Skip to content

Legal

Privacy Policy

Last updated: May 2026

How FIFO Planner collects, uses, and protects your personal information under the Australian Privacy Act 1988.

1. Introduction

FIFO Planner is operated by Sahil Kumar, a sole trader based in Western Australia, Australia (“we”, “us”, “our”).

We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what personal information we collect, why we collect it, how we use and store it, and your rights in relation to it.

By using the Service, you consent to the collection and use of your information as described in this policy.

2. Information We Collect

We collect the following categories of information:

Account information

When you create an account, we collect your email address and, if you choose to provide it, a display name. This information is required to create and authenticate your account.

Roster data

We collect the roster data you create within the Service: swing patterns, dates, shift events, public holiday overlays, and any custom notes or events you add. This data is stored to provide the Service to you.

Payment information

If you subscribe to Pro, payment is processed by Stripe. Stripe collects and stores your payment card details under their own PCI-compliant systems. We receive only a payment token, a masked card number (e.g. **** **** **** 4242), and billing confirmation from Stripe. We never store your full card number, CVV, or raw payment credentials on our systems.

Device and browser information

We collect anonymised page-view and referrer data through Vercel Analytics. No personally identifiable information is collected through this mechanism — see the Analytics section for details. Your IP address may be processed by Vercel's infrastructure for request routing and security purposes but is not retained in identifiable form.

Local storage

Roster data may be stored in your browser's local storage for offline access. This data remains on your device. When you are signed in and connected, data syncs to our servers. If you are using the Service without an account, your data stays on-device only and is never transmitted to us.

3. How We Use Your Information

We use the information we collect to:

  • Operate the Service — authenticate your account, store and retrieve your roster data, and process subscription payments.
  • Communicate with you — respond to support enquiries, send transactional emails (account confirmations, password resets), and notify you of material changes to these policies where required.
  • Improve the Service — analyse aggregated, anonymised usage patterns to understand how the Service is used and where to improve it.

We do not use your personal information for advertising, behavioural profiling, or to train artificial intelligence or machine learning models.

4. Third-Party Service Providers

We share minimal personal information with the following providers to operate the Service:

  • Supabase — database and user authentication. Acts as a data processor on our behalf; stores your account email and roster data. Supabase Privacy Policy
  • Vercel — application hosting and edge delivery. Acts as a data processor on our behalf; processes web requests and provides privacy-preserving analytics. Vercel Privacy Policy
  • Stripe — payment processing for Pro subscriptions. Stripe is an independent data controller: they collect and process your payment card details under their own PCI-compliant systems and privacy policy. We receive only a payment token and masked card information from Stripe. Stripe Privacy Policy

None of these providers receive your personal information for their own marketing purposes. We do not use advertising networks, tracking platforms, or data brokers.

Cross-border data transfers

Our service providers operate infrastructure internationally. Supabase stores your data in ap-southeast-2 (Sydney, Australia); however, Vercel and Stripe may process data in the United States and other countries. Under Australian Privacy Principle 8, we have taken reasonable steps to ensure each provider maintains data handling standards comparable to the APPs — each holds SOC 2 Type II certification and operates under binding contractual data protection obligations.

5. Data Storage and Security

Your account and roster data is stored in Supabase infrastructure, located in ap-southeast-2 — Asia Pacific (Sydney, Australia).

Data is encrypted in transit using TLS and encrypted at rest by Supabase's infrastructure. The Service is hosted on Vercel's global edge network with automatic HTTPS enforcement.

While we apply industry-standard security practices, no system is completely secure. We cannot guarantee absolute protection against all threats, including sophisticated cyberattacks beyond our reasonable control.

In the event of a data breach that is likely to result in serious harm to affected individuals, we will notify those individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme (Privacy Act 1988, Part IIIC).

6. Data Retention

  • Active accounts: We retain your account information and roster data for as long as your account is active and the Service is operating.
  • Deleted accounts: When you delete your account, we will remove your personal information and roster data within 30 days of closure.
  • Legal retention: Certain records may be retained longer where required by law — for example, financial and transaction records may be retained for 5–7 years under Australian taxation law, even after account closure. These records will be limited to the minimum required and will not be used for any other purpose.
  • Anonymised data: Aggregated, anonymised analytics data (e.g. page-view counts) cannot identify you and may be retained indefinitely.

7. Your Rights

Under the Australian Privacy Act 1988, you have the following rights in relation to your personal information:

  • Access — You may request a copy of the personal information we hold about you.
  • Correction — You may request that we correct personal information that is inaccurate, out of date, incomplete, or misleading.
  • Deletion — You may request deletion of your account and associated personal information, subject to any legal retention requirements.
  • Data Export — You can export your roster data at any time via the ICS export feature built into the Service.

To exercise any of these rights, contact us via the contact page. We will respond within 30 days. We may need to verify your identity before fulfilling a request to protect against unauthorised access.

8. Cookies and Local Storage

Cookies

We use essential cookies for session management and authentication, set by Supabase Auth. These cookies are strictly necessary for the Service to function — you cannot opt out of them while using the Service. They do not track you across other websites and do not persist beyond what is needed for your session.

We do not use tracking cookies, advertising cookies, or any cookie that collects personal information for non-essential purposes.

Local storage

Your browser's local storage may be used to cache roster data for offline access. This data stays on your device and is only synced to our servers when you are signed in and have an active connection. You can clear local storage at any time through your browser's settings, though this will remove cached offline data.

9. Analytics

FIFO Planner uses Vercel Analytics to understand how the Service is used at an aggregate level.

Vercel Analytics is privacy-preserving by design:

  • It does not use cookies.
  • It does not track users across websites.
  • IP addresses are anonymised before any data is recorded.
  • No personally identifiable information is collected.

The data we receive is limited to aggregated page-view counts and referrer information. Individual users cannot be identified from this data. You do not need to opt out — no personal data is collected through this system.

10. No Advertising or Data Sales

We do not sell, rent, trade, or share your personal information with third parties for marketing or advertising purposes.

FIFO Planner does not display advertising. We do not use advertising networks, retargeting platforms, or data brokers. Your data is used exclusively to provide and improve the Service.

11. Children's Privacy

FIFO Planner is intended for use by individuals aged 18 and over. The Service is not directed at children under 18 years of age, and we do not knowingly collect personal information from children.

If you believe a child under 18 has provided us with personal information, please contact us via the contact page and we will delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. For material changes, we will notify registered users at least 14 days before the changes take effect, by email or in-app notice.

Continued use of the Service after changes take effect constitutes acceptance of the revised policy. The “Last updated” date at the top of this page reflects when the policy was last revised.

13. Contact and Complaints

For questions about this Privacy Policy or to exercise your privacy rights, contact us via the contact page.

Operator: Sahil Kumar, operating as FIFO Planner (sole trader, Western Australia, Australia). ABN 79 319 956 75.

If you are not satisfied with how we have handled a privacy concern, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):