← Back to DealPage

Privacy Policy

Last updated: February 2026

1. About This Policy

This Privacy Policy explains how DealPage, a technology platform operated by Invyt.io, collects, uses, and protects your personal information. DealPage acts as an orchestrator enabling freelancers and service providers to transact directly with their clients. We are committed to complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Lawful Basis for Processing

We process your personal information on the following lawful bases:

  • Consent: Where you have given clear consent for us to process your personal information for a specific purpose (e.g., marketing communications)
  • Contractual necessity: Where processing is necessary for the performance of a contract with you, including providing the Platform, processing payments, and managing your account
  • Legitimate interest: Where processing is necessary for our legitimate business interests, such as improving the Platform, preventing fraud, ensuring security, and conducting analytics, provided these interests are not overridden by your rights
  • Legal obligation: Where processing is necessary to comply with applicable laws, including tax reporting and regulatory requirements

3. Information We Collect

We collect the following types of information:

  • Account information: Name, email address, and profile photo via Google OAuth sign-in
  • Business information: Display name, business name, logo, bio, website, and brand colour that you provide in your settings
  • Deal content: Project proposals, scope descriptions, pricing tiers, invoices, and client details that you create
  • Payment information: Transaction records processed through Stripe. DealPage does not store credit card numbers directly
  • Usage data: Page views, feature interactions, deal view counts, and session data collected to improve the Platform

4. How We Use Your Information

We use your information to:

  • Provide and operate the Platform, including deal pages, invoicing, and payments
  • Facilitate transactions via Stripe Connect between service providers and their clients
  • Send transactional emails including deal notifications, payment confirmations, and payment reminders via Resend
  • Monitor errors and Platform stability via Sentry
  • Improve the Platform based on aggregate usage patterns
  • Enforce our Terms of Service and prevent fraud

We do not sell your personal information to third parties.

5. Third-Party Services

We share data with the following service providers, each under their own privacy policies:

  • Stripe — Payment processing and Stripe Connect for freelancer payouts
  • Google — OAuth authentication for sign-in
  • Resend — Transactional email delivery (deal notifications, payment reminders)
  • Vercel — Application hosting and edge functions
  • Turso — Database storage (libSQL)
  • Sentry — Error tracking and performance monitoring
  • Vercel Blob — Logo and image storage

6. Data Storage and Security

Your data is stored in Turso (libSQL) databases with encryption at rest and in transit. Payment data is processed and secured by Stripe in accordance with PCI DSS standards. We implement appropriate technical and organisational measures to protect your information, including HTTPS encryption, secure authentication, and access controls.

7. Data Breach Notification

In the event of a data breach that is likely to result in serious harm to you, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) within 30 days, in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. Notification will include the nature of the breach, the types of information involved, and recommended steps you can take to protect yourself.

8. Cookies

DealPage uses the following types of cookies:

  • Session cookies: Required for authentication via NextAuth (Google OAuth)
  • Preference cookies: Used to remember your settings and theme preferences

We do not use advertising cookies, third-party tracking cookies, or behavioural targeting cookies.

9. Data Retention

We retain your data for as long as your account is active. After account deletion, we remove your personal data within 30 days, except where retention is required by law (e.g., financial transaction records retained for 7 years under Australian tax law). Anonymised, aggregate data may be retained indefinitely for analytics.

10. Your Rights

Under the Australian Privacy Act, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your account and personal data
  • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you are unsatisfied with how we handle your data

To exercise these rights, contact us at the email below. We will respond within 30 days.

11. Children's Privacy

DealPage is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at privacy@invyt.io.

12. Automated Decision-Making

DealPage does not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. All material decisions regarding your account, access, or services are made by human operators.

13. International Data Transfers

Some of our service providers (Stripe, Vercel, Resend, Sentry) may process data outside Australia, including in the United States. We ensure these transfers comply with the APPs by using providers with appropriate data protection commitments.

14. Third-Party Links

The Platform may contain links to third-party websites or services that are not operated by DealPage. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We strongly advise you to review the privacy policy of every site you visit.

15. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or through the Platform. Continued use after changes constitutes acceptance of the updated policy.

16. Contact

For privacy-related questions or to exercise your rights, contact us at privacy@invyt.io.

For general support enquiries, contact us at support@invyt.io.

You may also contact the Office of the Australian Information Commissioner at www.oaic.gov.au.