%20scale(0.100000,-0.100000)'%20fill='%23FF0000'%20stroke='none'%3e%3cpath%20d='M0%20160%20l0%20-160%20160%200%20160%200%200%20160%200%20160%20-160%200%20-160%200%200%20-160z%20m280%20105%20c22%20-20%2026%20-56%2010%20-85%20-19%20-35%20-92%20-70%20-148%20-70%20-48%200%20-51%20-2%20-57%20-29%20-7%20-35%20-29%20-55%20-50%20-48%20-12%205%20-13%2011%20-1%2044%207%2021%2011%2044%208%2052%20-2%207%200%2016%205%2020%205%203%2018%2031%2029%2061%2017%2049%2023%2056%2059%2067%2051%2016%20120%2010%20145%20-12z'/%3e%3cpath%20d='M154%20243%20c-14%20-3%20-25%20-16%20-33%20-42%20-15%20-53%20-16%20-51%2033%20-51%2069%200%20120%2052%2084%2088%20-12%2012%20-41%2014%20-84%205z'/%3e%3c/g%3e%3c/svg%3e)
Privacy Policy
Last updated: March 2026
1. Introduction
PascoCloud, operated by Nigel Pasco ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our construction management platform and related services ("Service").
2. Information We Collect
2.1 Information You Provide
We collect information you directly provide to us, including:
- Account Information: Name, email address, company details, job title
- Profile Data: Display name, profile picture, contact preferences, profile settings
- Organisation Data: Organisation name, logo, office locations, member roles
- Project Content: Construction documents, inspection reports, photos, issue records, comments, and audit trail data
- Media Content: Photos captured or uploaded for reports and issues, image annotations, digital signatures
- Communication Data: Comments on issues, notification preferences
- Support Information: Help requests, feedback, and correspondence
2.2 Information Collected Automatically
When you use our Service, we automatically collect:
- Usage Data: Pages visited, features used, time spent, interaction patterns
- Device Information: IP address, browser type, operating system, device identifiers
- Log Data: Access times, error logs, performance metrics
- Location Data: Precise GPS coordinates when you explicitly use the GPS capture feature for reports and issues on construction sites. Location data is only captured when you initiate it — we do not track your location in the background
- Push Notification Tokens: Firebase device tokens for delivering push notifications to your mobile device, stored while you are logged in and removed when you log out
2.3 Cookies and Tracking Technologies
Web Application: We use httpOnly cookies for secure authentication (access and refresh tokens). These are essential cookies required for the Service to function and cannot be disabled. We do not use third-party advertising or tracking cookies.
Mobile Application: The mobile app uses encrypted device storage (iOS Keychain and Android EncryptedSharedPreferences) for authentication tokens instead of cookies.
3. How We Use Your Information
We use your information to:
- Provide Services: Deliver construction management tools including inspection reports, issue tracking, approval workflows, and PDF generation
- Account Management: Create and maintain your account, authenticate access using secure tokens
- Collaboration: Enable team communication, project sharing, and approval workflows
- Data Storage: Store and organise your construction documents, photos, and project data
- Notifications: Send in-app notifications, email alerts, and push notifications for report approvals, issue updates, and team activity
- Support: Respond to inquiries and provide technical assistance
- Improvement: Analyse usage to enhance features and performance
- Communication: Send service updates, security alerts, and important notices
- Legal Compliance: Meet legal obligations and protect our rights
4. Information Sharing and Disclosure
4.1 With Your Consent
We share information when you explicitly authorise us to do so, such as when collaborating with team members on construction projects or sharing reports with project stakeholders.
4.2 Service Providers
We use the following trusted third-party service providers to deliver our Service:
- Amazon Web Services (AWS) — Cloud infrastructure and file storage (S3). Data stored in the Sydney, Australia region (ap-southeast-2)
- Firebase (Google Cloud) — Push notification delivery via Firebase Cloud Messaging. Device tokens and message metadata processed by Google
- Resend — Transactional email delivery for notifications, password resets, and account communications
- MongoDB — Database hosting for application data
These providers are contractually obligated to protect your information and may only use it to provide services to us.
4.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
4.4 Legal Requirements
We may disclose information when required by law or to:
- Comply with legal processes or government requests
- Protect our rights, property, or safety
- Investigate potential violations of our Terms of Service
- Prevent fraud or security threats
5. Data Security
We implement comprehensive security measures to protect your information, including:
- Encryption: Data encrypted in transit (HTTPS/TLS) and authentication tokens encrypted at rest
- Secure Authentication: httpOnly cookies with SameSite protection on web, encrypted device storage on mobile, short-lived JWT access tokens (15 minutes) with secure refresh token rotation
- Access Controls: Role-based permissions across organisations, projects, and templates
- Secure File Handling: Files uploaded via time-limited presigned URLs directly to encrypted storage — files never pass through our application servers
- Monitoring: Server monitoring and error logging
- Soft Deletes: Critical data is soft-deleted (recoverable) rather than permanently removed
However, no online service can guarantee absolute security. We encourage you to use strong passwords and keep your account credentials confidential.
6. Data Retention
We retain your information for as long as necessary to provide our services and comply with legal obligations. Specifically:
- Account Data: Retained while your account is active, plus 30 days after a deletion request to allow for recovery. You may also request deletion of specific data (e.g. individual projects or documents) without deleting your entire account
- Project Content: Retained according to project settings and while the parent organisation is active
- Communication Data: Retained as necessary for operational purposes
- Log Data: Retained for up to 24 months for debugging, security, and compliance purposes
- Notifications: Automatically deleted after 90 days
When you delete your account, we will delete or anonymise your personal information within a reasonable timeframe, subject to legal retention requirements. Reports and audit trail entries created during your membership may be retained in anonymised form where required for building compliance or contractual obligations.
For full details on how to request account or data deletion, visit our Delete Your Account page.
7. Your Privacy Rights
You have the right to:
- Access: Request a copy of your personal information
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your personal information
- Portability: Export your data in a portable format (PDF reports are available for download)
- Restriction: Limit how we process your information
- Objection: Object to certain processing activities
To exercise these rights, please contact us at privacy@pasco.cloud. We will respond to your request within 30 days.
8. International Data Transfers
Our primary infrastructure is hosted in Australia (AWS Sydney region). Your information may also be processed by our third-party service providers in other countries (including the United States for Firebase and Resend services). We ensure appropriate safeguards are in place to protect your information during such transfers, including using standard contractual clauses and ensuring adequate levels of data protection.
9. Children's Privacy
Our Service is intended for business and professional use in the construction industry and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information promptly.
10. Third-Party Links and Services
Our Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those external sites or services. We encourage you to review their privacy policies before providing any information.
11. Updates to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending email notifications to registered users
- Displaying prominent notices within the Service
Your continued use of the Service after such changes constitutes acceptance of the updated policy.
12. Australian Privacy Rights
As an Australian company, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You have the right to:
- Access your personal information held by us
- Request correction of inaccurate information
- Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached your privacy
13. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the rights listed in Section 7 above. Our legal basis for processing your information includes:
- Contract Performance: To provide our services to you
- Legitimate Interests: To improve and secure our services
- Consent: Where you have provided explicit consent
- Legal Compliance: To comply with applicable laws
14. Governing Law
This Privacy Policy is governed by the laws of Queensland, Australia.
15. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy Enquiries: privacy@pasco.cloud
Legal Enquiries: legal@pasco.cloud
Data Protection Officer: dpo@pasco.cloud
Address: Gold Coast, QLD, Australia
Beta Testing Privacy Notice
During our beta testing phase, we may collect additional usage data and feedback to improve our services. All beta testing data is subject to the same privacy protections outlined in this policy. We may contact beta users for feedback and feature testing opportunities.