any other information You provide during account creation.
    2. Licensee Data: We store data that You upload, submit, or generate through Your use of the Service, as described in clause 2 above.
    3. Payment Information: If You subscribe to a paid plan, we collect billing details necessary to process payments. Payment processing is handled by third-party payment processors and we do not store full credit card numbers on our systems.
    4. Usage and Telemetry Data: We automatically collect Telemetry Data about how You interact with the Service, including pages visited, features used, browser type, device information, IP address, and timestamps.
    5. Cookies: The Service uses cookies and similar technologies in the following categories: (a) essential cookies , required to authenticate You and maintain Your session — disabling these will prevent the Service from functioning; (b) preference cookies , which remember settings such as theme and locale; and (c) analytics cookies , used to measure usage and diagnose errors. You may disable non-essential cookies in Your browser settings.
    6. Support Data: When You contact us for support, we collect the information You provide in Your support request, including error messages, screenshots, and any Licensee Data accessed during troubleshooting as described in the Agreement.
  4. HOW WE USE YOUR INFORMATION
    1. We use the information we collect for the following purposes:
      1. To provide, operate, and maintain the Service.
      2. To process Subscription payments and manage Your account.
      3. To provide technical support and respond to Your enquiries.
      4. To monitor, analyse, and improve the performance, security, and functionality of the Service.
      5. To send You transactional and service-related communications, including account notifications, billing notices, security alerts, scheduled-maintenance notices, and changes to this Privacy Policy or the Agreement. These communications are necessary for Your use of the Service and cannot be opted out of while Your account is active.
      6. To comply with legal obligations and enforce our Agreement.
      7. To collect Telemetry Data for performance, optimisation, improvement, statistics, and debugging purposes as described in the Agreement.
    2. We will not use Your Personal Information for purposes other than those described in this Privacy Policy without Your consent, unless required or authorised by law.
  5. DISCLOSURE OF YOUR INFORMATION
    1. We do not sell, rent, or trade Your Personal Information to third parties.
    2. We may disclose Your information to:
      1. Third-party sub-processors who assist us in operating the Service. These providers use Your information only for the purposes for which it was disclosed and are bound by confidentiality and data-handling obligations consistent with this Privacy Policy. Our current sub-processors include:
        1. Laravel Cloud (cloud hosting)
        2. Laravel Nightwatch (application monitoring and telemetry)
        3. Amazon Web Services (email delivery and file storage)
        4. Stripe (payment processing and subscription billing)
      2. Law enforcement, regulatory authorities, or other third parties where required by law, regulation, court order, or governmental request.
      3. A successor entity in the event of a merger, acquisition, or sale of all or a portion of our assets, in which case Your information may be transferred as part of that transaction.
  6. DATA STORAGE AND SECURITY
    1. Licensee Data is hosted on cloud infrastructure located in Australia by default. Certain ancillary services (including payment processing, application monitoring, and email delivery) may be operated by sub-processors located outside of Australia. We select sub-processors that, in our reasonable judgement, apply appropriate security and privacy controls.
    2. We implement commercially reasonable technical and organisational measures to protect Your information against unauthorised access, loss, destruction, or alteration. These measures include encryption in transit and at rest, access controls, regular security reviews, and support for multi-factor authentication. Where multi-factor authentication is enabled for a portal or user role, the Licensee and its users are required to complete it before accessing the Service.
    3. We perform an automated daily backup of the Licensee’s database, stored as a compressed dump in the Licensee’s own Amazon S3 bucket. The Licensee owns and controls these backups directly and is responsible for the security and lifecycle of objects in its own S3 bucket.
    4. If we become aware of unauthorised access to, or unauthorised disclosure or loss of, Licensee Data, we will notify the Licensee without undue delay and provide reasonable assistance to enable the Licensee to assess and meet any notification obligations it may have under applicable law.
    5. While we take reasonable steps to protect Your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of Your information.
  7. DATA RETENTION
    1. We retain Your Personal Information and Licensee Data while Your Subscription is active and for as long as it is needed to provide the Service.
    2. Upon termination of the Agreement, we will permanently delete Licensee Data from our operational systems within thirty (30) days. The daily database backups stored in the Licensee’s own Amazon S3 bucket are unaffected and remain under the Licensee’s sole control.
    3. We may retain certain information after account closure where required by law, for legitimate business purposes (such as resolving disputes or enforcing the Agreement), or as part of anonymised or aggregated data sets that no longer identify any individual.
  8. YOUR RIGHTS
    1. You have the right to:
      1. Request access to the Personal Information we hold about You.
      2. Request correction of any inaccurate, incomplete, or out-of-date Personal Information.
      3. Request deletion of Your Personal Information, subject to any legal obligations we may have to retain certain records.
    2. To exercise any of these rights, please contact us using the details in clause 11. We will respond to Your request within a reasonable timeframe.
  9. OVERSEAS DISCLOSURE
    1. Licensee Data is hosted in Australia by default. Where ancillary services (such as payment processing, application monitoring, or email delivery) involve disclosure of Personal Information to sub-processors located outside of Australia, we select sub-processors that, in our reasonable judgement, apply appropriate security and privacy controls. The list of our current sub-processors is set out in clause 5.
  10. CHANGES TO THIS PRIVACY POLICY
    1. We may update this Privacy Policy from time to time. Material changes will be communicated to You via the Service or by email at least thirty (30) days before taking effect. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.
    2. We encourage You to review this Privacy Policy periodically to stay informed about how we protect Your information.
  11. CONTACT
    1. If You have any questions about this Privacy Policy, wish to exercise Your privacy rights, or wish to make a complaint, please contact us at hello@craftedportals.com.

--- End of Privacy Policy ---