Australian Privacy Notice

1. About this notice

Three Chapters Ltd is the controller of your personal information for the purposes of Australian privacy law. We are a UK-registered company that provides services to Australian residents and we are committed to handling your personal information in accordance with the Australian Privacy Principles (APPs) set out in Schedule 1 of the Privacy Act 1988 (Cth).

This notice describes how we manage personal information throughout its lifecycle — from collection through to use, disclosure, storage, and deletion — and explains the rights available to you as an Australian resident.

2. Personal information we collect

In accordance with APP 3, we only collect personal information that is reasonably necessary for our functions and activities. The categories of personal information we collect include:

• Identifiers — Name, email address, IP address, account identifier.
• Commercial information — Subscription records, invoices, transaction history.
• Internet and network activity — Session logs, page views, in-app activity.
• Professional information — Business name, address, and other business details you provide.
• Aggregated usage data — Anonymised product usage analysis. We do not build individual profiles for advertising purposes.

We do not collect sensitive information (as defined in section 6 of the Privacy Act) such as health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or biometric data.

3. How we collect your information

In accordance with APP 3.5, we collect personal information directly from you wherever it is reasonable and practicable to do so. Direct collection occurs when you:

• Create and use a Three Chapters account
• Contact our support team
• Submit a booking form (as a couple)
• Interact with the client portal (as a couple)

We also collect limited technical data automatically through your use of our website and applications. This includes browser type, operating system, IP address, and general usage patterns. This automatic collection is necessary for the secure operation of our service and is disclosed to you at or before the time of collection through this notice and our Privacy Policy.

4. How we use your information

In accordance with APP 6, we only use or disclose personal information for the primary purpose for which it was collected, or for a related secondary purpose that you would reasonably expect. Our purposes include:

• Providing and maintaining the Three Chapters service
• Processing payments and subscriptions
• Sending transactional communications (confirmations, reminders, invoices)
• Responding to support requests
• Improving and developing our product
• Ensuring security and preventing fraud
• Complying with legal obligations

We do not use your personal information for direct marketing without your consent, and we do not sell your personal information to any third party. For a detailed explanation of each purpose, see sections 3 and 4 of our Privacy Policy.

5. Overseas disclosure of personal information

In accordance with APP 8, we inform you that your personal information may be disclosed to overseas recipients. We take reasonable steps to ensure that overseas recipients handle your personal information in a manner consistent with the APPs.

Our data is primarily stored and processed in the following locations:

• Germany (EU) — Supabase — database, authentication, and file storage. Data is hosted in Frankfurt, Germany.
• United States — Resend (transactional email), Stripe (payment processing), and Anthropic (AI-assisted text generation, when you use this feature).
• Global — Cloudflare — website hosting and content delivery via a global edge network.

We have contractual safeguards in place with each sub-processor, including Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) where applicable. We take reasonable steps under APP 8.1 to ensure that these overseas recipients do not breach the APPs in relation to your personal information.

A full list of sub-processors with DPA links is available in section 9 of our Privacy Policy.

6. Your rights

As an Australian resident, you have the following rights under the Privacy Act:

• Access (APP 12) — You have the right to request access to the personal information we hold about you. We will respond to access requests within 30 days. There is no charge for making a request, though we may charge a reasonable fee for providing access if the request requires significant effort to fulfil.
• Correction (APP 13) — You have the right to request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond to correction requests within 30 days.
• Complaint (APP 1) — You have the right to complain about how we have handled your personal information. We will acknowledge your complaint within 7 days and provide a substantive response within 30 days.
• Anonymity and pseudonymity (APP 2) — You have the right to deal with us anonymously or under a pseudonym where practicable. However, please note that an account with a valid email address is required to use the Three Chapters service, so full anonymity is not possible for registered users. We minimise the personal information we collect to what is reasonably necessary.

7. Notifiable Data Breaches

We comply with the Notifiable Data Breaches (NDB) scheme established under Part IIIC of the Privacy Act 1988. In the event of an eligible data breach — one that is likely to result in serious harm to any individual whose personal information is involved — we will:

• Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
• Notify affected individuals as soon as practicable, including a description of the breach, the kinds of information involved, and recommended steps for individuals to take
• Take reasonable steps to contain the breach and mitigate any resulting harm

8. Data retention and deletion

We retain your personal information only for as long as is reasonably necessary for the purposes for which it was collected, or as required by law.

• Account deletion — You may request deletion of your account at any time. Upon request, we apply a 30-day grace period during which your data can be recovered. After this period, your personal information is permanently and irreversibly deleted from our systems.
• Financial records — Transaction records, invoices, and related financial data are retained for 7 years in accordance with applicable tax law requirements, even after account deletion.
• Anonymised data — Aggregated, anonymised data that cannot identify you may be retained indefinitely for product improvement purposes.

9. Complaints

If you believe we have breached the APPs or otherwise mishandled your personal information, you may lodge a complaint with us directly. Our internal complaint process is as follows:

• Email privacy@threechapters.app with the subject line “Australian Privacy Complaint”
• We will acknowledge your complaint within 7 days
• We will investigate and provide a substantive response within 30 days

If you are not satisfied with our response, you have the right to escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

10. Contact us

If you have questions about this Australian Privacy Notice or wish to exercise any of your rights, please contact us:

For information about how we handle data under other privacy laws (including UK GDPR and EU GDPR), please see our full Privacy Policy.