Privacy Policy

SMASH Invoices ("SMASH", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our voice-to-invoice platform, website, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Account Information

When you sign up for SMASH, we collect your name, email address, phone number, business name, ABN (Australian Business Number), and trade or industry type.

Voice and Invoice Data

When you use our voice-to-invoice feature, we process your voice recordings to generate invoices. Voice recordings are temporarily processed to extract invoice details (customer name, job description, amounts) and are not stored permanently after processing is complete. Generated invoices, quotes, and related business documents are stored securely on your behalf.

Customer Data

Through the invoices you create, we store information about your customers including their names, email addresses, phone numbers, and business addresses. This data is stored solely to enable invoicing and CRM functionality within the Service.

Usage Data

We automatically collect information about how you interact with the Service, including device type, browser type, IP address, pages visited, and features used. This helps us improve the Service and troubleshoot issues.

Payment Information

Payment processing is handled by third-party providers. We do not store full credit card numbers or bank account details on our servers. We may store partial payment references (last 4 digits, transaction IDs) for record-keeping.

We use the information we collect to:

• --Provide, operate, and maintain the Service
• --Process voice recordings into invoices and quotes
• --Send invoices and payment reminders to your customers on your behalf
• --Improve and personalise your experience, including AI accuracy over time
• --Communicate with you about your account, updates, and support requests
• --Process payments and manage billing
• --Detect, prevent, and address fraud or technical issues
• --Comply with legal obligations and enforce our terms

We do not sell your personal information or business data to third parties. We may share information in the following limited circumstances:

• --Service Providers: We use trusted third-party services for hosting, payment processing, email delivery, and analytics. These providers only access data necessary to perform their functions and are bound by confidentiality obligations.
• --Accounting Integrations: If you connect SMASH to Xero, QuickBooks, or other accounting software, invoice data is shared with those platforms as directed by you.
• --Legal Requirements: We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of SMASH, our users, or the public.
• --Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We implement industry-standard security measures to protect your data, including:

• --Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• --Secure cloud infrastructure with regular security audits
• --Access controls limiting data access to authorised personnel only
• --Regular backups and disaster recovery procedures

While we take all reasonable steps to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

We retain your account information and business data for as long as your account is active or as needed to provide the Service. Invoice and financial records are retained for a minimum of 7 years to comply with Australian tax and record-keeping requirements.

Voice recordings used for invoice generation are processed in real-time and are not retained after the invoice has been created, unless you explicitly opt in to storing recordings for quality improvement purposes.

If you close your account, we will delete or anonymise your personal data within 90 days, except where retention is required by law.

Under Australian Privacy Principles (APPs) and applicable data protection laws, you have the right to:

• --Access the personal information we hold about you
• --Request correction of inaccurate or incomplete information
• --Request deletion of your personal data (subject to legal retention requirements)
• --Withdraw consent for optional data processing (such as marketing communications)
• --Export your invoice and customer data in a standard format
• --Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise any of these rights, contact us at privacy@smashinvoices.com.

We use essential cookies to maintain your session and preferences. We may also use analytics cookies to understand how the Service is used and to improve performance. You can control cookie preferences through your browser settings.

We do not use third-party advertising trackers or sell data to ad networks.

The Service may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: