Privacy Policy

Effective Date: 1 January 2026

Last Updated: 20 April 2026

1. Introduction

UpSync Pty Ltd (“UpSync”, “we”, “our” or “us”) provides middleware integration services designed to connect one or more supported Uptick instances or other approved external systems.

This Privacy Policy explains how we collect, use, disclose, process and protect personal information and other data when you:

  • visit our website;
  • contact us;
  • use our services; or
  • interact with an UpSync connection, onboarding flow, approval process or related support process.

Privacy and security are important to our service design. UpSync is not intended to operate as a long-term storage facility or independent system of record for customer payload data.

2. Nature of Our Service

UpSync acts as a middleware provider. Our service is designed to process data between approved systems in accordance with customer-approved configuration.

UpSync may temporarily process payload data in transit and may temporarily store, queue, cache, log, trace, back up or otherwise process limited data where reasonably necessary to:

  • operate, secure and support the service;
  • troubleshoot, audit or improve the service;
  • perform onboarding or other professional services; or
  • comply with law.

Except to that limited extent, UpSync is not intended to retain full customer payload data as a long-term archive or independent system of record.

3. Information We Collect and Process

Depending on how you interact with UpSync, we may collect or process the following categories of information.

A. Website and Enquiry Data

If you visit our website or submit an enquiry, we may collect:

  • your name;
  • business name;
  • email address;
  • phone number;
  • message content; and
  • basic website usage information such as browser type, referring pages and pages visited.

B. Connection and Onboarding Data

To establish, configure and support a connection, we may collect or process:

  • customer details and business contact details;
  • authorised contact and approval details;
  • environment details and system identifiers;
  • connection settings and approved directions;
  • mapping inputs, defaults, filters, exclusions and other configuration records;
  • onboarding records, support records and implementation notes; and
  • approval records relating to Authorised Data Sources or counterparties.

C. Credentials and Authentication Data

We may process and securely store credentials, API keys, tokens, webhooks or similar access details where reasonably necessary to keep approved endpoints connected and to operate the service.

D. Operational and Security Data

To support service reliability, security and troubleshooting, we may collect or generate:

  • timestamps of API calls and events;
  • system and audit logs;
  • sync histories and technical traces;
  • status codes and error messages;
  • performance metrics such as latency or bandwidth usage; and
  • IP addresses or related technical request data.

E. Payload and Integration Data

We may transiently process payload data passing between connected systems. This may include business, property, task, asset, service, quote, billing, note, attachment or other operational data, depending on the approved connection settings.

4. How We Use Information

We may use information we collect or process to:

  • provide, operate, secure and support the service;
  • establish and maintain approved connections;
  • configure mappings, directions, rules and related settings;
  • perform onboarding, implementation and other professional services;
  • troubleshoot service issues and investigate incidents;
  • improve service performance, reliability and security;
  • communicate with customers and authorised contacts;
  • comply with legal and regulatory requirements; and
  • enforce our contractual and legal rights.

We do not sell personal information or customer data.

5. Authorised Data Sources and Customer Responsibility

Where our service connects to third-party systems, counterparties or other approved external systems, the customer is responsible for obtaining the approvals, permissions, notices and lawful bases required for those connections and related data flows.

UpSync may rely on:

  • customer instructions;
  • approved configuration settings;
  • approval records; and
  • related onboarding or connection records,

in providing the service, without independently verifying each approval, authority or lawful basis for every individual field, item, attachment, update or record.

6. Limited Retention and Operational Records

UpSync does not intend to retain full customer payload data as a long-term archive or independent system of record.

However, we may temporarily store, queue, cache, log, trace, back up or otherwise process limited data where reasonably necessary to:

  • operate, secure, support, troubleshoot, audit or improve the service;
  • perform onboarding or other professional services; or
  • comply with law.

We may retain administrative and operational records, including:

  • encrypted credentials and tokens;
  • support records;
  • approval and connection records;
  • configuration history;
  • audit and security records; and
  • website and enquiry records.

We retain information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

7. Sharing of Information

We do not sell, rent or trade personal information or customer data.

We may disclose information only in limited circumstances, including:

  • to connected systems and endpoints you have authorised us to connect;
  • to trusted infrastructure, hosting, security, analytics, support or other service providers who assist us in operating the service;
  • to professional advisers, insurers or auditors where reasonably necessary;
  • where required by law, court order or regulatory requirement; or
  • where reasonably necessary to protect the security, integrity or lawful operation of the service.

8. Hosting, Infrastructure and Cross-Border Processing

UpSync uses trusted service providers and infrastructure to host and operate the service.

Our service may be hosted primarily in Australia. However, some administrative, operational, support, security or infrastructure-related processing may occur in other jurisdictions where our service providers or infrastructure providers operate, subject to applicable law.

By using the service, you acknowledge that limited information may be processed by such providers as reasonably necessary to operate, secure and support the service.

9. Security

We implement reasonable technical and organisational measures designed to protect the information we process.

These measures may include:

  • encryption in transit;
  • secure hosting environments;
  • access controls and least-privilege practices;
  • multi-factor authentication for internal access where appropriate;
  • monitoring, logging and security review processes; and
  • contractual protections with service providers where appropriate.

No method of transmission, storage or processing is completely secure, and we cannot guarantee absolute security.

10. Cookies and Website Technologies

Our website may use cookies or similar technologies for basic functionality, security, analytics and performance purposes.

You may be able to manage cookie settings through your browser, although some website functions may not work properly if cookies are disabled.

11. Privacy Rights

Depending on your location and the applicable law, you may have rights relating to personal information we hold about you, including rights of access, correction or deletion.

Because UpSync generally does not retain customer payload data as a long-term store, in many cases our retained information may be limited to contact details, administrative records, operational logs, approval records and similar support or connection data.

If you believe we hold personal information about you and wish to make a request, please contact us using the details below.

12. Third-Party Systems

Our service depends on third-party systems, APIs and infrastructure, including approved external systems connected by customers.

This Privacy Policy applies to UpSync’s handling of information. It does not govern the privacy practices of third-party systems, counterparties, source-system operators or other external platforms.

13. Relationship to Other Documents

This Privacy Policy should be read together with our Terms of Service and any applicable Data Policy.

If a customer has entered into a separate written Subscription and Services Agreement with UpSync, that agreement will govern service-specific processing, retention, connection configuration and commercial matters to the extent of any inconsistency with this Privacy Policy.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our service, technology, data handling practices or legal obligations.

If we make a material change, we will publish the updated version on our website and update the “Effective Date” or “Last Updated” date above.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact:

UpSync Pty Ltd
Email: hello@upsync.app
Location: Melbourne, Victoria, Australia

Back to home