Last Updated: May 2026

1. Open and Transparent Management of Information

CatchmentFlow is committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy outlines how we collect, handle, and secure B2B information.

2. What We Collect, Metadata Monitoring & Sub-Processors

We only collect information reasonably necessary to provide our SaaS product and enforce our licensing agreements.

Account & Billing: We collect basic account creation data (name, company name, and business email). Your billing information is processed securely via our payment gateway (PayPal); we do not store full credit card numbers or financial details on our servers.

Compliance Metadata: To protect our intellectual property and enforce authorized usage (including our Brisbane-wide coverage limits), we employ automated monitoring. This is strictly limited to metadata—specifically IP addresses, login timestamps, and data request volumes.

Sub-processors: To deliver these services securely, we utilize trusted third-party sub-processors, including PayPal (for secure subscription and recurring payment processing), GoHighLevel (for internal CRM and account communication), and Google (for the delivery and hosting of your dedicated Google My Maps and Google Sheets). Each of these sub-processors maintains their own strict privacy, security, and compliance standards.

3. Data Sovereignty & "Zero-Access" Policy

CatchmentFlow is strictly a "Zero-Access" platform. We do not require, request, or support API integration with your private CRM or customer databases. Any private business data you utilize alongside our maps (e.g., manually pasting into your duplicated Google Sheets) remains under your control. CatchmentFlow does not monitor, "see", scrape, or store your customer names, private job history, or proprietary lead lists.

Transient Processing of Addresses: When you manually paste a property address into your CatchmentFlow Google Sheet to run a risk profile, our backend systems access that address strictly for the split-second required to query spatial databases and return the risk score. We employ "in-memory" processing. We do not monitor, log, or permanently store the addresses you search, nor do we ever see or request your private customer names, phone numbers, or job histories.

4. Cross-Border Disclosures

CatchmentFlow is operated and supported by a founder based in the Philippines. By using our service to manage your subscription, you consent to the processing of your basic account and billing information offshore (safeguarded by our sub-processors and internal security protocols).

End-Customer Protection: Because we utilize transient processing and do not store the private job addresses you search (as outlined in Section 3), your private end-customer data does not cross borders or reside on our international servers. Your proprietary customer lists remain entirely within your own Google Workspace and CRM environments.

5. Data Security and Destruction

We take all reasonable technical and administrative steps to protect your account information from unauthorized access or misuse. In accordance with APP 11, if you cancel your subscription, any personal account data that is no longer required for legal, tax, or accounting purposes will be securely destroyed or permanently de-identified.

6. Contact Us

If you have any questions about this policy or wish to request the deletion of your account data, please contact us at [email protected].