Legal

Privacy Policy

Last updated: 4 May 2026

This Privacy Policy explains how Sky Enterprises Australia ("we", "us", "our") collects, uses, stores, and discloses personal information when you use Frostbyte ("Service"). It is intended to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using the Service, you acknowledge you have read and understood this policy.

1. Introduction and Scope

This policy applies to all personal information we collect through the Frostbyte web application and related services. "Personal information" means any information that identifies you or could reasonably identify you, consistent with the definition under the Privacy Act 1988 (Cth).

We operate globally. Where users are located in the European Union or United Kingdom, additional rights under the UK/EU GDPR may apply. Where users are located in California, USA, rights under the CCPA may apply. We aim to meet the most protective applicable standard across our user base.

2. Data We Collect

Account data

  • Name, email address, and password (stored as a bcrypt hash — we never store your raw password)
  • Profile picture (if uploaded)
  • OAuth identifiers if you sign in via GitHub or Google

Usage data

  • Pages visited, features used, actions taken within the Service, and session duration
  • Activity logs within projects (task creation, edits, status changes)

Content data

  • Projects, tasks, areas, releases, and other content you create within the Service
  • Files you upload (profile pictures, attachments)
  • Content submitted via public bug reporter and feedback panels, including the bug or feedback description and any optional username or email address you choose to provide

Device and technical data

  • IP address, browser type and version, operating system, device identifiers
  • Session cookies and similar identifiers
  • Analytics and attribution events collected through DataFast, such as page views, referrers, campaign parameters, approximate location, device/browser information, and conversion or revenue attribution where configured
  • Session recordings collected through PostHog, including mouse movements, clicks, scrolls, and page interactions during your use of the Service

Communications

  • Messages you send to us via support email
  • Feedback and enquiries

Payment data

  • Subscription plan and billing history
  • Payment method details are handled directly by Stripe — we do not store full card numbers or sensitive payment credentials on our servers

3. How We Use Your Data

We use personal information for the following purposes:

  • Providing the Service — account management, authentication, and delivering the features you use
  • Processing payments — managing Subscriptions, billing, and payment history via Stripe
  • Transactional emails — account verification, password resets, billing receipts, and service notifications
  • Lifecycle and marketing emails — onboarding sequences and product updates (you may opt out at any time)
  • Security and fraud prevention — detecting and preventing abuse, unauthorised access, and policy violations
  • Product improvement — understanding how users interact with the Service to improve features and fix bugs
  • Legal compliance — meeting our obligations under applicable laws, including responding to lawful requests

We only use your data for the purpose for which it was collected, or a directly related purpose you would reasonably expect (APP 6).

4. Third-Party Services

We share data with the following third-party services to operate the Service. Each has its own privacy policy.

Stripe — Used for payment processing and subscription management. Data shared: billing details, email address, subscription status. Privacy policy: stripe.com/privacy

GitHub (OAuth) — Used for optional sign-in via GitHub. Data shared: your GitHub profile information as permitted by your GitHub account settings. Privacy policy: docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement

Google (OAuth) — Used for optional sign-in via Google. Data shared: your Google profile information (name, email) as permitted by your Google account settings. Privacy policy: policies.google.com/privacy

Zoho Mail — Used to send transactional and lifecycle emails (account verification, password resets, billing receipts, onboarding). Data shared: your email address and the content of communications. Privacy policy: zoho.com/privacy.html

Heroku (Salesforce) — Used for application hosting and infrastructure. Your data is processed on Heroku servers located in the United States. Privacy policy: salesforce.com/company/privacy

MongoDB Atlas — Used as our database provider for application data storage. Privacy policy: mongodb.com/legal/privacy-policy

DataFast — Used for website analytics, attribution, and product usage insights. Data processed may include page views, referrers, campaign parameters, IP address, device/browser information, and conversion or revenue attribution where configured. Privacy policy: datafa.st/privacy-policy

PostHog — Used for product analytics and session recording. Data processed may include page views, feature interactions, mouse movements, clicks, scrolls, and session replays. Session recordings may capture on-screen activity during your use of the Service. We use this to understand how users interact with the product and identify areas for improvement. Privacy policy: posthog.com/privacy

PDF exports are generated within Frostbyte's own application environment. We do not send project data to a separate external PDF generation service.

We do not sell your personal information to third parties.

5. Data Retention

  • Account data — Retained while your Account is active. When your Account is deleted, your account data is permanently deleted and cannot be recovered.
  • Content data — Retained while your Account is active. When your Account is deleted, your projects, tasks, areas, releases, and other account content are permanently deleted and cannot be recovered.
  • Payment records — Retained for 7 years as required by Australian financial record-keeping obligations.
  • Usage and technical logs — Retained for operational and security purposes, generally for up to 90 days, then deleted.
  • Backups — Backup copies may persist for up to 30 days on a rolling basis before overwrite.

You may request deletion of your Account and personal information at any time (see Section 8). Once deletion is completed, your deleted Account data and Content are gone and cannot be restored. Where we are required by law to retain certain records, such as payment records, we retain only the minimum information required for the required period.

6. International Data Transfers

We are based in South Australia, Australia. Your data may be transferred to and processed in countries other than Australia, including the United States, where our hosting provider (Heroku) and other third-party services operate.

We take reasonable steps to ensure that overseas recipients handle your personal information in a manner consistent with the Australian Privacy Principles (APP 8). By using the Service, you consent to this transfer.

If you are located in the EU/UK, we rely on the following transfer mechanisms where applicable: Standard Contractual Clauses (SCCs) where available, or transfers to recipients in countries with adequate data protection frameworks. Please contact us at support@getfrostbyte.dev if you require further information.

7. Security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure (APP 11). Our measures include:

  • Encryption in transit via HTTPS/TLS for all Service communications
  • Passwords stored as bcrypt hashes — we never store raw passwords
  • Access controls limiting who within our organisation can access personal data
  • Session-based authentication with secure, signed cookies

No system is 100% secure. In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme.

8. Your Rights

You have the following rights regarding your personal information:

  • Access — Request a copy of the personal information we hold about you (APP 12). We will respond within 30 days.
  • Correction — Request that we correct inaccurate or incomplete information (APP 13).
  • Deletion — Request deletion of your personal information. We will comply unless we are required by law to retain it.
  • Data portability — Request your data in a structured, commonly used format where technically practicable.
  • Opt out of marketing — Unsubscribe from marketing communications at any time using the link in any email, or by contacting us.
  • Withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

EU/UK users: You also have the right to object to processing, restrict processing, and lodge a complaint with your local supervisory authority.

California users: You have rights under the CCPA including the right to know, right to delete, and right to opt out of sale (we do not sell personal information).

To exercise any of these rights, contact us at support@getfrostbyte.dev. We will respond within 30 days.

9. Cookies and Tracking

We use cookies and similar technologies to operate the Service:

  • Session cookies — Required to keep you logged in. These are essential and cannot be disabled without breaking the Service.
  • Functional cookies — Used to remember your preferences and settings.
  • Analytics and attribution — We use DataFast to understand website traffic, product usage, referrers, campaigns, and conversion attribution. DataFast may process technical and usage information such as IP address, page views, referrers, campaign parameters, and device/browser information. We do not use DataFast to sell personal information.
  • Session recording — We use PostHog to record user sessions within the Service. Recordings may capture mouse movements, clicks, scrolls, and on-screen interactions. This data is used solely for product improvement purposes. We do not use PostHog to sell personal information. You may contact us at support@getfrostbyte.dev to request that your session recordings be deleted.

You can manage cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly.

10. Children's Privacy

The Service is only available to users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a person under 18, please contact us at support@getfrostbyte.dev and we will delete it promptly.

By using the Service, you confirm that you are at least 18 years old.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Post the updated policy on our website with a new "Last Updated" date
  • Notify you via email or in-app notice for material changes

Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact and Privacy Requests

For privacy enquiries, data access or deletion requests, or complaints about how we handle your personal information:

Sky Enterprises Australia Email: support@getfrostbyte.dev

We will investigate and respond within 30 days.

Australian users: If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au/privacy/privacy-complaints.

EU/UK users: You may also lodge a complaint with your local data protection supervisory authority.

Questions about this policy?

We can clarify how Frostbyte handles privacy requests, account data, and support enquiries.

Back to Frostbyte Contact