Privacy Policy
Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.
Last updated: 5 March 2026
About This Policy
This Privacy Policy applies to Disaster Recovery Pty Ltd (ABN: 85 151 794 142), trading as "Disaster Recovery", "NRPG" (National Restoration Partners Guild), and "Restore Assist". This policy covers all personal information collected through our platform at https://disasterrecovery.com.au and any associated applications. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs 1–13), as well as the New Zealand Privacy Act 2020 and Information Privacy Principles (IPPs 1–13).
1. Information We Collect
APP 3 — Collection of Solicited Personal Information | IPP 1–4
Personal Information
We collect personal information that is reasonably necessary for our functions and activities. We collect this information directly from you, or with your consent, from third parties:
- Full name and contact details (email address, postal address)
- Property address and damage or project details
- Insurance policy and claim information (when provided)
- Payment and billing information (processed securely via Stripe)
- Business registration details, ABN, licences (for contractors)
- Photos and documents uploaded to the platform
Technical Information
We automatically collect certain technical information when you use our platform:
- IP address and approximate geolocation
- Browser type, version, and operating system
- Device type and screen resolution
- Pages visited, navigation paths, and session duration
- Referring website or source
- Cookies and similar tracking technologies (see our Cookie Policy)
Sensitive Information
We do not generally collect sensitive information (as defined in the Privacy Act 1988). If we ever need to collect sensitive information (for example, health information relevant to a disaster recovery claim), we will obtain your explicit consent prior to collection and handle it in accordance with APP 3.3 / IPP 4.
2. How We Use Your Information
APP 6 — Use or Disclosure of Personal Information | IPP 10
Service Delivery
Match you with qualified contractors, manage your projects, process payments, and provide customer support.
Communication
Send transactional notifications, project updates, account alerts, and (with your consent) marketing communications.
Safety & Compliance
Protect against fraud, verify identities, comply with legal obligations, enforce our terms, and maintain platform security.
Platform Improvement
Analyse usage patterns, conduct research, improve our services, and develop new features (using anonymised and aggregated data where possible).
Legal Obligations
Respond to lawful requests from regulators, law enforcement, and government authorities; comply with taxation and reporting requirements.
3. Information Sharing & Protection
APP 6 & 11 — Disclosure & Security | IPP 10–11
When We Share Information
With Contractors
We share only the project details necessary for contractors to provide quotes and services (e.g., property address, damage type, photos). We do not share your full personal details until you accept a contractor.
Service Providers
Trusted third-party service providers who assist in operating our platform, including hosting (Vercel), payment processing (Stripe), analytics (Google Analytics), and email delivery services.
Legal Requirements
When required by law, court order, subpoena, or to protect our rights, property, or the safety of our users and the public.
Business Transfers
In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.
Security Measures (APP 11 / IPP 5)
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure:
While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
4. Cross-Border Data Disclosure
APP 8 — Cross-border Disclosure | IPP 11 — Disclosure Outside NZ
Where We Store & Process Data
Our primary data storage is within Australia. However, some of our third-party service providers may store or process data in other countries, including:
- United States — Cloud hosting (Vercel), payment processing (Stripe), analytics (Google)
- New Zealand — Service delivery to NZ-based users and contractors
- European Union — Some infrastructure providers with EU data centres
Safeguards
Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient:
- Is subject to a law or binding scheme substantially similar to the APPs/IPPs
- Has contractual obligations to handle data in compliance with Australian and NZ privacy standards
- Implements appropriate technical and organisational security measures
We remain accountable under APP 8 and IPP 11 for the handling of your personal information by overseas recipients.
5. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. When personal information is no longer needed, we will take reasonable steps to destroy or de-identify it (APP 11.2 / IPP 9).
Active
Account Data
Retained while your account is active
7 Years
Financial Records
As required by ATO and tax legislation
3 Years
Project Records
After project completion or account closure
90 Days
Log Data
Server logs and analytics data
6. Cookies & Tracking
We use cookies and similar tracking technologies to enhance your experience, analyse platform usage, and support our marketing efforts. Cookies are small text files stored on your device when you visit our website.
For detailed information about the types of cookies we use, how to manage your cookie preferences, and third-party cookies, please see our full Cookie Policy .
7. Marketing Communications
Spam Act 2003 (Cth) & Unsolicited Electronic Messages Act 2007 (NZ)
Consent & Opt-In
We comply with the Spam Act 2003 (Cth) and the Unsolicited Electronic Messages Act 2007 (NZ). We will only send you commercial electronic messages (marketing emails, SMS, or similar) where:
- You have provided express or inferred consent
- The message clearly identifies us as the sender
- The message includes a functional unsubscribe mechanism
Opting Out
You may opt out of receiving marketing communications at any time by:
- Clicking the "unsubscribe" link in any marketing email
- Updating your communication preferences in your account settings
- Contacting our privacy team online
We will process opt-out requests within 5 business days. Please note that opting out of marketing communications does not affect transactional messages related to your account or active projects.
8. Children's Privacy
Our platform is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will take immediate steps to delete that information from our records. If you believe we may have collected information from a child under 16, pleasecontact our privacy team online.
9. Your Privacy Rights
APP 12–13 — Access & Correction | IPP 6–7
Australian Users
Under the Australian Privacy Principles, you have the right to:
Access Your Data (APP 12)
Request access to the personal information we hold about you
Correct Information (APP 13)
Request correction of inaccurate, incomplete, or out-of-date information
Complain (APP 1)
Lodge a complaint with us or with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au
Delete Account
Request deletion of your account and associated personal information
Opt Out of Marketing
Unsubscribe from marketing communications at any time
New Zealand Users
Under the New Zealand Privacy Act 2020, you additionally have the right to:
Access Your Information (IPP 6)
Request confirmation of whether we hold information about you and access to it
Request Correction (IPP 7)
Request correction of personal information that is inaccurate, misleading, or incomplete
Complain to NZ Privacy Commissioner
Lodge a complaint with the Privacy Commissioner of New Zealand at www.privacy.org.nz
Notifiable Privacy Breaches
We will notify affected individuals and the NZ Privacy Commissioner of any notifiable privacy breach as required by Part 6 of the Privacy Act 2020
We will respond to access and correction requests within 20 business days (Australia) or 20 working days (New Zealand). In limited circumstances, we may refuse a request, but we will provide written reasons for the refusal.
10. Privacy Complaints & Contact
Contact Our Privacy Team
For privacy questions, access requests, or complaints
Privacy Officer
Disaster Recovery Pty Ltd
Australia-wide · AI-automated online
Complaints Process
Step 1: Contact Us
Contact our privacy team online. We will acknowledge receipt within 2 business days.
Step 2: Investigation
We will investigate your complaint and provide a response within 30 days.
Step 3: External Review
If unsatisfied, you may complain to the OAIC (Australia) at www.oaic.gov.au or the Privacy Commissioner (NZ) at www.privacy.org.nz.
Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be notified via email or a prominent notice on the platform at least 14 days before they take effect. The "Last updated" date at the top of this page indicates when this policy was last revised. We encourage you to review this policy periodically.