Privacy Policy

Last updated: 28 May 2026

This Privacy Policy explains how SIMPLYSAAS PTY. LTD. trading as Leadkit (“we”, “us”, “our”) collects, uses, discloses and protects personal information. We are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”). Where the EU/UK General Data Protection Regulation (“GDPR”) applies to an individual, we also aim to meet equivalent obligations.

1. Two categories of personal information

It is important to understand the two different ways personal information flows through Leadkit:

1. Customer account data — information about the businesses (and their team members) who subscribe to Leadkit. For this data, we are the data controller / APP entity.
2. Lead data— information submitted by website visitors (“End Users”) through calculators that our business customers publish. For this data, our business customer is the controller and Leadkit acts only as a processoron that customer’s instructions. If you are an End User and want to access, correct or delete your information, you should contact the business whose calculator you used. We will assist that business as their processor.

2. Information we collect

2.1 Customer account data (we are controller)

• name, email address, phone number;
• business name, ABN, address, logo and branding;
• account credentials and team/role information;
• billing information (payment is processed by Stripe; we do not store full card numbers);
• usage data, log data, device and browser information, and IP address.

2.2 Lead data (we are processor)

• End User name, email and phone number;
• location and job details submitted through a calculator;
• calculator inputs and generated outputs (including PDFs);
• technical metadata such as IP address and reCAPTCHA risk signals used for spam protection.

3. How we collect information

We collect information directly from you when you register, subscribe, configure calculators or contact us; from End Users when they use a calculator; and automatically through cookies and similar technologies (see our Cookie Policy).

4. Why we collect, hold, use and disclose information

For customer account data, we use information to:

• provide, operate, maintain and improve the Service;
• process subscriptions, billing and renewals;
• send service, security and account communications;
• provide support and respond to enquiries;
• detect, prevent and address fraud, abuse and security issues;
• comply with legal obligations.

For lead data, we process it only to provide the Service to our business customer — for example, storing the lead, generating PDFs, sending confirmation and notification emails, and displaying leads in the customer’s dashboard. We do not use lead data for our own purposes.

5. Disclosure to third parties (our service providers)

We disclose personal information to trusted service providers who help us run the Service, including:

• Stripe — payment processing;
• SMTP2Go — transactional email delivery;
• Vercel — application hosting;
• Supabase — database and file storage;
• Google reCAPTCHA — spam and abuse prevention;
• PostHog — product analytics on our website and public quote pages.

We require these providers to protect personal information consistently with this policy and applicable law. We do not sell personal information.

6. Cross-border disclosure (APP 8)

Some of our service providers operate globally and may store or process personal information outside Australia, including in countries such as the United States and the European Union. The specific locations are determined by each provider and may change over time. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles it consistently with the Australian Privacy Principles.

You can review where each provider stores and processes data, and the safeguards they apply, in their own privacy and data-processing information:

• Stripe — stripe.com/privacy
• SMTP2Go — smtp2go.com/privacy
• Vercel — vercel.com/legal/privacy-policy
• Supabase — supabase.com/privacy
• Google reCAPTCHA — policies.google.com/privacy
• PostHog — posthog.com/privacy

7. Cookies and tracking

We use cookies and similar technologies to operate and secure the Service. See our Cookie Policy for details, including our use of Google reCAPTCHA v3.

8. Data retention

We keep personal information only for as long as necessary for the purposes described in this policy, or for as long as required or permitted by law. When personal information is no longer needed, we take reasonable steps to destroy or de-identify it.

• Customer account data — retained while your account is active and for a reasonable period after closure to meet legal, tax, accounting and dispute-resolution obligations.
• Lead data (held as processor)— retained on behalf of, and at the direction of, the business customer who controls it. We retain it while that customer’s account is active or until the customer instructs us to delete it, after which it is deleted within a reasonable period.
• Generated PDFs and email records — retained for as long as the related lead or account is retained.
• Audit and security records — our platform keeps an activity and audit log that individual users cannot delete, so that records of actions taken in an account remain reliable. We retain these records for as long as necessary for security, fraud prevention, accountability and legal purposes.

9. Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure, including access controls, encryption in transit, and restricted role-based access. No system is completely secure, and we cannot guarantee absolute security.

10. Your rights and choices

10.1 Under the Privacy Act / APPs

You may request access to, and correction of, the personal information we hold about you. We will respond within a reasonable period and may need to verify your identity.

10.2 Where GDPR applies

If you are in a jurisdiction where the GDPR applies, you may have additional rights, including the right to erasure, restriction, portability and to object to certain processing, and the right to lodge a complaint with a supervisory authority.

10.3 End User requests

If you submitted information through a business’s calculator, please direct access, correction or deletion requests to that business (the controller). We will support them as their processor.

11. Direct marketing

We may send you service-related communications. Any marketing communications will include an unsubscribe option, and you can opt out at any time. We handle marketing consistently with the Spam Act 2003 (Cth) and the APPs.

12. Complaints

If you believe we have breached the APPs or mishandled your personal information, please contact us using the details below.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date.

14. Contact us

Privacy enquiries and requests:
SIMPLYSAAS PTY. LTD. trading as Leadkit
Email: support@leadkit.com.au
Contact form: leadkit.com.au/contact

This Privacy Policy is a template only and does not constitute legal advice. It must be reviewed by a qualified Australian legal professional before publication. Areas needing particular attention: cross-border disclosure (APP 8), the controller/processor split for lead data, GDPR coverage, and retention periods.