RILLA ShieldRILLA ShieldBack to home
LEGAL

Privacy Notice

Last updated: 14 June 2026

1. Who We Are

Rilla Shield ("we", "us", or "our") is the data controller for the personal information collected through our website and services. We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

If you have questions about this Privacy Notice or how we handle your data, contact us at legal@rillashield.com.au.

2. What Personal Data We Collect

We collect the following categories of personal data:

  • Identity & contact: name, email address, phone number, business name, ABN
  • Account: login credentials, subscription plan, billing history
  • Usage & telemetry: scan history, feature usage, error logs, device type, browser, IP address
  • User content: invoices, emails, photos, and other files you upload for analysis
  • Support: messages, chat transcripts, and communication records

3. How We Use Your Data

We use your personal data for the following purposes:

  • Contract performance: to provide, maintain, and improve the Service; to process your scans and generate reports
  • Legitimate interests: to ensure security, prevent fraud, analyse product usage, and improve features
  • Consent: for marketing communications (you can withdraw consent at any time)
  • Legal obligation: to comply with applicable laws, regulations, and court orders

4. Data Sharing & Recipients

We share personal data with the following categories of recipients:

  • Service providers: hosting, cloud storage, analytics, email delivery, and customer support tooling
  • Merchant of Record (Paddle): for payment processing, subscription management, tax compliance, and invoicing. Paddle acts as an independent controller for its own processing. See Paddle's Privacy Policy
  • Professional advisers: legal, accounting, and insurance providers where necessary
  • Authorities: where required by law, regulation, or court order

We do not sell your personal data to third parties for marketing purposes.

5. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfil the purposes outlined in this notice. Specifically:

  • Account data is retained while your account is active
  • Uploaded files (invoices, photos) are retained until you delete them or close your account
  • Billing records are retained for 7 years to meet Australian tax obligations
  • Usage logs are retained for 12 months, then anonymised or deleted

When data is no longer needed, we securely delete or anonymise it.

6. Your Rights

Under the Privacy Act 1988 (Cth), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your personal data (subject to legal retention requirements)
  • Complain about a breach of the Australian Privacy Principles

To exercise these rights, contact us at legal@rillashield.com.au. We will respond within 30 days. If you are unsatisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC).

7. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • TLS 1.3 encryption for data in transit
  • Encryption at rest for stored files and databases
  • Access controls and role-based permissions
  • Regular security assessments and monitoring

While we take security seriously, no system is completely impenetrable. You are responsible for maintaining the confidentiality of your account credentials.

8. Cookies & Tracking

We use cookies and similar technologies to operate the Service, remember your preferences, and analyse usage. The types of cookies we use are:

  • Essential: required for the Service to function (e.g. session, authentication)
  • Analytics: helps us understand how visitors interact with the site (e.g. page views, feature usage)

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

9. International Data Transfers

Our primary infrastructure is hosted in Australia. Some service providers we use may process data in other countries (including the United States). Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses or compliance with recognised privacy frameworks.

10. Changes to This Notice

We may update this Privacy Notice from time to time. Material changes will be notified via email or through the Service. The "Last updated" date at the top of this page reflects the most recent revision.