Privacy Policy

Effective date: 29 May 2026  ·  Last updated: 29 May 2026

1. Introduction

snowglo (ABN [TBC]) ("snowglo", "we", "us", "our") respects your privacy and is committed to protecting personal information collected through our website, platform, and services.

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, how we protect it, and the rights you have in relation to it. It is intended to meet our obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using our website or services, you acknowledge that you have read and understood this Policy.

Note for clients: Our handling of your business data (including data ingested from your Xero, inventory, and spreadsheet sources) is governed by both this Policy and the Client Service Agreement signed between you and snowglo. Where the two documents conflict in respect of client business data, the Client Service Agreement prevails.

2. What information we collect

2.1 From our clients (the businesses using snowglo)

  • Business name, ABN, postal and billing address
  • Contact details for authorised users (name, work email, role, phone)
  • Authentication credentials (passwords are hashed; API keys and OAuth tokens are encrypted at rest)
  • Billing information — payment card and bank account details are collected and held by our payment processors (Stripe and/or GoCardless); snowglo does not store full payment details on our own systems

2.2 From our clients' connected source systems

Once a client authorises snowglo to connect to their business systems (Xero, Unleashed, Shopify, Google Sheets, and similar), we ingest data necessary to deliver the service, including:

  • Sales transactions, invoices, and credit notes
  • Customer and supplier names and contact details
  • Product catalogue, pricing, and margin data
  • Inventory levels, shipment, and warehouse records
  • Forecast, budget, and general ledger data

This data is the client's data. To the extent it contains personal information about the client's own customers, suppliers, or employees, snowglo processes it on behalf of the client and in accordance with the Client Service Agreement.

2.3 From website visitors

  • IP address and approximate location (city/region) derived from it
  • Browser type, device type, operating system, and language
  • Referring URL, pages visited, time spent, and clickstream within snowglo.au
  • Any information you choose to submit through forms — for example, name, work email, company, and message content when requesting a demo or contacting us

2.4 Sensitive information

snowglo does not seek and does not require sensitive information (as defined in the Privacy Act) to deliver its services. If you choose to provide it, you do so at your own discretion and we will handle it in accordance with APP 3.

3. How we use this information

3.1 Client and source-system data

  • To provide and operate the snowglo platform, including the AI analyst feature
  • To generate analytics, insights, and answers in response to the client's queries
  • To provide customer support and respond to service requests
  • To monitor service performance, detect abuse, and maintain security
  • To improve service quality using aggregated and de-identified metrics only
  • To comply with our legal, regulatory, and contractual obligations

3.2 Personal data of authorised users

  • To authenticate users and control access
  • To send service-related communications (e.g. service updates, security notices, billing notices)
  • To respond to support and account requests
  • To send marketing communications about snowglo — only where you have opted in, and you can opt out at any time using the link in each marketing email or by emailing us

3.3 Website visitor data

  • To understand how visitors use the site and improve it
  • To produce aggregated analytics reporting — we do not link website analytics to individuals

4. Legal bases for processing

Where the Privacy Act applies, we collect and use personal information because:

  • It is reasonably necessary to provide a service you (or your employer) have engaged us to provide;
  • You have consented to the collection (for example, by submitting a contact form or opting in to marketing); or
  • We are required or authorised by Australian law to do so.

5. How we share information

snowglo does not sell personal information.

We share information only in the following circumstances:

5.1 Sub-processors and service providers

We engage a small number of carefully selected providers to deliver snowglo. Each is bound by contract to handle data only on our instructions and to apply equivalent protections to those we apply ourselves.

ProviderPurposeLocation of processing
Google Cloud Platform (Cloud Run, Secret Manager)Application hosting and computeAustralia (Sydney region)
Supabase (managed PostgreSQL)Data warehousing per clientAustralia (Sydney region)
Anthropic (Claude API)AI analyst — natural-language queries over client dataUnited States
Stripe and/or GoCardlessBilling and paymentsAustralia / United States / United Kingdom (per processor)
Google Analytics (or equivalent)Aggregated website analyticsUnited States

A current list of sub-processors is available on request from privacy@snowglo.au.

5.2 Authorised users within your organisation

Data within a client tenant is visible to other users in that same tenant according to the access permissions the client configures.

5.3 Legal disclosures

We may disclose information where required by law — for example, in response to a valid court order, subpoena, or lawful request from an Australian regulator or law enforcement agency.

5.4 Business transfers

In the event of a sale, merger, restructure, or acquisition of snowglo, information may be transferred to the successor entity. We will notify clients in advance where this is reasonably practicable.

5.5 Who we do not share data with

  • Other snowglo clients — each client's data is logically isolated at the database level (separate PostgreSQL schemas per client tenant)
  • Advertising networks or marketing companies
  • Data brokers or list-sellers
  • Any third party for purposes unrelated to delivering snowglo

6. AI processing and the use of Anthropic Claude

snowglo uses Anthropic's Claude API to generate answers in response to client queries. Where a client query requires it, relevant client data (or relevant subsets, including schema, sample rows, or aggregated results) is sent to Anthropic for processing.

We have configured this integration so that:

  • Client data is not used to train Anthropic's models. This is governed by Anthropic's Commercial Terms of Service and Data Processing Addendum.
  • Anthropic does not retain client data beyond the operational retention windows set out in its terms for trust and safety purposes.
  • Inputs and outputs are transmitted over TLS-encrypted channels.
  • We send the minimum data necessary to answer a given query, and prefer query-result summaries over raw data exports where the result is equivalent.

If you would like a copy of Anthropic's terms or Data Processing Addendum, contact privacy@snowglo.au.

7. How we store and protect information

  • All snowglo application data is hosted in Google Cloud Platform's Australian region (Sydney).
  • Data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent provider-managed encryption).
  • Authentication credentials are hashed (passwords) or encrypted (API keys and OAuth tokens), with secrets managed via Google Secret Manager.
  • Access to production systems is restricted to authorised snowglo personnel using the principle of least privilege and role-based access control. Privileged access is logged and reviewed.
  • Each client tenant's data is logically isolated in its own PostgreSQL schema on Supabase. Cross-tenant access is structurally prevented in our application layer.
  • We conduct regular reviews of access, logs, and dependencies, and patch security-relevant updates on a defined cadence.

No system can be guaranteed 100% secure. If we become aware of an eligible data breach as defined under the Notifiable Data Breaches scheme, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.

8. How long we retain information

CategoryRetention
Active client data (including connected-source data)For the term of the Client Service Agreement plus 90 days
Terminated client dataDeleted within 90 days of termination, except where retention is required by law or to resolve a dispute
Authorised user account recordsFor the life of the account plus 90 days
Billing and tax records7 years (as required by the Income Tax Assessment Act and related tax law)
Website analyticsUp to 25 months (the Google Analytics default), in aggregated form
Marketing contact listsUntil you opt out, after which we retain a suppression record only
BackupsEncrypted backups are retained for up to 35 days for disaster-recovery purposes; deletion requests are honoured in production immediately and propagate as backups roll over

Where personal information is no longer required and we are not legally obliged to retain it, we delete or de-identify it.

9. International data transfers

Some of our service providers are based outside Australia (see section 5.1). When personal information is transferred overseas:

  • We take reasonable steps to ensure the overseas recipient handles the information consistently with the APPs;
  • We rely on the recipient's contractual commitments (data processing agreements, standard contractual clauses where applicable, and equivalent safeguards).

By using snowglo, you acknowledge that this overseas processing may occur. If you require Australian-only processing for regulatory reasons, contact us — for some workloads this is feasible.

10. Your rights

Under Australian privacy law, you have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate, out-of-date, incomplete, or misleading information;
  • Request deletion of your personal information, subject to legal and contractual retention requirements;
  • Withdraw consent for marketing communications at any time;
  • Make an anonymous or pseudonymous enquiry about our handling of personal information, where lawful and practicable; and
  • Lodge a complaint with us, and if dissatisfied with our response, with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or on 1300 363 992.

To exercise any of these rights, contact privacy@snowglo.au. We will respond within a reasonable period — generally within 30 days — and will verify your identity before acting on a request.

If you are an end-user whose personal information appears in a snowglo client's data (for example, you are a customer of one of our clients), please direct access and deletion requests to that client in the first instance. We will assist the client as their processor.

11. Cookies and tracking

We use a minimal set of cookies and similar technologies:

  • Strictly necessary cookies — for authentication, security, and session management. The site does not function without these.
  • Analytics cookies — anonymised, used to understand aggregate usage of snowglo.au.

We do not use:

  • Advertising or retargeting cookies
  • Third-party behavioural-profiling trackers
  • Cross-site tracking pixels

You can disable non-essential cookies through your browser settings. Doing so will not affect your ability to use the snowglo platform.

12. Children

snowglo is a business product and is not directed to children. We do not knowingly collect personal information from anyone under the age of 16. If you believe we have inadvertently done so, contact us and we will delete it.

13. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this Policy reflects the most recent revision.

  • Minor changes (clarifications, formatting): posted to this page without further notice.
  • Material changes (changes to the categories of data we collect, the purposes we use it for, or sub-processors handling it): notified to active clients by email at the address on file at least 14 days before the change takes effect.

Continued use of the service after a change takes effect constitutes acceptance of the updated Policy.

14. Contact us

Questions, requests, or complaints about this Privacy Policy or our handling of personal information:

snowglo
Email: privacy@snowglo.au
General enquiries: hello@snowglo.au
Website: snowglo.au
ABN: [TBC]
Registered address: [TBC]

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au or on 1300 363 992.