Privacy policy

Last updated: April 2026

This privacy policy explains how Tysoft Pty Ltd (“we”, “us”, “our”) collects, uses, stores, and discloses personal information when you visit our website at tysoft.co, contact us, or engage us for software services. We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and where applicable, the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA / CPRA).

1. Who we are

Tysoft Pty Ltd is an independent software engineering practice operating from Coffs Harbour, NSW, Australia. ABN 15 681 756 696. The contact details for any privacy enquiry are listed in section 10 below.

2. Information we collect

We collect personal information only for the purposes described in this policy:

2.1 Information you provide directly

• Contact form submissions — your name, email address, company name (optional), the topic you select, and the contents of your message.
• Email and phone correspondence — the contents of any email or call you exchange with us.
• Engagement data — if we enter into a paid engagement, we collect the contractual and billing information needed to deliver the work and issue invoices, including business name, address, ABN or equivalent, and the names and contact details of project stakeholders.

2.2 Information collected automatically

• Server logs — when you visit the site, our hosting provider records standard request data including your IP address, user agent, referrer, and the URLs you access. This is used to operate the site and to investigate abuse or security incidents.
• Cookies — this website does not use tracking, advertising, or analytics cookies. A small number of strictly functional cookies may be set by the hosting platform to operate the site.

3. How we use your information

We use personal information for the following purposes:

• To respond to enquiries you send via the contact form, email, or phone.
• To negotiate, contract, deliver, and invoice software engineering services.
• To comply with our legal, tax, and accounting obligations in Australia.
• To operate, secure, and improve this website.

We do not sell, rent, or trade personal information. We do not use personal information for profiling, behavioural advertising, or automated decision-making.

4. Legal bases for processing (EEA / UK visitors)

Where the GDPR or UK GDPR applies, we rely on the following legal bases: (i) consent when you submit the contact form or otherwise initiate contact; (ii) performance of a contract when delivering services to you or your organisation; (iii) legal obligation for tax, invoicing, and record-keeping requirements; and (iv) legitimate interests in operating, securing, and improving our website, where those interests are not overridden by your rights and freedoms.

5. Sharing with third parties

We share personal information only with service providers who help us run the practice, and only to the extent necessary. Our principal sub-processors are:

• Hosting and email — providers used to host this website and operate our business email.
• Payments and invoicing — Stripe, Inc. and its affiliates, which we use to process invoices and payments. Stripe’s privacy policy is available at stripe.com/privacy.
• Accounting — accounting and bookkeeping software used to maintain our financial records, and our external accountant.

We may also disclose personal information where required by law, court order, or to protect our legal rights. We do not transfer personal information to other parties for marketing purposes.

6. International data transfers

Some of our service providers (including Stripe) are located outside Australia, including in the United States and the European Economic Area. Where personal information is transferred overseas, we take reasonable steps to ensure the recipient handles it consistently with the Australian Privacy Principles, including by relying on Standard Contractual Clauses or equivalent mechanisms where appropriate.

7. Data retention

We retain personal information only for as long as necessary for the purposes described in this policy or as required by law. Contact form submissions that do not lead to an engagement are deleted within 24 months. Records related to paid engagements (including contracts and invoices) are retained for a minimum of seven years to satisfy Australian tax record-keeping obligations.

8. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. This includes the use of encrypted connections (HTTPS), reputable hosting and payments providers, access controls on accounting and engagement systems, and strong authentication for our own accounts. No method of electronic transmission or storage is fully secure, and we cannot guarantee absolute security.

9. Your rights

You have the right to:

• Request access to the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Request deletion of your information, subject to our legal record-keeping obligations.
• Object to or restrict certain processing (where the GDPR applies).
• Withdraw consent at any time (where processing is based on consent).
• Lodge a complaint with a privacy regulator. In Australia, this is the Office of the Australian Information Commissioner (oaic.gov.au).

10. Contact us

To exercise any of the rights above, or to ask any question about this privacy policy, please contact:

Tysoft Pty Ltd
Email: hello+privacy@tysoft.co

11. Changes to this policy

We may update this privacy policy from time to time. The “Last updated” date at the top of this page indicates when the most recent change was made. Material changes will be communicated by updating this page and, where appropriate, by direct notice to active engagement clients.