← Back to Phoenix Suite

Privacy Policy

Phoenix Suite ("we", "us", "our") is committed to protecting the privacy of our customers and their end users. This Privacy Policy explains how we collect, use, store, and disclose personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Who We Are

Phoenix Suite is a software-as-a-service platform that helps gyms, martial arts schools, and fitness studios manage their businesses. This Privacy Policy applies to:

• Visitors to our marketing website at phoenixsuite.com.au
• Customers who subscribe to Phoenix Suite (organisation administrators and staff)
• End users (students, members) whose data is stored by our customers on the platform

2. Information We Collect

2.1 From Organisation Customers

When you register an organisation account, we collect:

• Name, email address, and phone number
• Organisation name, address, ABN, and business details
• Billing information (payment details are processed by Stripe and not stored on our servers)
• Usage data: login times, features used, pages visited

2.2 From End Users (Students)

Our customers use Phoenix Suite to store information about their students. This may include:

• Contact details (name, email, phone, address)
• Date of birth and emergency contacts
• Medical information relevant to safe participation
• Attendance records, training history, and belt/rank progression
• Payment history and subscription details
• Signed contracts, forms, and uploaded documents
• Body measurements and fitness assessments
• Photographs uploaded by the organisation

Important: When your data is stored in Phoenix Suite by a gym or dojo you attend, that organisation is the data controller. We process the data on their behalf. Contact that organisation directly for any requests regarding your data.

2.3 Automatically Collected

When you use our platform, we automatically collect:

• IP address and device information
• Browser type and version
• Pages visited and actions taken
• Cookies for authentication and session management

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Phoenix Suite platform
• Process payments and manage subscriptions
• Send service communications (transactional emails, security alerts, billing)
• Respond to support requests and inquiries
• Send marketing communications (only with consent, opt-out anytime)
• Detect and prevent fraud, abuse, and security breaches
• Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We share it only with:

• Stripe — for payment processing (PCI-DSS compliant)
• SMTP2GO — for transactional and marketing emails (if you use email features)
• Twilio — for SMS messaging (if you use SMS features)
• Xero, MYOB, QuickBooks — only if you explicitly connect your accounting software
• Neon — our database provider (data hosted in Australia/Asia-Pacific region)
• Render, Cloudflare — hosting and content delivery
• Law enforcement — only if legally required

5. Data Storage and Security

Your data is stored in managed cloud infrastructure in Australia/Asia-Pacific (Singapore region). We implement industry-standard security measures including:

• TLS/SSL encryption for all data in transit
• Encrypted database storage at rest
• bcrypt password hashing (no plaintext passwords ever stored)
• Multi-factor authentication for admin access
• Regular security audits and vulnerability scans
• Complete data isolation between customer organisations (multi-tenant architecture)

6. Data Retention

We retain your data for as long as your account is active, plus:

• 90 days after cancellation for data export and recovery
• 7 years for billing and tax records (as required by Australian law)
• Longer where required for legal compliance or dispute resolution

You may request earlier deletion of non-essential data at any time.

7. Your Rights Under Australian Privacy Law

You have the right to:

• Access the personal information we hold about you
• Correct information that is inaccurate or outdated
• Delete your information (subject to legal retention requirements)
• Export your data in a machine-readable format
• Opt out of marketing communications at any time
• Complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

8. Cookies

We use cookies for:

• Essential — authentication, session management, security (always on)
• Analytics — understanding how the platform is used (anonymised)

We do not use third-party advertising cookies.

9. Children's Privacy

Phoenix Suite is not directly accessed by children under 16 as end users. Where our customers (gyms and dojos) enrol minors, parental consent is obtained by the organisation, and parent/guardian details are collected in accordance with Australian privacy law.

10. International Transfers

Primary data storage is in the Asia-Pacific region. Some processors (Stripe, SMTP2GO) may process data in other jurisdictions. All processors are contractually bound to meet privacy standards equivalent to Australian requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to organisation administrators at least 30 days before taking effect. The "Last updated" date at the top of this page reflects the most recent version.

12. Contact Us

For privacy-related inquiries, data access requests, or complaints:

Email: privacy@phoenixsuite.com.au
Post: Phoenix Suite, Melbourne, Australia
OAIC: If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au or by calling 1300 363 992.